How do I protect my folders in the "web" shared folder from unprivileged access?

You can use ".htaccess" to protect shared folders under the "web" shared folder via Linux commands. Unprivileged access will be denied due to password protection.

Assume you want to protect the folder "\web\secret" and allow only the user "alex" to access it with a password.
  1. Create a folder named "passwd" in the shared folder "web".
  2. Create a ".htaccess" file in the folder "\web\passwd". Add the following content to the file ".htaccess":
    AuthName "Title"
    AuthType "Digest"
    AuthUserFile "/volume1/web/passwd/admin.pw"
    Require valid-user
  3. Use a Linux machine to create an Apache password file named "admin.pw" using the command htdigest, and add a new user "admin" to it.
  4. Copy the file "admin.pw" to the folder "passwd". The content of the file "admin.pw" should be similar to the following:
    admin:Title:c04339ae82e5b153e1c4799758534015

    Note:

    The file "admin.pw" will prevent unprivileged users from accessing the files stored in the folder "passwd". Only the user "admin" can log into "\web\passwd" for password management.

  5. Create another Apache password file name "normal.pw" via the command htdigest and add a new user "alex" to it.
  6. Copy the file "normal.pw" to the folder "passwd". The content of the file "normal.pw" should be similar to the following:
    alex:Title:258ae6ddee7755b476277584c9e85286
    user1:Title:30a779d1209929f02117b94954cd526e
    user2:Title:6ed12801bf795766d8dba1b1f28a1f3b
    .
    .

    Note:

    The file "normal.pw" will protect the folder "\web\secret". You may add many users to "normal.pw" to allow them access to the folder.

  7. Create another ".htaccess" file in the folder "\web\secret\". Add the following content to the file ".htaccess":
    AuthName "Title"
    AuthType "Digest"
    AuthUserFile "/volume1/web/passwd/normal.pw"
    Require valid-user

Now the folder "\web\secret" is protected with the password saved in "normal.pw", and the folder "\web\password" is accessible to the "admin" user only.

You may repeat steps 5 to 7 to protect any other folder under the "web" shared folder.

Note:

In the file "admin.pw" you can only add one user "admin" to it, while in the file "normal.pw" you may create users to allow them access to the protected folder.