How to Password Protect Directory in Apache

While running a website, it is always a good practice to prevent unauthorized user access to files, folders & directories that contain sensitive information. You can easily password protect directory in Apache, with just a few lines of configuration. Here’s how to password protect directory in Apache.

 

How to Password Protect Directory in Apache

Here are the steps to password protect directory in Apache.

 

1. Open Apache config file

Open Apache’s config file using a text editor like vi

---------------- On RedHat/CentOS based systems ----------------
# sudo vi /etc/httpd/conf/httpd.conf

---------------- On Debian/Ubuntu based systems ----------------
sudo vi /etc/apache2/sites-available/000-default.conf

 

2. Enable AllowOverride AuthConfig

Let’s say you want to password protect folder /var/www/html, that is, the main root folder. So add the following Directory directive to password protect directory in Apache.

On Apache 2.2 Version

<Directory /var/www/html> 
Options Indexes Includes FollowSymLinks MultiViews 
AllowOverride All
Order allow,deny
Allow from all 
</Directory>

On Apache 2.4 Version

<Directory /var/www/html> 
Options Indexes Includes FollowSymLinks MultiViews 
AllowOverride All 
Require all granted 
</Directory>

 

3. Restart Apache Web Server

Run the following command to restart your Apache web server

# sudo service httpd restart           [On RedHat based systems]
# sudo service apache2 restart         [On Debian based systems]

 

Bonus Read: How to prevent image hotlinking in Apache

 

4. Create Username & Password

We use htpasswd command to create username and password.

# htpasswd -c /file-location/filename username

the -c command tells htpasswd to create a new file with name ‘filename’ and store the user credentials in it. After you run this command, you will be asked to enter the password twice for your user ‘username’

If you want to add another user, you can run the same command again with a different username, and without the ‘-c’ option.

Make sure you keep this file in a separate directory from your website, so that it is not accessible from outside.

 

5. Update file permissions

Next, we need to ensure that Apache can read this file

---------------- On RedHat/CentOS based systems ----------------
# chown apache: /file-location/filename
# chmod 640 /file-location/filename
---------------- On Debian/Ubuntu based systems ----------------
# sudo chown www-data /file-location/filename
# sudo chmod 640 /file-location/filename

Now our username & password are ready.

 

Bonus read: How To Increase File Upload Size Limit In Apache

 

6. Create .htaccess file

Next, we need to tell Apache to request username & password, when a user accesses your website. For that purpose, create a .htaccess file in your website’s root folder /var/www/html

# sudo vi /var/www/html/.htaccess

Add the following lines in it

AuthType Basic
AuthName "Restricted Access"
AuthUserFile /file-location/filename
Require user username

If you want to password protect folder that is different from /var/www/html, you can create this .htaccess in that folder.

 

7. Restart Apache web server

Run the following command to restart your Apache web server

# sudo service httpd restart           [On RedHat based systems]
# sudo service apache2 restart         [On Debian based systems]

 

That’s it! Now you know how to password protect directory in Apache. When you access your website on your browser (e.g http://your-ip-or-domain) it will ask you for username & password.

how to password protect directory in apache

 

Similarly, you can password protect other folders in Apache by moving the .htaccess file to the folder you want to protect.

By the way, if you want to create charts & dashboards to monitor your business or website, you can try Ubiq. We offer a 14-day free trial.

mm

About Ubiq

Ubiq is a powerful dashboard & reporting platform for small & medium businesses. Build dashboards, charts & reports for your business in minutes. Get insights from data quickly. Try it for free today!