Last updated on September 21st, 2021 at 10:45 am
While running a website, it is always a good practice to prevent unauthorized user access to files, folders & directories that contain sensitive information. You can easily password protect directory in Apache, with just a few lines of configuration. Here’s how to password protect directory in Apache.
How to Password Protect Directory in Apache
Here are the steps to password protect directory in Apache.
1. Open Apache config file
Open Apache’s config file using a text editor like vi
---------------- On RedHat/CentOS based systems ---------------- # sudo vi /etc/httpd/conf/httpd.conf ---------------- On Debian/Ubuntu based systems ---------------- sudo vi /etc/apache2/sites-available/000-default.conf
2. Enable AllowOverride AuthConfig
Let’s say you want to password protect folder /var/www/html, that is, the main root folder. So add the following Directory directive to password protect directory in Apache.
On Apache 2.2 Version
<Directory /var/www/html> Options Indexes Includes FollowSymLinks MultiViews AllowOverride All Order allow,deny Allow from all </Directory>
On Apache 2.4 Version
<Directory /var/www/html> Options Indexes Includes FollowSymLinks MultiViews AllowOverride All Require all granted </Directory>
3. Restart Apache Web Server
Run the following command to restart your Apache web server
# sudo service httpd restart [On RedHat based systems] # sudo service apache2 restart [On Debian based systems]
Bonus Read: How to prevent image hotlinking in Apache
4. Create Username & Password
We use htpasswd command to create username and password.
# htpasswd -c /file-location/filename username
the -c command tells htpasswd to create a new file with name ‘filename’ and store the user credentials in it. After you run this command, you will be asked to enter the password twice for your user ‘username’
If you want to add another user, you can run the same command again with a different username, and without the ‘-c’ option.
Make sure you keep this file in a separate directory from your website, so that it is not accessible from outside.
5. Update file permissions
Next, we need to ensure that Apache can read this file
---------------- On RedHat/CentOS based systems ---------------- # chown apache: /file-location/filename # chmod 640 /file-location/filename ---------------- On Debian/Ubuntu based systems ---------------- # sudo chown www-data /file-location/filename # sudo chmod 640 /file-location/filename
Now our username & password are ready.
Bonus read: How To Increase File Upload Size Limit In Apache
6. Create .htaccess file
Next, we need to tell Apache to request username & password, when a user accesses your website. For that purpose, create a .htaccess file in your website’s root folder /var/www/html
# sudo vi /var/www/html/.htaccess
Add the following lines in it
AuthType Basic AuthName "Restricted Access" AuthUserFile /file-location/filename Require user username
If you want to password protect folder that is different from /var/www/html, you can create this .htaccess in that folder.
7. Restart Apache web server
Run the following command to restart your Apache web server
# sudo service httpd restart [On RedHat based systems] # sudo service apache2 restart [On Debian based systems]
That’s it! Now you know how to password protect directory in Apache. When you access your website on your browser (e.g http://your-ip-or-domain) it will ask you for username & password.
Similarly, you can password protect other folders in Apache by moving the .htaccess file to the folder you want to protect.
By the way, if you want to create charts & dashboards to monitor your business or website, you can try Ubiq. We offer a 14-day free trial.
Sreeram Sreenivasan is the Founder of Ubiq. He has helped many Fortune 500 companies in the areas of BI & software development.