The hierarchy might be something like this:
- root folder: www, public_html, …
- sub folder : website 1
- sub folder : website 2
- sub folder : website 3
Restrict access to all websites
If you want to prevent users getting access to any of these websites, it’s common sense to place a .htaccess file in your root folder like this one:
AuthType Basic AuthName "Restricted Area" AuthUserFile /path/to/your/encrypted/password/file/.htpasswd Require valid-user
Restrict access to a particular website
If you only want access being blocked to some particular website(s), one way of doing this is to follow these 2 steps.
Change the above file in your root web folder:
AuthType Basic AuthName "Restricted Area" AuthUserFile /path/to/your/encrypted/password/file/.htpasswd
As you’ve seen, we got rid of our last statement. As a consequence, visitors have now access to all our websites. That’s not exactly what we want… Suppose we want to restrict access to our second website. The only thing we have to do is generate a new .htaccess file. This file has to be put in sub folder 2, and there we add the missing statement like this:
How does this work?
When a user wants to navigate to one of our public websites, the .htaccess file in our root folder will be triggered. However, there’s nothing there that explicitly restricts access, so they’ll be able to see the entire website.
Now, if they navigate to our second, secured website (the one we prevented users from gaining access to) the local htaccess file will be triggered, complementing the instructions from our root folder htaccess file.
We can simply copy this local htaccess file to every web folder we want access to be blocked.
Internal Server Error
Ok, this should work out of the box! However, recently I got the following error:
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webmaster@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
What went wrong here?
There was nothing wrong with the above settings. Both the htaccess and the htpasswd file were edited correctly. However, there was a misspelling of the htpasswd file. Be aware that it’s written exactly like this: