1. Home
  2. How To
  3. Shared Hosting
  4. FTP / Web Publishing
  5. Configure Password-Protected Directories in Apache Using .htaccess File

Configure Password-Protected Directories in Apache Using .htaccess File

Objective

Set up a password-protected directory in an Apache server which requires the user to enter valid credentials to be able to access the contents.

Prerequisites

A web server running Apache.

Steps

Step 1: Configure httpd.conf/apache2.conf

Navigate to the httpd.conf (CentOS) or apache2.conf (Ubuntu) file with the following command and edit the file by using nano.

For CentOS:

nano /etc/apache2/httpd.conf

For Ubuntu:

sudo nano /etc/apache2/apache2.conf

Navigate to the security model configuration for the Apache server by pressing Ctrl + W and typing in “default security model” as the search term.

Add the following lines to the section beginning with <Directory /var/www/>

<Directory /var/www/>
    Options Indexes FollowSymLinks
    AllowOverride AuthConfig
    Order allow,deny
    Allow from all
</Directory>

Save the file and restart the Apache service using the following command.

For CentOS:

service httpd restart

For Ubuntu:

sudo service apache2 restart

Step 2: Create Password File Using htpasswd

You need to create a password file which will store the password of the directory. The file needs to be put in a directory that cannot be accessed from the web server, so outsiders would not be able to download it.

We recommend making a new directory under /home/<your_username>/. You can do it with the following command.

mkdir /home/<your_username>/secret

Next, specify a username and password to create the user credentials for directory access using the following command.

htpasswd -c /home/<your_username>/secret/password <your_username>

Upon entering the username, you will also be prompted to enter your password.

Step 3: Set Permissions for the Password File

Before using it, you need to configure permissions of the password file so that the Apache web server can read it.

Firstly, you need to find out the name of the Apache username, using the following command.

 ps aux | egrep '(apache|httpd)' 

The leftmost column signifies the username, any non-root username is the username for Apache.

In this case, it is www-data.

Next, give permissions for the Apache user www-data to read the password file, using the following commands.

chown www-data:www-data /home/<your_username>/secret/password
chmod 0660 /home/<your_username>/secret/password 

Step 4: Create .htaccess File

Navigate to /var/www/html and create the directory which you want to restrict access to.

Assume that the directory name is “secret”. Create the directory and navigate inside it using the following commands.

mkdir secret
cd secret

Next, create a file called .htaccess inside the directory, which will specify the access rights to it using the following command.

touch .htaccess

Then, add the following lines to the file.

AuthType Basic
AuthName "Restricted Access"
AuthUserFile /home/<your_username>/secret/password
Require valid-user

Step 5: Testing

Navigate to the secret directory on your webpage.

You will be prompted with a login form. This means that you have successfully configured a password-protected directory on Apache.

Updated on February 3, 2021

Was this article helpful?

Related Articles

Need Help?
Submit a ticket to us and let our professional team assists you

Support Billing Sales
Support
Billing
Sales