Protecting a web directory in Virtualmin

Virtualmin makes it easy to protect websites (or just parts of it) with an email / password combination. The nice thing about it is that you have granular control over which user has access to what. The user doesn’t have to remember a new password, it will simply be his/her old email password. Let’s see how it works!

Go to port 10000 on your sever via HTTPS:


And log in with your root account:


Virtualmin interface should appear:


Go to Edit Users and click the Add a user to this server button:


The Create User panel should appear:


Enter the name portion of the Email address, the Real name and give it a Password, than click Create:


We need to create a new folder that we want to password protect. You can do that any number of ways (FTP, SCP, etc) but I chose SSH. I logged in with putty, and created a folder inside the public_html folder of the virtual server. Don’t forget to set the proper permission as well:

cd /home/your-virtual-servers-folder/public_html

mkdir the-folder-name-you-want-to-create

chown your-virtual-server-user:your-virtual-server-group your-virtual-servers-folder


Let us add the newly created folder to the Protected Web Directories. Let’s go back to Virtualmin and select Services and than Protected Directories. We want to create a new directory, so we click Add a protection for a new directory:


The New web directory protection panel will appear:


Enter the directory name that you created earlier into the Sub-directory field and enter an Authentication realm as well (it will be sent as part of the login request):


We have our folder added. Notice that at the Users row it says it has 0 users associated with it:


To add a user we need to get back to the Edit Users panel:


Click on the username you want to edit and the Edit User panel will show up:


Expand Other user permissions and find the directory that we created a step before in the All directories field list, select it and click the arrow button to add it to the Allowed directories field list, when done click the Save button:


If you try to access the folder from a browser it should ask for authentication:


Note: you need to provide the e-mail (not just the username) and the password to log in:


Leave a Reply

Your email address will not be published. Required fields are marked *