I am not really sure where I should post this.

Also, I am new to protecting directories.

I have a directory containing files such as .pdf, .mp3, .zip that I have protected using a .htaccess and a .htpasswd file. The .htaccess file is of the form
AuthUserFile (path to the directory)
AuthName “Enter Password”
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>


When I type the url to the directory in my browser I get the following message:

Forbidden
You don't have permission to access /Digital on this server.
You may need to create an index.html page or enable the directory browsing by creating an .htaccess file containing "Options +Indexes".

If I add an index file to the directory I just see the index page if I am allowed to even log in, and if I add Options+Indexes I can see the files without having to log in.

I want the end result to be that someone trying to access the database will be able to view/download the files only after they enter the correct username and password. If they do not enter the correct username and password I do not want them to be able to view / download the files.

Can someone tell me how to do this?