How Do I Restrict Access to a Folder on a Web Server?


Heather Bennett

Restricting access to a folder on a web server is an important security measure that ensures sensitive files and data are protected from unauthorized access. In this tutorial, we will explore different methods to restrict access to a folder on a web server.

Method 1: Using .htaccess

If you are using an Apache web server, you can utilize the power of the .htaccess file to restrict access to specific folders. The .htaccess file allows you to specify rules and configurations for your web server.

To begin, navigate to the folder that you want to restrict access to. Create a new file called .htaccess if one doesn’t already exist.

Open the .htaccess file in a text editor and add the following lines:

# Allow only specific IP addresses
order deny,allow
deny from all
allow from
allow from 10.0/8

In the above example, we have allowed access only from two IP addresses: 192.1 and any IP address in the range 10.x.

Method 2: Password Protecting with .htpasswd

If you want an additional layer of security, you can password protect your restricted folder using the .htpasswd file.

Create a new file called .htpasswd in any directory outside of your document root (public_html or www). This file will store usernames and passwords for authentication.

In your .htaccess file within the restricted folder, add the following lines:

# Password protect the folder
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /path/to/.htpasswd
Require valid-user

Replace /path/to/.htpasswd with the actual path to your .htpasswd file.

Method 3: Using Server-Side Scripting

If you are using a server-side scripting language like PHP, you can restrict access to a folder by checking for specific conditions before allowing access.

In your PHP file, add the following code at the top:

// Check for authentication here
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_USER'] !== 'username' || $_SERVER['PHP_AUTH_PW'] !== 'password') {
    header('HTTP/1.1 401 Unauthorized');
    header('WWW-Authenticate: Basic realm="Restricted Area"');
    exit('Access Denied');

In this example, we are checking for a username and password match. Replace username and password with your desired credentials.


Restricting access to a folder on a web server is essential to protect sensitive information. Whether you choose to use .htaccess rules, password protection with .htpasswd, or server-side scripting, it’s crucial to implement these security measures carefully.

  • Method 1: Using .htaccess is an effective way to restrict access based on IP addresses.
  • Method 2: Password protecting with .htpasswd provides an additional layer of security by requiring a username and password for access.
  • Method 3: Using server-side scripting like PHP allows you to customize the authentication process and implement more complex access control rules.

Choose the method that best suits your needs and ensure that your restricted folder is secure from unauthorized access.

Discord Server - Web Server - Private Server - DNS Server - Object-Oriented Programming - Scripting - Data Types - Data Structures

Privacy Policy