cd to the directory you want protected
Insert the following lines in the new file:
require user username
Notice that the first line references a file outside the web server’s structure.
You could also add group restrictions, but in this case, I’m just protecting for users (“username” in the sample). Obviously, replace this with the real user name you’d like to use. You can also limit the users to actions other than GET, ie POST or PUT for cgi-bin files. Just add them (with a space between) to the “Limit GET” line.
Next, you need to create a password for username in the location you specified. The htpasswd program will do this for you:
htpasswd -c /Users/username/.htpasswd username
You will be prompted to enter the password twice.
The last thing you need to do is to edit the user’s Apache config file.
Each user has their own “includes” files here:
The file is in the format of “username.conf”
Edit the line that says “AllowOverride None” to read:
This change MAY also need to be made in the root Apache config at /private/etc/httpd/…
Save your changes, and restart your webserver. The easiest way to do this: