.htaccess files are very versatile, and can easily become very complex. This document contains enough information to set simple access restrictions/limits on a directory in your web space.
Remember to upload .htaccess files, and .htpasswd files using ASCII mode. This is an option is available in most FTP clients.

Username/Password Protection

This schema will prompt web users to enter a CASE SENSITIVE username/password pair before serving any content within the directory containing the .htaccess file. In the simplest of cases there are two files involved, the .htaccess file, and the password file.
The password file is a text file containing a username and an encrypted password, separated by a colon. You can use one password file for many .htaccess files. The entries can be generated here.

Password Generation

a) Usage of the command htpasswd

To create and maintain the password file it is possible to use the Linux command htpasswd. You have to make sure that you are using the same path and filename like in your .htaccess File (AuthUserFile).

For example:

htpasswd -c /PFAD/PASSWORTDATEI name1
htpasswd /PFAD/PASSWORTDATEI name2
htpasswd /PFAD/PASSWORTDATEI name3

Remark: option -c creates a new file

b) Password generation "by hand"

Windows users can use several websites to generate passwords. You have the add this password later to the .htpasswd file:

For example:

user1:ON91eDD9iaeC9
user2:DDE1eXB9eaiF4
user3:XB49e784xsgD

Creating .htaccess file

The .htaccess file would be placed in the directory that needs password protection, and would look something like this:

If you are using one password file for multiple .htaccess files, and would like certain users to have access to some areas, but not others, you may want to try one of the following:

a) specify the users by using require user userid:

<Limit GET POST>
require user cisco
require user bob
require user tim
</Limit>

b) setup a group file. This requires you to specify AuthGroupFile. You can now require group whatever

.htaccess example:
AuthUserFile /usr/home/lee/htpasswd
AuthGroupFile /usr/home/lee/htgroup
AuthName "Lee's Secret Area"
AuthType Basic
<Limit GET POST>
require group managers
</Limit>

AuthGroupFile example:
managers: cisco bob tim jeff kari
systems: lee joe cisco
sales: kari tonja

Restricting by IP Address

This only requires the .htaccess file. There are two approaches to restricting by IP address:

a) deny everyone access, then allow certain hosts/IP addresses

AuthName "Lee's Secret Area"
AuthType Basic
<Limit GET POST>
order deny,allow
deny from all
allow from 199.166.210.
allow from .golden.net
allow from proxy.aol.com
allow from fish.wiretap.net
</Limit>

b) allow everyone except for certain hosts/IP addresses

AuthName "Lee's Secret Area"
AuthType Basic
<Limit GET POST>
order allow,deny
allow from all
deny from .microsoft.com
deny from .evil-hackers.org
deny from 24.112.106.235
deny from morphine.wiretap.net
</Limit>

More Examples

Try crunching the above together into one:

a) only managers can view this page from a .golden.net IP address:

htaccess:
AuthUserFile /usr/home/lee/htpasswd
AuthGroupFile /usr/home/lee/htgroup
AuthName "Lee's Secret Area"
AuthType Basic
<Limit GET POST>
order deny,allow
deny from all
allow from .golden.net
require group managers
</Limit>

AuthGroupFile:
managers: cisco bob tim jeff kari
systems: lee joe cisco
sales: kari tonja

b) managers can view this page from anywhere, everyone else must be from a golden.net IP address:

htaccess:
AuthUserFile /usr/home/lee/htpasswd
AuthGroupFile /usr/home/lee/htgroup
AuthName "Lee's Secret Area"
AuthType Basic
Satisfy Any Default is Satisfy ALL
<Limit GET POST>
order deny,allow
deny from all
allow from .golden.net
require group managers
</Limit>

AuthGroupFile:
managers: cisco bob tim jeff kari
systems: lee joe cisco
sales: kari tonja