e-Zest members share technology ideas to foster digital transformation.

Setup Apache Basic Authentication for your website

Written by Amit Tidke | Sep 28, 2016 6:40:35 AM

Apache is most popular web server used nowadays. It is open-source software developed by Apache Software Foundation.

Configuring your webpages with Apache Basic authentication will help to protect competition sensitive prototypes against any misuse.

This blog will help you to setup Apache basic Authentication for your website.

Configure Apache to enable .htaccess authentication

By default apache does not allow .htaccess file. So, we need to configure Apache to allow use .htaccess authentication.

For this, we need to modify httpd.conf file which is located at /etc/httpd/

sudo vim /etc/httpd/conf/httpd.conf

In this file, look for <Directory "/var/www/html"> and replace

AllowOverride none with AllowOverride AuthConfig

AllowOverride AuthConfig

Once you are done with this change, save and close the file.

Create Password File for authentication

Now, you need a password file to be used for authentication so we have to create a password file for the same

Use following command to create .htpasswd file for user

sudo htpasswd -c /etc/httpd/.htpasswd user

then, You will be asked for password. Enter the password you want.

Please note that –c should be used for only first time you create the file.

Lets create password for another user user1

sudo htpasswd  /etc/httpd/.htpasswd user1

and then provide the password for user1.

After creation of users you can see the encrypted password for both users

sudo cat /etc/httpd/.htpasswd

and it will generate output like this:

user:$apr1$dBo6Fbao$ss7W9ThA1cA.x/pfn0ojG/

user1:$apr1$soB0idm$dkjhfn7W8Th1.x/bgsj0YqK

Now, we need to give ownership of this file to apache, so that it can read the .htpasswd file

sudo chown apache:apache /etc/httpd/.htpasswd

sudo chmod 0660 /etc/httpd/.htpasswd

Configure apache for Apache Authentication

Now we have to create .htaccess file in a web directory which we want to protect.

Let’s consider that we have to protect /var/www/html/   

So we will create .htaccess file in /var/www/html/   

sudo vim /var/www/html/.htaccess

and insert the following content in it:

AuthType Basic

AuthName "Restricted Content"

AuthUserFile /etc/httpd/.htpasswd

Require valid-user

Save and Close the file.

To rollout these changes we need to restart the tomcat

sudo service httpd restart

Next time you visit the webpage, you should see the popup asking for password.

You are done with Basic Apache Authentication!

Please ask your questions in the comment box. I would love to answer them.