How to password protect Apache directory for unwanted users using a htaccess file on a Linux Server

by MMNCS on April 9th, 2011, updated August 17, 2011

This guide shows how to password protect an Apache directory from unwanted users using a htaccess file on a Linux Server.

Create directory outside apache document root, so that only Apache can access password file. The password-file should be placed somewhere not accessible from the web. This is so that people cannot download the password file:

# mkdir -p /home/secure/

Add new user called user_1

# htpasswd -c /home/secure/.htpass user_1

Make sure /home/secure/.htpass file is readable by Apache web server. If Apache cannot read your password file, it will not authenticate you. You need to setup a correct permission using chown command. Usually apache use www-data user. Use the following command to find out Apache username. If you are using Debian Linux use pache2.conf, type the following command:

# grep -e ‘^User’ /etc/apache2/apache2.conf

Output:

www-data

Now allow apache user www-data to read our password file:

# chown www-data:www-data /home/secure/.htpass

# chmod 0660 /home/secure/.htpass

If you are using RedHat and Fedora core, type the following commands :

# grep -e ‘^User’ /etc/httpd/conf/httpd.conf

Output:

apache

Now allow apache user apache to read our password file:

# chown apache:apache /home/secure/.htpass

# chmod 0660 /home/secure/.htpass

Now our user user_1 is added but you need to configure the Apache web server to request a password and tell the server which users are allowed access. Let us assume you have directory called /var/www/site and you would like to protect it with a password.

Create the directory you what to protect /var/www/site if it does not exist:

# mkdir -p /var/www/site/user_1

Create .htaccess file using text editor:

# nano /var/www/site/user_1/.htaccess

Add following text:

AuthType Basic

AuthName “Restricted Access”

AuthUserFile /home/secure/.htpass

Require user user_1

Congrats! You can now test your site.

support and subscribe to the site

Follow @mmncs

Posted in Access Control, Apache Web Server, Hosting, Security, Server, Ubuntu

Tags: 2011, Apache Web Server, Guide, How to password protect apache directory apache, Linux Server Setup, Online Learning, Server Setup Debian Distributions, Setup, Tutorial

Comments

You can leave a response, or trackback from your own site.

22-4-2011
Gaige
Terrific, that’s definitely what I was shooting for! Your article just saved me alot of looking around
I’ll make certain to put this in good use!
Reply
24-4-2011
Loyd Wallett
Valuable information and excellent website you got here! I would like to thank you for sharing your thoughts and time into the stuff you post!! Thumbs up
Reply
24-4-2011
Madaline Safko
Stumbled into this site not later than chance but I’m unwavering inclined I clicked on that link. You unequivocally answered all the questions I’ve been on one’s deathbed to rejoinder concerning some time now. Will unquestionably up with underwrite for more of this. Acknowledgement you so much
Reply
25-4-2011
Ellie Lema
Valuable information and excellent website you got here! I would like to thank you for sharing your thoughts and time into the stuff you post!! Thumbs up
Reply
7-5-2011
Darrick Brew
Nice Blog
Reply

Trackbacks & pingbacks

10-7-2011
How to protect Apache against DOS,DDOS or brute force attacks using mod_evasive and mod_security and mod_qos on Linux Ubuntu 11.04 | MMNCS says: [...] See also: How to password protect Apache directory for unwanted users using a htaccess file on a Linux Server [...]
26-10-2011
How to protect Apache against DOS,DDOS or brute force attacks using mod_evasive and mod_security and mod_qos on Linux Ubuntu 11.04 - Prigad says: [...] See also: How to password protect Apache directory for unwanted users using a htaccess file on a Linux Server [...]