Hello, I am intending to password protect a section of my website using .htaccess/.htpasswd files. I have done this previously with a different ISP placing the .htpasswd file below the root directory. The advice I was given at the time was "For security, you should not upload the htpasswd file to a directory that is web accessible (yoursite.com/.htpasswd), it should be placed above your www root directory." I was able to do this, though I cannot recall quite how. It seems logical for security to keep the password file out of harms way but I have not found any comment on this issue in the forum. Are my concerns misplaced? How would I go about placing a file below my root directory? Regards Stefan
Password protecting folders is explained in the Community Support Library article How to password protect your website. On Homepages the web root folder is /htdocs and / is physically above that. On CCGI the web root is / and no locations available to the user are above it. In either case Order, Allow and Deny directives can be used to control web access to a particular folder.