mod_authz_groupfile module provides authorization to specific parts of the site based on user's group membership.

Quick start

Sample mod_auth_basic & mod_authz_groupfile configuration in .htaccess

# Authentication type
AuthType Basic
# Name of area authentication will be used for (aka realm)
AuthName "secret area"
# Authentication provider. Here - mod_authn_file
AuthBasicProvider file
# Path to password file
AuthUserFile  c:\inetpub\users\.htpasswds
# Path to group file
AuthGroupFile c:\inetpub\users\.groups
# Access will be granted to all authenticated users from 'admins' group
Require group admins

Sample of .htpasswds file:


Sample of .groups file:

# admins group
admins: john jack

# users group
users: john bill jack

Related articles and topics


Name Context Description
AuthGroupFile S V D .h sets the name of a text file containing the list of user groups for authorization
AuthzGroupFileAuthoritative S V D .h sets whether authorization will be passed on to lower level modules


AuthGroupFile directive specifies the name of the text file containing the list of user groups for user authorization. File-path is the path to the group file. If it is not absolute, it is treated as relative to the current configuration file ( httpd.conf or .htaccess ).


AuthGroupFile file-path

Each line of the group file contains a groupname, colon and space-separated members usernames.

operators: bill george barak

Security note! Don't locate AuthGroupFile inside the directory that it protects and inside web-server document tree. Otherwise, clients will have a chance to download groups file.


Sets whether authorization will be passed on to lower level modules. If AuthzGroupFileAuthoritative is set to off and no group got matched against specified userID, group authorization will be passed to lower level modules (if any).


AuthzGroupFileAuthoritative On|Off


AuthzGroupFileAuthoritative On