Locate the ".htaccess" file in httpd's public directory. ---- start .htaccess ---- satisfy any order deny,allow deny from all allow from 192.168.1.0/24 authtype basic authuserfile /var/www/html/.htpasswd authgroupfile /dev/null authname "authorization required" require valid-user --- end .htaccess ---- Usually, any user can not access ".htaccess/.htpasswd" file because of configuration, but user can read ".ht" file contents from allowed network (192.168.1.x). If access from outside of allowed network or authorized user.