Securing Apache Content with Basic Authentication

apache

 

1. Enable Modules
For this example, the auth_basic_module, authz_user_module, and authn_file_module modules will be required. These should already be enabled with the default installation, but just in case they are not, the following commands can be run.

# a2enmod auth_basic

# a2enmod authn_file

# a2enmod authz_user

2. Create Password File
A file has to be created that will store the credentials that will be used for authentication. In the example below, the file is being created in /etc/apache2/passwords for the users user1 and user2. The file can be created anywhere for any number of users.Β  The -c flag is only needed when the file is first being created.

# htpasswd -c /etc/apache2/passwords user1
New password: xxx
Re-type new password: xxx
Adding password for user user1

# htpasswd /etc/apache2/passwords user2
New password: xxx
Re-type new password: xxx
Adding password for user user2

3. Secure Content

The following configuration should be added to the VirtualHost for which the content is being secured. Any content under this directory should be secured for any user in the file created in the previous step.

<Directory /var/www/app>
AuthType Basic
AuthName “Secure Content”
AuthBasicProvider file
AuthUserFile /etc/apache2/passwords
Require valid-user
</Directory>

33 Comments