PEAR Class to Manipulate htaccess Files.

Blog Projects

This is really old code and page exist mostly for historical reasons.

File_HtAccess provides common methods to create and manipulate Apache / NCSA style .htaccess files. These files together with accompanying password files are used to protect webserver directories. Since File_HtAccess does not provide any means to manipulate or create password files you should use it together with File_Passwd.

File_HtAccess is distributed via PHP Extension and Application Repository.


Install with PEAR commandline installer by issuing command:

pear install File_HtAccess

If you are using old version of PHP (> 4.3.0pre1) see instructions on how to install PEAR package manager first.


Documentation is written in DocBook and can be found at PEAR manual pages. A local version also exists.

What are .htaccess files?

The most common and the original purpose of .htaccess files is to create per-directory password protection of resources. With modern webservers there is vast amount of other things .htaccess files can do. These include: custom error pages, ip based access control, redirecting users automatically, denying directory listing and using different files as an index file.

File_HtAccess concentrates only to password protection of directories, although it is possible to use it to control other things mentioned above too.

A .htaccess file is built from the following basic directives. They differ a bit whether youre using Basic or Digest authentication.

Directive Purpose
AuthType Authentication type being used, “Basic” or “Digest”.
AuthName Authentication realm or name.
AuthUserFile Full path to password file if using Basic authentication.
AuthGroupFile Full path to group file if using Basic authentication.
AuthDigestFile Full path to password file if using Digest authentication.
AuthDigestGroupFile Full path to group file if using Digest authentication.
Require Requirements which must be met to grant access.

File_HtAccess provides method accessor methods with corresponding names for each of these directives, such as getAuthType() and setAuthType().

A typical .htaccess file looks like this:

AuthName "Protected"
AuthType Basic
AuthUserFile /usr/local/apache/conf/users.dat
require valid-user

What is Basic authentication

When a client requests resource protected with basic authentication webserver responds with a 401 Authentication Required header. When client receives 401 header it asks the user for username and password. If authentication succeeds, the protected resource will be sent to the client. Otherwise the access will be denied.

What is Digest authentication

Even though the passwords are stored encrypted on serverside they are sent cleartext between client and server when using Basic authentication. With Digest authentication the passwords are never sent cleartext but as a MD5 digest instead. The caveat is, most browsers do not support Digest authentication.

When asking a question please include an URL to example page where the problem occurs. If you have longer code examples please use
Built using the awesome Flat UI Pro framework by Designmodo.

© 2013 Mika Tuupola.