.htAdmin was designed with simplicity in mind. Accordingly, it was programmed to protect a single directory. With this being said, let us explain how .htaccess directory restriction works:

• Restriction of a directory only flows downstream
• Restriction will not flow upstream
• Restriction will not flow laterally

Placing the .htaccess and .htpasswd files in a root directory (where the main index page resides) will restrict access to the entire website and require a visitor to supply a username and password to continue on from ANY point of entry. For demonstration purposes we have setup our demo in the following manner:

• http://htadmin.com/demo/
  • Not protected. Upstream of the protected directory.
• http://htadmin.com/demo/testone/
  • PROTECTED. Any subdirectories of this directory will also be protected.
• http://htadmin.com/demo/testtwo/
  • Not protected. Structurally lateral to the protected directory.

Our .htAdmin demo script can be accessed by CLICKING HERE. The admin USERNAME is "demo" and the PASSWORD is "123". In order to access http://htadmin.com/demo/testone/ you will need to create your own .htaccess USERNAME and PASSWORD via the .htAdmin demo script and enter same when prompted.

The .htaccess file is a simple text file placed in the directory you want the contents of the file to affect. The rules and configuration directives in the .htaccess file will be enforced on whatever directory it is in and all sub-directories as well. There are a few directives that must be understood. One of these directives in the .htaccess file ( the AuthUserFile directive ) tells the Apache web server where to look to find the username/password pairs.

The .htpasswd file is the second part of the equation. The .htpasswd file is also a simple text file. Instead of directives, the .htpasswd file contains username/password pairs. The password will be stored in encrypted form and the username will be in plain text.

Why do these files begin with a "."? Any file in Unix that starts with a "." is considered a hidden file. In a normal directory listing, these files won't be displayed because Unix considers them to be files that don't need to be seen, but files that need to be there, so they are hidden.

Some FTP applications have a "Show Hidden Files" command to show hidden files, but they won't always display these .ht files even if "Show Hidden Files" command is enabled. There are other ways to accomplish this:

• For WS_FTP: If you use WS_FTP, in the "Session Properties" dialog's "Startup" tab, type "-a" in the "Remote file mask" field.

• For CuteFTP: Open a connection - any will do as the result is global in scope - and right click in the remote pane, click "Filter", click "Options" tab and check the box that says "Enable remote filters (Server applied filters). Then type "-a" in the "Remote Filter" field.

After you properly configure your FTP client, you can manipulate your .htaccess and .htpasswd file as you would any other, including editing and deleting.

Caution: The security provided by .htaccess lasts for a single browser session. Be aware that should you be browsing a secure site in a public space, you must close the browser in order to prevent someone else from gaining access to the secure materials.