If i have a public directory on Apache with a few public files.
is it possible to add one file and protect it using userid/password or password only.
How can i do this

Is it possible also to upload it to a database table and have a link to it that opens it like a file system. That would require more code though.
Who is Participating?
You can protect the directory and/or specific files in it, on the user and group levels.

Yes, you have to edit the .htaccess file for that folder if one already exists.  You can create an additional password file for each directive if you want, as you specify the password file for each directive.

You would add something like this to the .htaccess file:

<Files secret.html>
order deny,allow
deny from all
AuthUserFile /home/user/.htpasswd
AuthType Basic
require valid-user
satisfy all

You would also need to create the file /home/user/.htpasswd (only an example - you can put it anywhere outside your publicly readable directories)
There are a lot of options for .htaccess. (this also shows how to make a .htpasswd file on the server if you have shell access)

You can restrict access to a file by using an .htaccess file in its directory.  You will need to point it to a password file, best kept in a different, non-public directory. (or an authentication server)
Here is a decent description:

As for uploading an image to a database and retrieving it as a file:  You can do this with MySQL and PHP.
Here is the basic way to it:

sam15Author Commented:
so you can restrict access to a file in a specific directory or create a protected diretory and limit access to it?

Do you have to mess up with the main .htaccess and .paswrd files or you create a second copy and place it in this directory.
sam15Author Commented:
great one last question

can I have one userid/password for ALL users or one userid/password for everyone. Does apache allow you to configure both.
You can make one or many userid/passwords.  The example only requires a "valid-user" which just means they exist in the .htpasswd file.    Another option is to just use one userid, but change the pw now and again and only send the new password to those who should have it currently.  You can't really track who is doing what this way.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.