14 09 2008

So after I made my music available in my web root, I felt it necessary to password protect it. I don’t want anyone to download my music or stream it or anything like that. No one except me, that is. No illegal activity should be coming from my server I figured. So I thought of the most basic way to do it which was htaccess.

Basically, you create a file called .htaccess with certain parameters. Here’s mine:

AuthType Basic
AuthName "Music"
AuthUserFile /var/.htpasswd
require valid-user

I’m not exactly sure what


is, but


is whatever you wanna call the folder you’re protecting. It doesn’t change the folder name, this is just what shows up in the little login window that pops up when you navigate to this folder.


is where the .htpasswd file is stored. The .htpasswd file specifies which user and password combinations are allowed to access this folder.

require valid-user

just lets it know that any valid user specified within the .htpasswd file is required for access.

In .htpasswd, each individual user should have his own line, and username and password should be seperated by a colon. i.e.


Finally, in your apache settings, specifically if you’re using Ubuntu the file will be located at /etc/apache2/sites-available/default. Find the line

AllowOverride None

and change it to

AllowOverride All