In this tutorial, we will learn how to password-protect website or content on an Apache web server running on Ubuntu and Debian based server.
Install Apache Utility Package
We will use a utility called htpasswd, part of the apache2-utils package, to create the file and manage the username and passwords needed to access restricted content.
Install Apache Utility Package
We will use a utility called htpasswd, part of the apache2-utils package, to create the file and manage the username and passwords needed to access restricted content.
# sudo apt-get update
# sudo apt-get install apache2-utils
|
Create Password File
We can use htpasswd to create a password file that Apache can use to authenticate users. We will create a hidden file for this purpose called .htpasswd within our /etc/apache2 configuration directory.
The first time we use this utility, we need to add the -c option to create the specified file. We specify a username (subhash) at the end of the command to create a new entry within the file.
# sudo htpasswd -c /etc/apache2/.htpasswd Subhash
|
Here it will be asked to password for the user.
Only use -c the first time you create the file. Do not use -c when you add a user in the future.
# sudo htpasswd /etc/apache2/.htpasswd Adam
|
If you want to view the contents of the file, you can see the username and the encrypted password for each record
# cat /etc/apache2/.htpasswd
|
Configuring Apache Password Authentication
Edit Apache virtual host file 000-default.conf
# sudo vim /etc/apache2/sites-enabled/000-default.conf
|
Add below code to a virtual host.
<Directory "/var/www/html">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
|
Save and close the file.
Restart Apache
# sudo systemctl restart apache2
|
Time to Test
To confirm that your website is protected, try to access your website in a web browser. You should be presented with a username and password prompt that looks like this.
If you enter the correct credentials, you will be allowed to access the website. If you enter the wrong credentials or hit "Cancel", you will see the "Unauthorized" error page.