configuring htaccess restrictions on debian apache2 server

This is a quick guide on how to set up htaccess restrictions on a directory located on a server running apache2 with a debian OS.

First, you will need to update the httpd.conf file, which should be located in the apache2 directory, as follows:

&#60Directory (directory to be protected)&#62
Options Indexes Includes FollowSymLinks Multivews
AllowOverride AuthConfig
Order allow,deny
Allow from all
&#60/Directory&#62

Make sure to take out the "" they are only included so this post displays properly.

Once this update is saved, restart the apache2 server with the following command, or something like it depending on your setup, as follows:

# /(filepath)/init.d/apache2 restart

Now go the directory you want to be password protected and create the .htaccess file, using the following command:

# touch .htaccess

Now edit the .htaccess file, using nano, vi, etc., as follows:

AuthType Basic
AuthName "(Login Prompt)"
AuthUserFile (file containing user/password lookup hash)
Require user (list of users with access, separated by spaces)
--optional Require group (list of groups with access, separated by spaces)

if you use the ls -a command, you should see .htaccess listed as a file, obviously.
now create the password file with the following command

# htpasswd -cm (directory)/(file) (1st user)

this will bring up the following prompts, asking for the 1st password:

enter first password: (1st password)
re-enter first password: (1st password)

At this point, if all files are saved as described above, further outside access via the web will be restricted via a login asking for the 1st user name followed by the 1st password.

To add to the list of users with associated passwords, enter the following command:

# htpasswd -m (file containing user/password lookup hash) (2nd user)

This will bring up the same prompt as before, asking for the 2nd password entered twice.

For clarification, the -c option on the htpasswd command is the create option, so it will create a password file everytime, and the -m option merely encrypts the password, so it's not displayed or read as entered.

although every text contained in "( )" is supplied by the user, the following are the recommended names, provided by the sources used to create this guide, (don't ask for the list, I googled it, using the keywords like htaccess..

password file == .htpasswd
(directory)/(file) == file must be password file, directory should be some location other than directory to be password protected.

These are just the instructions for creating one password protected web directory with a single list of allowed users. Directions on creating groups of password-associated users will be added soon. I would recommend googling keywords htaccess, debian, apache2, security, etc., if the steps listed above aren't resulting in perfect results.