Apache is most popular web server used nowadays. It is open-source software developed by Apache Software Foundation.
Configuring your webpages with Apache Basic authentication will help to protect competition sensitive prototypes against any misuse.
This blog will help you to setup Apache basic Authentication for your website.
Configure Apache to enable .htaccess authentication
By default apache does not allow .htaccess file. So, we need to configure Apache to allow use .htaccess authentication.
For this, we need to modify httpd.conf file which is located at /etc/httpd/
sudo vim /etc/httpd/conf/httpd.conf
In this file, look for <Directory "/var/www/html"> and replace
AllowOverride none with AllowOverride AuthConfig
AllowOverride AuthConfig
Once you are done with this change, save and close the file.
Create Password File for authentication
Now, you need a password file to be used for authentication so we have to create a password file for the same
Use following command to create .htpasswd file for user
sudo htpasswd -c /etc/httpd/.htpasswd user
then, You will be asked for password. Enter the password you want.
Please note that –c should be used for only first time you create the file.
Lets create password for another user user1
sudo htpasswd /etc/httpd/.htpasswd user1
and then provide the password for user1.
After creation of users you can see the encrypted password for both users
sudo cat /etc/httpd/.htpasswd
and it will generate output like this:
user:$apr1$dBo6Fbao$ss7W9ThA1cA.x/pfn0ojG/
user1:$apr1$soB0idm$dkjhfn7W8Th1.x/bgsj0YqK
Now, we need to give ownership of this file to apache, so that it can read the .htpasswd file
sudo chown apache:apache /etc/httpd/.htpasswd
sudo chmod 0660 /etc/httpd/.htpasswd
Configure apache for Apache Authentication
Now we have to create .htaccess file in a web directory which we want to protect.
Let’s consider that we have to protect /var/www/html/
So we will create .htaccess file in /var/www/html/
sudo vim /var/www/html/.htaccess
and insert the following content in it:
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/httpd/.htpasswd
Require valid-user
Save and Close the file.
To rollout these changes we need to restart the tomcat
sudo service httpd restart
Next time you visit the webpage, you should see the popup asking for password.
You are done with Basic Apache Authentication!
Please ask your questions in the comment box. I would love to answer them.
