This tutorial describes how to protect a directory in Apache with a password, and control access by client IP.
We assume that Apache is installed in /usr/local/apache
and that you have write access to /usr/local/apache/conf/httpd.conf.
We will not take use of .htaccess files.
The advantage of not using a .htaccess file is described here:
Apache 1.3: http://httpd.apache.org/docs/1.3/howto/htaccess.html#when
Apache 2.2: http://httpd.apache.org/docs/2.2/howto/htaccess.html#when
(It is also more tricky to manage file permissions on .htaccess files, especially if you run Apache with SuEXEC and use different system users for each Virtual Host.)
Create a password file
/usr/local/apache/bin/htpasswd -c /usr/local/apache/conf/htpasswd someuser
Re-type new password:
In this example we will protect /usr/local/apache/htdocs, but you can choose any directory, of course.
We will use Basic autentication, and password will be required from anywhere except from localhost (127.0.0.1).
AuthName "Your title for the popup window"
Allow from 127.0.0.1