In our earlier tutorials, we have discussed ‘how we can create a apache server’ ‘secure it using an SSL certificate’ & also learned ‘some tips for Hardening apache server’. In this tutorial, we are going to learn to password protect apache directory server with Basic Authentication using .htaccess file.

We might want to secure an apache directory for any number of reasons like if we want to share data over internet & keep it private with only limited access to some users etc & there are many ways to password protect a directory in apache but we are going to use .htaccess file to make our directory private.

.htaccess is used to alter configuration of apache server without editing the server configuration file. With .htaccess, we can configure page redirect, image hotlink prevention & in this case, password protect a directory.

So. let’s get started…

Configuration

Step 1

Firstly, let’s create a directory that we can password protect,

$ cd /var/www/html
$ mkdir secret_dir

& then add some files to it

$ echo “This is a secret area” > secret.txt

 

Step 2

Now we will make changes to main configuration file i.e. /etc/httpd/conf/httpd.conf’ to allow the use of .htaccess. We need to add AllowOverride AuthConfig directive in httpd.conf,

$ vi /etc/httpd/conf/httpd.conf

<Directory /var/www>
Options Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>

Save the file  & restart apache services to implement the changes.

$ systemctl restart httpd.service

Step 3

We will now create password file with ‘htpasswd’. Command htpasswd is used to create or update text files for storing username & password for apache users authentication. Go to  ‘/var/www/html/secret_dir’ & run the following command,

$ cd /var/www/html/secret_dir
$ htpasswd –c .htpasswd dan

Enter the password that want to identify your user with. Once done, the .htpasswd file will be created & we will now assign the file with  proper group & file permissions,

$ chown apache:apache .htpasswd
$ chmod 0640 .htpasswd

 

STEP 4

Next step is to create .htaccess file  in ‘secret_dir’ directory

$ vi .htaccess

& add the following lines,

AuthType Basic
AuthName "Restricted Access"
AuthUserFile /var/www/html/secret_dir
Require user dan

Save the file & restart your apache services once more.

Step 5

We will now test our private directory. Open your browser & enter your url

http://IP_address/secret_dir

& press enter. As soon as you press enter, you will be prompted to enter your username & password. You can add as many users as you need using the same process as above.

Thanks for reading this tutorial. If having any issues or questions, please use the comment box down below.

 

If you think we have helped you or just want to support us, please consider these :-

Connect to us: Facebook | Twitter | Google Plus

Donate us some of you hard earned money: [paypal-donation]

Linux TechLab is thankful for your continued support.