Protect files with password

On this page

You can protect the contents of a folder with HTTP authentication. To visit the URL of a file in the folder, a username and password will be required.

Example of a protected file

The /Example-Folder/ folder of the account has been protected. Try to visit this image URL:

When you provide the following username/password, the file will load:

User: Example
Pass: StrongPassword%50

How to protect a folder

Follow these steps to protect the contents of a folder with a password:

1. Go to the Settings > Domains section of your account to find the Protected URLs settings:

Protected URLs section in Sirv account

If you don't see that section, ask the Sirv support team if they can enable protected file features on your account.

2. Click the link "Manage Protected URLs".

3. Click + to create a new protection:

Create a new protection to protect your images from being seen or scraped

4. Choose HTTP Basic Authentication and click Next:

Choose HTTP authentication on a folder, requiring a username/password to view any file inside the folder

5. Click to select the folder path you want to protect. You'll then see a list of all your folders:

Choose the folder to be protected with HTTP auth

6. Click + to create a new login ("user"):

Click the + icon to create a new HTTP auth user

7. Enter any username and password you desire. Optionally, you can enter a date when the login should stop working. Then click Add:

Enter the username, password and expiry date for the HTTP auth login

8. Click Create.

Your login has been created. Now, all files in that folder (and it sub-folders) are protected. They can only be seen by providing a valid username and password.

It is called a "user" but anyone who knows the username and password will be able to view the files.

Up to 5 username/password configurations can be set for each HTTP folder protection.

Alternative protections

Sirv also provides other ways to protect files from being viewed:

  • Domain protection - you can enable domain restriction to block direct requests and specify which domains may display your images (whitelisting).
  • JWT protection - you can enable JWT signed URLs so that only URLs containing a valid token can be served.
  • Watermarks - you can apply image or text watermarks to your images. They can be made irremovable with JWT protection.

Get help from a Sirv expert

To discuss which method(s) of protection would be best for your requirements, please ask the Sirv support team.

Was this article helpful?

Get help from a Sirv expert

help ukraine help ukraine Powered by Ukrainian determination and British ingenuity

How can you support Ukraine