This guide explains how to protect a part of a website on a Web Hosting by making it mandatory to enter a password before viewing a directory (including subdirectories) from a browser.

Simple method

Password protect (authentication Digest) a directory using the "Folder Protection" tool:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the product concerned.
3. Click on Security in the left sidebar:
   
4. Click on Folder Protection in the left sidebar.
5. Click on the directory to protect.
6. Activate the protection with the toggle switch, then create one or more users*:
   
   • * Users are defined per directory; the tool does not allow managing user groups:
     
7. Click on the Add button.
8. Click on the button to add access for an additional user if necessary.
9. Click on the action menu ⋮ located to the right of the user concerned to modify or remove them.
10. Click again on the toggle switch to completely disable the directory protection:
    

Manual method via .htaccess

To password protect a folder using the .htaccess file of your site:

1. Connect to your hosting via an FTP software/client or the FTP Manager.

2. In the folder to protect, create a file called password.php and adapt the following content inside by replacing 12345 with the desired password:

   <?php
   $pass = "12345";
   echo password_hash($pass, PASSWORD_DEFAULT);  // Affiche le mot de passe chiffré
   ?>

3. Open a web browser and display the password.php file (example: domain.xyz/folder-to-protect/password.php).
4. The web browser displays your encrypted password; copy the encrypted password, it will be needed later...

In the folder to protect, create a file named .htaccess and adapt the following content inside:

AuthName "Page d'administration protégée"
AuthType Basic
AuthUserFile "/exemple/.htpasswd"
Require valid-user

Replace /exemple/ with the absolute path of the folder to protect. Example:

AuthUserFile "/home/clients/0f83c7afb710e5ae2645a1b704d8772f/web/dossier_a_proteger/.htpasswd"

In the folder to protect, create a file named htpasswd.txt and adapt the following content inside:

login:password_chiffré

• Replace login with the desired login.
• Replace password_chiffré with the encrypted password copied in step 1 of this guide.

Once the file htpasswd.txt is saved, rename it as follows: .htpasswd.

Open a web browser and try to display one of the pages contained in the protected folder. If the guide has been followed correctly, the login and password (not encrypted) chosen allow access to the protected folder.

Other restrictions can also be added by .htaccess.