Coming from the world of Windows, I'm used to nice dialogue boxes and animations when I configure my security settings... Raw Linux is therefore incredibly scary! However, when it comes to web directory security, LAMP is incredibly powerful.

Under IIS, securing a directory is, to be frank, a pain in the arse. Under Apache, you can do it with two files - .htaccess and .htpasswd. We'll have a look at these in a little more detail...

First of all, the . Under UNIX and variants, the . signifies a hidden file. This is obviously a good thing, as you don't want any dodgy types trawling your directories and finding it. So make sure you use the dot!

.htpasswd, as you may imagine, contains usernames and passwords in encrypted form similar to what's below:

technorama:dGE7EaNuRBiic

You'll need to add a line for every user, and it's only one user per line. To generate the encrypted password, try htaccess tools password generator.

.htaccess is a little more complex. Basically, you put this file in any directory that you want to protect. The contents should be similar to that below (you can also visit htaccess tools to create your own):

AuthType Basic
AuthName "Keep Out!"
AuthUserFile /path/to/.htpasswd
Require valid-user

The parts of interest above are the AuthName and AuthUserFile.

AuthName is the title of the box that is presented to anyone who tries to access your protected directory. AuthUserFile is the full path to your .htpasswd file - this can be in any directory you like. The standard path is to drop it in to your /etc directory.

To see it in action, click here. And no, you can't have the password!

Hopefully you should be able to see what a powerful tool this is. Obviously, if you want to protect more directories, you can repeat this procedure. You can also use as many .htpasswd files as you like, so you can allow cetatin users access to some directories but not others