cancel
Showing results for 
Search instead for 
Did you mean: 

.htpasswd file location

domek
Newbie
Posts: 1
Registered: 17-07-2011

.htpasswd file location

Hello,
I am intending to password protect a section of my website using .htaccess/.htpasswd files. I have done this previously with a different ISP placing the .htpasswd file below the root directory. The advice I was given at the time was "For security, you should not upload the htpasswd file to a directory that is web accessible (yoursite.com/.htpasswd), it should be placed above your www root directory." I was able to do this, though I cannot recall quite how.
It seems logical for security  to keep the password file out of harms way but I have not found any comment on this issue in the forum. Are my concerns misplaced?
How would I go about placing a file below my root directory?
Regards
Stefan
1 REPLY
Superuser
Superuser
Posts: 9,508
Thanks: 861
Fixes: 53
Registered: 06-04-2007

Re: .htpasswd file location

Password protecting folders is explained in the Community Support Library article How to password protect your website.
On Homepages the web root folder is /htdocs and / is physically above that. On CCGI the web root is / and no locations available to the user are above it. In either case Order, Allow and Deny directives can be used to control web access to a particular folder.
David