Whether your website is hosted on a private or shared server, you must protect your sensitive website data. Password authentication on Apache is a simple way to add an additional layer of security to your website. This article will walk you through the process of implementing password authentication using Apache on your Unix-like system, from generating a .htpasswd file to implementing an .htaccess file to protecting your server’s data. We have already made an article on Setting Up Apache Web Server on Ubuntu 22.04 If you are new to apache and want to know How to install apache on Ubuntu 22.04.
Pre-requisites
- You should have Apache installed and be familiar with basic server commands.
- It is necessary to understand how to navigate and operate the command-line interface (CLI). The majority of operations will require you to use your server’s CLI.
- The user performing these operations should have’sudo’ privileges to change configurations and restart services.
- You must understand Apache VirtualHost configuration.
Setting up the .htpasswd File
The first step is to create a .htpasswd file. This file will hold user credentials. This will be created using Apache is htpasswd utility. To keep this .htpasswd file secure, store it somewhere other than your document root.
The following command will create the file and a record for a user. It will also ask you to provide a password for the user.
htpasswd -c /etc/apache2/.htpasswd vishal
Here vishal is a username. When you enter this command, you will be immediately asked to enter your password. Please confirm by typing it again.
Setting up the .htaccess File
After you have created the .htpasswd file, you will need to create an .htaccess file. This file will be used to password-protect the directory you have chosen. As a result, place .htaccess within the folder you want to protect.
Here are the context to create a .htaccess file.
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-userAuthUserFile refers to the location of the .htpasswd file created in the previous step. The above lines of code must appear in the .htaccess file.
Enabling the .htaccess in Apache
Apache, by default, disables .htaccess files. To enable .htaccess, add the following line to your website’s VirtualHost entry in your Apache configuration file.
<Directory "/var/www/html">
AllowOverride All
</Directory>Change “/var/www/html” to the directory of your preference. Apache must be restarted following the addition of this line. Run below command to restart the Apache Server.
sudo systemctl restart apache2
You can now visit your website after restarting Apache. When you arrive, you will be immediately asked for your previously created username and password.
If your information is incorrectly entered, you will not be granted access. This security measure ensures that only authorized personnel have access to your sensitive information.
Conclusion
Password authentication is an effective method for securely storing website data. With an Apache server and two essential files, a .htpasswd and .htaccess, you can easily password-protect your desired page. Users must simply start Apache, enable .htaccess files in the VirtualHost configuration file, and create the required .htpasswd and .htaccess files to validate usernames and passwords. This guide provides a comprehensive approach to website security by carefully compiling instructions suitable for any user, regardless of skill level. Password authentication is an important component of your security toolkit for ensuring that only authorized users have access to your site.