Protect web folder using Apache’s .htaccess method.
Create a new htaccess file in the folder you want to be protected. Name it .htaccess
Fill it with :
AuthUserFile /var/www/.htpasswd AuthGroupFile /dev/null AuthName EnterPassword AuthType Basic require user xyz
The .htpasswd file would look like this:
xyz:y4E7Ep3e7EYV
If there are multiple users in .htpasswd file, the you must replace Require user xyz with require valid-user.
If you are using Apache2 make sure the following is included in the apache conf file for that folder :
AllowOverride AuthConfig
instead of
AllowOverride None
You can find here a password generator : http://www.addedbytes.com/lab/password-protect-a-directory-with-htaccess/