Password Protect Apache Web Directories<\/p>\n<\/div>\n In this tutorial,\u00a0I am going to show you how to password protected different web sites directories in\u00a0Apache<\/strong>\u00a0web server. There are many\u00a0ways you can achieve this, but we will review two of them which are most commonly used.<\/p>\n The first method configures\u00a0password protection directly in Apache\u2019s configuration file, while the second one\u00a0uses\u00a0.htaccess<\/strong>\u00a0file.<\/p>\n In order to setup password protection for your web directories, you will need to have:<\/p>\n 1.<\/strong>\u00a0For this tutorial, we will be protecting the main web root directory\u00a0 2.<\/strong>\u00a0Find the Apache Document directory root for\u00a0\/var\/www\/html<\/strong>\u00a0and add the following things as suggested:<\/p>\n Apache 2.4: Enable AllowOverride All<\/p>\n<\/div>\n 3.<\/strong>\u00a0Save the file and restart Apache by using the following command:<\/p>\n 4.<\/strong>\u00a0Now we will use the\u00a0htpasswd<\/strong>\u00a0command to generate username and password for our protected directory. This command is used to manage user files for basic authentication.<\/p>\n The general syntax of the command is:<\/p>\n The\u00a0 5.<\/strong>\u00a0Our password file needs to be located out of the Apache\u2019s web accessible directory so that it is well protected. For that purpose, we will create new directory:<\/p>\n 6.<\/strong>\u00a0After that we will generate our username and password that will be stored in that directory:<\/p>\n Once you execute this command you will have to enter a password for our new user\u00a0 Create Apache User Password<\/p>\n<\/div>\n After that we will need to make sure that Apache is able to read the \u201cwebpass<\/strong>\u201d file. For that purpose, you will need to change the ownership of that file with the following command:<\/p>\n 7.<\/strong>\u00a0At this point our new user and password are ready. Now we need to tell Apache to request password when accessing our targeted directory. For that purpose, create file called\u00a0.htaccess<\/strong>\u00a0in\u00a0\/var\/www\/html<\/strong>:<\/p>\n Add the following code in it:<\/p>\n Create Apache Restricted Access<\/p>\n<\/div>\n 8. Now save the file and put your setup to the test. Open your browser and enter your IP address or domain name in the web browser, for example:<\/p>\n You should be prompted for username and password:<\/p>\n Apache Password Protected Directory Authentication<\/p>\n<\/div>\n Enter the username and password that you set to proceed to your page.<\/p>\n If you are using shared hosting, you will most probably not have access to the Apache configuration file. However most hosting companies\u00a0have enabled the \u201cAllowOverride All\u201d<\/strong>\u00a0option by default. This means that you will only need to generate the username and password and then select directory that you wish to protect. This significantly eases your task.<\/p>\n I hope that you found this tutorial useful and help you achieve your goal. If you have any questions or comments, please do not hesitate to post them in the section below.<\/p>\n![\"Password](\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/11\/Password-Protect-Apache-Directories.png\")
<\/a><\/p>\nRequirements<\/h3>\n
\n
Setup Apache Password Protected Directory<\/h3>\n
\/var\/www\/html<\/code>. \u00a0To protect that directory, open your Apache\u2019s configuration:<\/p>\n---------------- On RedHat\/CentOS<\/strong> based systems ----------------\r\n# vi \/etc\/httpd\/conf\/httpd.conf\r\n\r\n---------------- On Debian\/Ubuntu<\/strong> based systems ----------------\r\n# nano \/etc\/apache2\/sites-available\/000-default.conf\r\n<\/pre>\n
On Apache 2.2 Version<\/h4>\n
<Directory \/var\/www\/html> \r\nOptions Indexes Includes FollowSymLinks MultiViews \r\nAllowOverride All\r\nOrder allow,deny\r\nAllow from all \r\n<\/Directory>\r\n<\/pre>\n
On Apache 2.4 Version<\/h4>\n
<Directory \/var\/www\/html> \r\nOptions Indexes Includes FollowSymLinks MultiViews \r\nAllowOverride All \r\nRequire all granted \r\n<\/Directory>\r\n<\/pre>\n
<\/a><\/p>\n--------------- On Systemd<\/strong> -------------------\r\n# systemctl restart httpd [On RedHat<\/strong> based systems]\r\n# systemctl restart apache2 [On Debian<\/strong> based systems]\r\n\r\n\r\n--------------- On SysV init<\/strong> -----------------\r\n# service httpd restart [On RedHat<\/strong> based systems]\r\n# service apache2 restart [On Debian<\/strong> based systems]\r\n<\/pre>\n
# htpasswd -c filename username\r\n<\/pre>\n
-c<\/code>\u00a0option specifies the file that will keep the encrypted password and\u00a0username<\/b>\u00a0specifies the user for the authentication.<\/p>\n# mkdir \/home\/tecmint\r\n<\/pre>\n
# htpasswd -c \/home\/tecmint\/webpass tecmint\r\n<\/pre>\n
\"tecmint\"<\/code>\u00a0twice:<\/p>\n<\/a><\/p>\n---------------- On RedHat\/CentOS<\/strong> based systems ----------------\r\n# chown apache: \/home\/tecmint\/webpass\r\n# chmod 640 \/home\/tecmint\/webpass\r\n<\/pre>\n
---------------- On Debian\/Ubuntu<\/strong> based systems ----------------\r\n# chown www-data \/home\/tecmint\/webpass\r\n# chmod 640 \/home\/tecmint\/webpass\r\n<\/pre>\n
# vi \/var\/www\/html\/.htaccess\r\n<\/pre>\n
AuthType Basic\r\nAuthName \"Restricted Access\"\r\nAuthUserFile \/home\/tecmint\/webpass\r\nRequire user tecmint\r\n<\/pre>\n
<\/a><\/p>\nhttp:\/\/ip-address\r\n<\/pre>\n
<\/a><\/p>\nAdditional Notes<\/h3>\n
Conclusion<\/h3>\n