In the previous post, we have explained the basic Apache configuration in Linux. The default web configuration everyone to access web content over the HTTP protocol. By somehow reasons, it may be required that the web content should be protected with a password. If you need that anyone who wants to access restricted content should only get after supplying a valid username and password, you will need to setup password authentication with Apache. In this tutorial, we are going to explain how to setup password authentication with Apache. We are using Ubuntu 17.04 system, for other Linux variant you may need to adjust some commands. However, the basic configuration steps and concept would remain almost same for all the Linux-based Apache configuration.
Recommended articles:
- Setting up ssh key-based authentication
- Configuring NFS in Ubuntu Linux
- Configuring Samba in Ubuntu 17.04
We assume that you have an already configured Apache server with basic settings. If not, refer this article to configure the Apache server first.
In order to setup password authentication with Apache, you will be required to follow the following instructions:
1.Installing Apache Utility Packages
Run the following command to install the apache-utils package require to setup password authentication for Apache web server.
sudo apt install apache2-utils
2.Creating a User For Apache Authentication
Now, you need to create a user that will be used by end-users to get authenticated and access the restricted web content. In the below example, we are creating a user named protech.
sudo htpasswd -c /etc/apache2/.htpasswd protech
Note: Use -c only when you execute this command first time. For adding the additional users, use the htpasswd command without -c.
Use the following command to verify that user is added.
cat /etc/apache2/.htpasswd
Add additional users as per your requirements.
3.Configuring Password Authentication With Apache
Adjust the apache configuration options to serve the protected web content with username and password authentication. You can setup password authentication with Apache server using any of the following two methods:
- Using the apache configuration file
- Using the .htaccess file
3.1 Setting Up Password Authentication With Apache Configuration File
In order to protect the web content using the username and password, you need to modify the /etc/apache2/sites-enabled/000-default.conf file. In the below example, /var/www/html is the apache content directory that we want to protect and /etc/apache2/.htpasswd is the file which contains the users details.
Modify the 000-default.conf file and append the content shown in the white text box.
Now, restart the apache service and try to access the web server. You should be asked to enter the username and password to access protected web content. Use the user that you have added previously as shown in the following figure.
3.2 Setting Password Authentication Using .htaccess File.
If you are also interested in setting up password authentication with Apache using .htaccess file, follow the below instructions.
Edit the apache configuration file and replace the AllowOverride option from None to All under your web root directory. In our case, it is /var/www. The file should look like as follow.
Now, you need to create the .htaccess file under the directory that you want to restrict. In our case, it is /var/www/html. In the .htaccess file, you need to specify the authentication type such as Basic and the location of .htpasswd file that contains the users’ details. The .htaccess file should look like as follow.
Since we have already created a user in the .htpasswd file, let’s add one more user to test the .htaccess configuration. For this, execute the following command to add a user named gurus.
sudo htpasswd /etc/apache2/.htpasswd gurus
4. Restarting Apache Service
Next, restart the apache service and check the status to confirm that service is running properly.
sudo systemctl restart apache2 sudo systemctl status apache2
5. Testing Password Authentication With Apache
Open the web browser and try to access your website. You should be asked to enter username and password. If not asked, remove the browser history and reopen the browser. When prompted for authentication, use gurus user to authenticate yourself. You should be able to access protected web content. That’s all you need to setup password authentication with Apache web server.
In this tutorial, we have explained how to setup password authentication with Apache in Ubuntu. Hope, it helped you to configure Apache web server with password authentication. Write to us in the comment box if you face any issue while doing so.