In order to protect a directory in particular (and its subdirectories), it suffices to place a file called .htaccess inside. Apache will instantly apply its rules after, only in this tree structure. The syntax is the same as the general vhost rules (eg: URL rewriting or protection), unless it will only affect the .htaccess directory (so no Directory clause).

Attention: the Windows explorer doesn't allow to name some files beginning by a dot, but a text editor is able to save as .htaccess.


To authorize the .htaccess in the site .conf, use AllowOverride[1]:

AllowOverride All

To forbid them:

AllowOverride None


  1. http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride