Setup user/password authentication for Apache


If you don't want everybody to access your website, you can restrict access to your website or part of it with user/password based authentication. First you should change the Directory directive in the config file of Apache. Open /etc/httpd/conf/httpd.conf and find the Directory directive for which you want to use user/password based authentication, i.e. <directory />, add or change the line starting with AllowOverride:

AllowOverride AuthConfig
AllowOverride All

Now restart Apache:

/etc/init.d/httpd restart
and create a password file with htpasswd
/usr/bin/htpasswd -c /etc/httpd/users USERNAME

You will be prompted for a password twice. By default the password will be stored as a MD5 encrypted. A typical passwordfile with the users "john" and "doe" might look like this:


Now we create an .htaccess file in the directory you want to secure:


AuthName "restrict"
AuthType Basic AuthUserFile /etc/httpd/users
Require user john doe
Change the rights of the .htaccess:
chmod 644 .htaccess
If your password file contains a lot of users and it might be useful to use group based authentication. We need to create a group file. This file should contain the groupname followed by a collon and the usernames separated by spaces. The users must exsist in the password file. Let's create a group file first, for example /etc/https/groups for the group webusers, john and doe are both members of this group. The file could look like this
webuser: john doe
After we created this group file we can change the .htaccess file to:


AuthName "restrict"
AuthType Basic
AuthUserFile /etc/httpd/users
AuthGroupFile /etc/httpd/groups
Require group webuser

Please login first before adding a comment.


You are here: Home Howtos and FAQs Apache Setup user/password authentication for Apache