Overview

You can restrict access to a web folder on your (mt) server.

Requirements

Before you start, you will need to have the directory you wish to password protect. If you have not, you will need to create it via FTP or using the File Manager in your (gs) Grid-Service Control Panel.

Before you start, you'll need to have handy your FTP user login credentials for your subscripton.

Instructions

Password Protect Directory via the AccountCenter

Create your Web Users

1. Log into your AccountCenter.
2. Click on Password Protect Folders:

   

3. Click on the Add a new web user button. See Figure 1 below:

   
   Figure 1: Click the button to begin.

4. Create a username and password.
   

   This user only applies to your password-protected folders. You may also assign a user to a group, if one has already been created.

   
   

   
   Figure 2: Complete the form and click the "save" button.

5. Click save and continue onto create a Web User Group and Protected Folders.

Create your Web User Groups

1. Click on Add a new web group, see Figure 3.

   
   Figure 3.

2. Choose your Settings, see Figure 4.

   
   Figure 4.

   • Group Name: Name for this web group.
   • Web User Group Membership: The web users that belong to this group.
3. Click Save and continue on to create Protected Folders.

Create your Protected Folders

1. Click on Protect a new folder, see Figure 5.

   
   Figure 5.

2. Choose your settings as in Figure 6.

   

   • Folder: Choose the path you wish to protect.
   • Description: The description displayed to users when prompted for authentication, such as "VIP Client Restricted Area."
   • Group Access: Select the Group(s) that can access this folder.
   • User Access: Select the User(s) that can access this folder.

1. Log into the Plesk Control Panel for your domain. See Figure 1:

   
   Figure 1: The Plesk Control Panel. Click for a larger view.

   
   

   TIP:

   If you log into Plesk with the admin user, you will be in the Server Administration Panel by default. To get to the Control Panel, click on Domains, then on the Control Panel link next to your domain.

   You can also create a user that will log into the Control Panel by default, which will save you a few clicks on day-to-day webmaster tasks. See Control Panel user.

2. From the Home page, click on Websites & Domains. See Figure 2:

   
   Figure 2: Click on the "Websites & Domains" tab.

3. Click on Show Advanced Options. See Figure 3 for the location of this link.

   
   Figure 3. Click on "Show Advanced Options" for an additional menu.

4. Select Password-protected Directories, see Figure 4:

   
   Figure 4.

5. Click on [Manage] for the domain for which you'd like to create the password protected directory.

   
   Figure 5.

6. Click on the Add Protected Directory icon, see Figure 6.

   
   Figure 6.

7. Complete the form. In our example, we create a protected directory called restricted, entitled Restricted Access.

   
   Figure 7.

8. Next, we'll add a user to access the protected directory. Click on the Add New User icon, see Figure 8.

   
   Figure 8.

9. Complete the form. Be sure to use a strong password. Click the OK button to save your user, see Figure 9.

   
   Figure 9.

10. You should receive a confirmation that your user was created, similar to Figure 10.

    
    Figure 10.

11. Next, we'll create a simple html document in the /restricted folder and test the password protection.

    <html>
    <body>
    <h1>Login Successful</h1>
    <p>This directory has been password protected.</p>
    </body>
    </html>
    

    For instructions on how to use the Domain File Manager in your Plesk Control Panel, please see this article.

    Point your browser to the password protected directory. In this example, we go to http://dv-example.com/restricted/ and are presented with a login box as in Figure 11.

    
    Figure 11. Enter the user details from step 9.

    Enter the username and password from step 9 and login was successful!

    
    Figure 12.

Password Protect a Directory via SSH

This details how to use SSH to password protect web directories for your server. To proceed with these instructions, you will need SSH and FTP access to your server.

1. Connect to your (gs) Grid-Service via SSH. If you need help with this step, please refer to our article: Connecting via SSH to your server.
2. Navigate to the html directory for the domain you'd like to protect. The command will look something like:

   cd /home/00000/domains/example.com/html/

3. Connect to your (dv) via SSH. If you need help with this step, please refer to our article: Connecting via SSH to your server.
4. Navigate to the directory for the domain you'd like to protect. The command will look something like:

   cd /var/www/vhosts/example.com

5. Use the htpasswd command to create a username and password that will be used to log into the directory you would like to protect. This username and password will be requested via a pop-up dialog box when users enter the protected directory. The command you'll need to use will look like this:

   htpasswd -c .htpasswd username

6. Follow the prompts and enter the password for this new user twice.
7. Create a .htaccess file with the following contents:

   
   AuthUserFile /home/00000/domains/example.com/html/.htpasswd
   AuthGroupFile /dev/null
   AuthName "Authentication Pop Up"
   AuthType Basic
   <LIMIT POST GET>
   require user username
   </LIMIT> 

8. Now, simply move the file to the directory you desire to password protect.