Security is always the first priority for everyone and if you are maintaining the security of data then you have a great responsibility for you. If you are a webmaster and you want to limit access to a specific website to the limited person who has the login details only. Then this article will help you to How to Setup Basic Apache Authentication using Virtual Host.
For this article, you must have apache access with full privileges. If you are using shared hosting visit below link to configure the same using .htaccess.
Setup Basic Authentication in Apache using .htaccess File
Step 1 – Create Authentication File
Let’s start with creation of users in .htpasswd file. This file will contain user and password information either in plain text or md5 encrypted, which can access the website.
touch /etc/apache2/.htpasswd htpasswd -m /etc/apache2/.htpasswd myuser1
-c : is used only for first time when you create .htpasswd file. Do not use this if .htpasswd already exists else it will recreate file.-m : is used to save password in md5 format.
Let’s create another user using following command..
htpasswd -m /etc/apache2/.htpasswd myuser2
Step 2 – Setup Apache Basic Authentication
You have configured Apache basic authentication using .htaccess file or directly with the Apache Virtual host. In this tutorial, we will configure settings in the Apache virtual host. If you like using .htaccess follow this tutorial.
Let’s edit Apache virtual host configuration file in your favorite text editor. Then add the following configurations in the virtual host block.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | <VirtualHost *:80> ServerName example.com <Location /> Deny from all #Allow from 127.0.0.1 ##Set IP to allow access without password AuthUserFile /etc/apache2/.htpasswd AuthName "Restricted Area" AuthType Basic Satisfy Any require valid-user </Location> </VirtualHost> |
<Location /> : Part of website you want to restrict. / is for retrict full website or you can specify location like /admin or /demo etc.Deny from all : Restrict everyoneAuthUserFile : File where users login details are saved.AuthName : Message will be appeared on credentials window.AuthType : Type of authentication to be used. Read more.Satisfy : Interaction between host-level access control and user authentication. Read more.require : Selects which authenticated users can access restricted area on website. Read more
Restart Apache Service
After making any changes in the Apache configuration file (httpd.conf or apache2.conf), you need to restart the Apache web service.
For CentOS/RHEL 6/5 Users:
sudo service httpd restart
For CentOS/RHEL 8/7 Users:
sudo systemctl restart httpd.service
For Ubuntu/Debian Users:
sudo systemctl restart apache2