Htaccess page authentication

I have a question, and answer may be very obvious to some people.

I have a static site, and currently have a htaccess rule on a directory (requiring a valid user). I think it’s also possible to authenticate on specific pages using e.g.:

<Files "page1.html">
    Require valid-user
</Files>

(1) Is this a bad idea? (e.g., security, speed, people can work around, whatever); (2) what about if I scripted writing such rules (e.g., to apply to all ‘draft’ pages, or whatever, but where those pages are not in a single directory).

I have searched, but I can’t see advice on this. Any advice much appreciated

This is totally fine to do and is a relatively standard thing to do via an .htaccess file

From a security perspective, the most vulnerable stuff would be around controlling which user’s have access to what and making sure that’s set up properly.

For what it’s worth, this is very much how the Directory Privacy feature in cPanel works as well:

1 Like

Great thanks! I think my concern was (1) that most guidance I’ve seen is around directory level authentication, but not so much file-level including via the cPanel tool, and (2) whether there might be risks in scripting to add blocks to the htaccess (ideally I’m doing that locally and then pushing the changed file to the server).