Directory password protection for an Apache illiterate person?

Question

i am an Apache Illiterate person, and i need very simple password protection for a directory using a .htaccess file. very simple one. i also wonder how tutorials simply tells me "put the .htpasswd file in the path.." i tried to create a .htpasswd file but failed to do that. if someone volunteers to help please keep in mind i use win server 2008 and please consider that my experience in Apache is almost zero.

Answer 1

Use this to generate your htpasswd file: http://www.htaccesstools.com/htpasswd-generator/

You should get a hash back from that and just place that in your htpasswd file. I very strongly suggest that you do not put your htpasswd file in your document root. It would make it accessible via apache.

Edit for clarification:

For example, your apache webserver serves this directory: C:\www\htdocs, and you want to protect this directory with username and password: C:\www\htdocs\secure. You create this .htaccess file and put it in your C:\www\htdocs\secure directory:

AuthType BASIC
# You can choose whatever name you want here
AuthName "Protected"
AuthUserFile C:\www\htpasswd
Require valid-user

You see the C:\www\htpasswd? You need to create that file. Go to that htpasswd-generator link above. Enter a username, enter a password, click on "Create .htpasswd file", the page will give you a text field with your username and a bunch of gibberish. Copy that whole thing and create the file C:\www\htpasswd and paste that into the file.

That's it.

Not sure how much simpler it can get.