.htaccess Password Protection On Apache Virtual Host/Directory

By | September 11, 2009

Apache web server have a key security feature called .htaccess password. .htaccess password protection help us to secure our root directories on web servers. We all know our sites and web servers are exposed to the outer world. Unauthorized access of users to restricted areas will cause damage on our web server. It might also lead us to data loss. In order to prevent the unauthorized access to our data’s, we need to use security feature on Apache server. .htaccess password come into the role to implement the security. .htaccess can help us to configure the authentication mechanism on Apache web server. Users or group can only access the directory or website using their unique password.

Here i like to explain the implementation of .htaccess password on Apache virtual directory,

1. Enable the .htaccess feature on Apache httpd.conf

# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
<Directory />
Options FollowSymLinks
#AllowOverride None
AllowOverride All
</Directory>

2. Enter the Vhost entries on Apache

<VirtualHost 192.168.0.252:80>
ServerName   sarg.talk2melbin.com:80
ServerAlias  www.sarg.talk2melbin.com
ServerAdmin  "melbin@talk2mebin.com"
DocumentRoot /var/www/sarg/
</VirtualHost>

 In order to detect .htaccess form /var/www/html, we need to specify the
"AllowOverride All" directive inside <Directory "/var/www/html"> <Directory> tag.

3. Create a secure directory to store the .htaccess password’s

# mkdir /var/www/htpass

4. Generate the password, keep strong the password

Command will create new .htpasswd file and add user with MD5 encryption password

# htpasswd -cm /var/www/htpass/.htpasswd melbin
To add a second user.
# htpasswd -m /var/www/htpass/.htpasswd nobin

5. Write the .htaccess rule under root directory

# vi /var/www/sarg/.htaccess

Add the following lines into .htaccess file

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/www/htpass/.htpasswd
AuthGroupFile /dev/null
require valid-user

6. Run configuration checker to make ensure all apache edits are correct

#/etc/init.d/httpd configtest

Syntax OK

7.  Reload Apache

# /etc/init.d/httpd reload

Now our website url is protected by authentication. While browsing the domain url www.sarg.talk2melbin.com .httaccess prompt for user name and password. Only allowed users can access the url.

Cheers!
Melbin Mathew
www.talk2melbin.com

Melbin Mathew

I am Melbin Mathew, Systems Engineer from Kerala, India. I live with my parents, daughter and my wonderful wife. I graduated in 2004 with a bachelor’s degree in Electronics and Hardware from Mahatma Gandhi University, Kottayam and completed certification in MCITP, RHCE, CCNA, VCP ...Read More
Category: Linux

About Melbin Mathew

I am Melbin Mathew, Systems Engineer from Kerala, India. I live with my parents, daughter and my wonderful wife. I graduated in 2004 with a bachelor’s degree in Electronics and Hardware from Mahatma Gandhi University, Kottayam and completed certification in MCITP, RHCE, CCNA, VCP ...Read More

  • Tra Tran

    I had spent few days to look around the best solution for my needs; this is simplest instruction so far, and It works!!!