Authentication in Apache


Vinh Nguyen


December 22, 2010

I wanted to restrict access to a directory on my web server. It's quite easy by adding an Authentication directive in the site's configuration file (in /etc/apache2/sites-available/; preferred) or in a .htaccess file in the directory itself.

Create the user and password:

htpasswd -c /path/to/my/specified/password/file ## place file to a place that is not accessible on the web, maybe where htdocs is located.
## enter password

In the site's configuration file, add a directory directive and add in Authentication. It should look something like:

AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile /path/to/my/specified/password/file
Require user

For many people, I can use groups.

Pretty easy. Note that the user will be able to access that directory from the browser until the browser is closed.