.htaccess code to password protect 1 file

Hi,

Can anyone give me an example of an .htaccess file which forces a username/password to be supplied for access to a single file of many in a directory.

Also, I want to edit my httpd.conf file to block web browsers displaying the contents of any file with an extension of .inc. I've included this in my httpd.conf file:

<Files .inc>
order allow,deny
deny from all
</Files>

...but it doesn't work. What am I missing?

Thanks,

Ross.

>>for access to a single file of many in a directory
What do you mean? Are you trying to say you wanted to protect only /foo/bar.html but not the other files in /foo directory?
########################
<Files ~ "^.inc">
Order allow,deny
Deny from all
</Files>

Hi freebsd,

Thanks for your reply. I tried the example you gave, but it didn't work until we modified it to:

<Files *.inc>
Order allow,deny
Deny from all
</Files>

and this works great. So thanks for heading us in the right direction.

Regarding the first part of my original posting - you are right in your assumption as to what I'm trying to achieve. Let me clarify further: Let's suppose I have a directory /test/, and in test I have 3 files a.html, b.html, and c.html. Want I want to do is create an .htaccess file which specifically requires a username and password for access to, for example, a.html. The other 2 files can be accessed through a web browser without restriction. I use .htaccess and .htpasswd files already to block access to complete directories, but can't quite work out the syntax for restricting access to named files only in a directory. I should add that I've searched the web for decent .htaccess tutorials or help, but they vary in quality, none seem to be comprehensive (with a limited number of examples), and none explicitly answer my question.

Thanks again.

1) Put your .htpasswd above your root so visitors can't access it
#/html/username/.htpasswd
put username and encryped password of your members

2) It doesn't matter how many files under how many directories you wanted to protect as they can share a common .htpasswd file

#/html/username/public_html/test/.htaccess
<FilesMatch "a.html">
AuthName "Member Only"
AuthType Basic
AuthUserFile /html/username/.htpasswd
require valid-user
</FilesMatch>
#/html/username/public_html/test/a.html is protected
#/html/username/public_html/test/b.html and all others are NOT protected

3) /html/username/public_html/foo/.htaccess
<FilesMatch "bar.html">
AuthName "Member Only"
AuthType Basic
AuthUserFile /html/username/.htpasswd
require valid-user
</FilesMatch>
#/html/username/public_html/foo/bar.html is protected with the same .htpasswd in /html/username/
#/html/username/public_html/foo/others.html is NOT protected

############################################
The following will not work:
1)/html/username/public_html/test/a.html is a symlink of /html/username/private/a.html which /html/username/private/ has an .htaccess pointing to /html/username/.htpasswd
2) Include a.html with a file under a protected directory will not work as well.

Using this method, I only get a "401 authorization required" page, saying



Using the same htaccess file previously to protect the entire directory, the browser properly prompted for a username and password.

htaccess looks like this:

Some servers are only accept encrypted password. You can use tool to encrypt your password. After copy into file .htpasswd. You can enter hptt://tools.dynamicdrive.com/password/ to encrypt.
Wish you success