Add Password-Protection
to a Web Subdirectory

Why? You could use this technique to display your membership roster to only those members who know the user name and password. Please note that this is a very rudimentary form of restricting access, so it should not be used for extra sensitive data. This technique can be overcome by a sophisticated computer user, but it would take some time. So it is mostly used to keep out the casual browser. If you want to learn more, you can visit

In this example, you'll learn how to password-protect a directory in your IO Web space so that only Mapper, Digger, and Sport will have access. Note: You don't have to have multiple user names. You may want to assign one user name and password, then let all members know what it is.

To make this work, you will create three small text files that will go into a sub directory of your IO directory that was assigned by the NSS.

Text editors in Windows: Windows usually wants to automatically add a file extension to any files you create. In this case you are creating files that only have a file extension, that is, there is nothing before the dot. If you are using Windows, I recommend that you use Notepad to create the three files. When you save the file, enclose the name in quotes so that Windows will not add a file extension.

Please note: File names on the NSS server are case sensitive. Save yourself problems by using all lower case for file and directory names.

Step 1: Create the directory you wish to password-protect.

Step 2: Create an .htaccess file.

NOTE: The <Require> line is added to make sure that all methods (GET, POST, etc.) are restricted.

Step 3: Create an .htpasswd file.

Step 4: Create an .htgroup file.

Step 5: Place the .htm pages you want to protect in the sub directory.

Does it work?

Try to access the page you protected on your web site. If everything is set up correctly, your browser should prompt you for a username and password. You should not be able to access the page unless you enter one of the user name - password combinations that you entered when creating the .htpasswd file. In our example that would be one of the user names: Mapper, Digger, or Sport and the password you assigned.

Remember, the NSS server is case-sensitive. If you have trouble, check to make sure you're using the correct case.

Make sure you name the three files correctly. They must be named as follows or it won't work.

.htaccess   .htpasswd   .htgroup

Did you upload the files using the "ASCII" (for PC's) or "Text" (for MACs) mode. Some FTPs have an Auto mode that may work also.
If you do not see the three files in your sub directory after you have uploaded them it may be because the server codes these files as hidden. Check your FTP client to see if it can display the names of hidden files. Most do.

Last revised: November 10, 2008
by Keith Wheeland