Htaccess is used for Apache webservers to secure directories from unauthorised access. The following is an example: Secured Directory

Any file contained below this directory is protected and the password must be entered before access. If you enter the username: test and password: test access will then be granted.

This was achieved using two files, the first is a .htaccess file which is placed in any directory you wish protected and the second a .htpasswd file which contains the username and encrypted passwords.

A sample .htaccess configuration:

AuthType Basic
AuthName "Members Only"
AuthUserFile /home/sites/site1/secure/.htpasswd
AuthPAM_Enabled off
<limit GET PUT POST>
require valid-user
</limit>

The location of the .htpasswd is more secure if located outside the webroot as above (the webroot of above would be /home/sites/site1/web/).

A sample .htpasswd configuration:

peter:yQ4b0uGVJpN/A
barry:D3Uv/eGjSMteY

The first word is the username then ":" and finally the encrypted password using the tool above. After each line a return is entered and the last line is empty.

Please note that for maximum security ssl should be used.

For more information visit: The Apache Software Foundation