This is very simple.  For any file you want to have its own password protection, create an .htaccess file in the folder the file resides.  Just replace “pagename.html” for the file.  Then, just go to our .htpasswd password generator and create the .htpasswd file in the format:  username:password, where username is the name required to log in and “password” is the encrypted version of the password that shows in the tool in the link above under “Create new .htpasswd password file” and be sure to save your .htpasswd file in the absolute server path to the .htpasswd file.

AuthUserFile /home/user/path/to/.htpasswd
AuthName "name of login prompt"
AuthType Basic
<files “pagename.html”>
require valid-user

One more note, you don’t need to save the “.htpasswd” file by this name, any name will do.  Learn a lot more about .htaccess by visiting the official Apache website.  I like to put the commonly used snippets and tips on my site so they’re easy to find for me later.

–  Aaron Belchamber

Here’s how you can allow different search engine bot crawlers if you prefer to address them individually.  There might be some crazy reasons why which I try to explain below.  For some companies, it seems web developers often don’t dev to create new web assets, they dev to squeeze any remaining SEO juice from their old assets.  Always diminishing returns when you measure the opportunity cost of not spending time and resources moving forward, but instead looking back.

SetEnvIfNoCase User-Agent .*bing.* search_robot
SetEnvIfNoCase User-Agent .*google.* search_robot
SetEnvIfNoCase User-Agent .*yahoo.* search_robot
SetEnvIfNoCase User-Agent .*bot.* search_robot
SetEnvIfNoCase User-Agent .*ask.* search_robot

Order Deny,Allow
Deny from All
Allow from env=search_robot

Here are some more .htaccess SetEnvIf & SetEnvIfNoCase Examples from Apache’s website.

PHP Logic for detecting different search engine crawlers

You may want to redirect your content to be customized for different search engine bots to repair certain SEO issues that you may encounter.

Here is the Search Engine Directory of Spider Names

if(stristr($_SERVER['HTTP_USER_AGENT'], "googlebot")){

    // what to do -- change "googlebot" to other spiders in list

For certain instances where some how a server that was supposed to be locked down was inadvertently crawled by a search engine, you don’t want to open your entire site for all crawlers, here’s a way you can open your site to confirm your site ownership file by the crawler and perhaps disavow content if you don’t have anything better to do than massage your site’s SEO and squeeze every drop of juice from it.

<title>Web Development is a finite resource</title></head>
Does quality content matter any more?


Apache .htaccess directives are pretty straight forward.  The “SetEnvIf” that passes different values if the conditions are met then are processed by the standard Deny/Allow directive.  Here’s a sample from Apache’s documentation:

#allow a single uri through .htaccess password protection
SetEnvIf Request_URI "/test_uri$" test_uri

#allows everything if its on a certain host
SetEnvIf HOST "^" test_subdomain_url

SetEnvIf HOST "^" live_url

Order Deny,Allow

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/your/.htpasswd
AuthGroupFile /

Require valid-user

#Allow valid-user

Deny from all
Allow from env=test_uri
Allow from env=test_subdomain_url
Allow from env=live_url
Satisfy any

This is handy in case you want to control all password protected areas of your site all in one place.  I have even added an admin interface that can add new environments to the web root’s .htaccess file on the fly.  This is a simple way to improve your web security for different sections and works great!