Password-protecting a web page

Summarized from http://httpd.apache.org/docs-2.0/howto/auth.html

1. Let's say you want this situation:
   

   public-web/Index.html	My default page, world-readable
   public-web/public/	World-readable subdirectory
   public-web/private/	Password-protected subdirectory

2. You need a "password file" in a place that Apache can read it, but will not serve it up to web clients. That means it can not be under ~/public-web. Your home directory should work.
3. Here I create a new password file, adding a user named fred.
   

   % htpasswd -c ~/.web-password fred Adding password for fred. New password: ****** Re-type new password: ****** % ls -l ~/.web-password -rw-r--r-- 1 cromwell cromwell 19 Jan 29 14:58 /home/cromwell/.web-password

   Note that you do NOT see the "****" above, I added that to indicate where I typed fredpw (which is a rather bad password!).
4. Now, similar to /etc/shadow, the password file does NOT contain the password, but the hash of the password:
   

   % cat ~/.web-password fred:ds8BPFUd2MZDw

5. To password-protect my directory ~/public-web/private/ I just do this:
   

   % cd ~/public-web/private % cat > .htaccess AuthType Basic AuthName "Restricted Files" AuthUserFile /home/rvl4/b/cromwell/.web-password Require user fred ^D

6. That's it for the basic stuff! For far more, like adding more users, making groups of users, allowing or disallowing access from specific IP address blocks or domains, etc see http://httpd.apache.org/docs-2.0/howto/auth.html