Password Protected Directories


When a user enters a password-protected URL, IGV prompts for a user name and password. If the username/password combination is incorrect, IGV will continue to ask the user to authenticate until the combination is entered correctly or the user clicks Cancel.

Setting up password protection on an Apache server

There are many ways to set up a password-protected site.  The following describes one method of handling this on an Apache server using an ".htaccess" file.

Setting up a password requires:

  • an Access File
  • a Password File

The Access File (.htaccess) is located in the restricted directory.  It should contain the following information:

AuthUserFile /home/[path]/. htpasswd
AuthName "Private IGV Folder"
AuthType Basic
Require valid-user

The first line should contain the path to the Password File.

The Password File (.htpasswd) should be placed in a directory that is accessible internally, not through the web. This is can be the home directory, but it must be a location that is not externally visible.  An example password file might look like this:


The file contains the usernames and passwords for all authenticated users, with one user per line. In the example line,  the username is "user1" and the password is "kJx1GPxWtLet2," which is an encrypted password representing the human-readable word, "password."

To make the authentication lines, users can contact IT staff or use one of several websites that help generate them.  The one used for this line was htaccess_pw.html. This website provides a string that can be used in the .htpasswd file.

To test use a web browser to access a file in  the password-protected directory URL.   You should be prompted for a username and password.


The following files are password protected using the procedure described above. Try loading into IGV using File>Load from URL:. You will be prompoted for a username and password, enter "guest" for username and "password" for password.