Adding htaccess Password to Web Pages

Make sure that the Apache option AccessFileName has a value set, eith in the glabal configuration file, or in the config file for your virtual host.

/etc/apache2/apache.conf
/ect/apache2/sites-available/virtual-host

The name of the file which will be read in as the web server traverses the file directory tree.

AccessFileName .htaccess

To activate the password request edit your virtual host file adding the lines or lines similar to those below. The Text for AuthName can be anything you line. It is displayed in the dialog which will request the User name and password. Try it and see.

/etc/apache2/sites-available/virtual-host
AuthType Basic  
AuthName "Enter your User name and password"  
AuthUserFile /etc/apache2/.htpassword
require valid-user

To add a user and password to the .htpassword file or whatever you decided to call it. Run the command below once for each user.

htpasswd /etc/apache2/.htpassword USERNAME

We needto protect the password from prying eyes, change the owner and group to be root and www-data and then set the access to be as shown below.

chown root:www-data /etc/apache2/.htpassword
chown 640 /etc/apache2/.htpassword

The help output from the htpasswd command.

Usage:
	htpasswd [-cmdpsD] passwordfile username
	htpasswd -b[cmdpsD] passwordfile username password
 
	htpasswd -n[mdps] username
	htpasswd -nb[mdps] username password
 -c  Create a new file.
 -n  Don't update file; display results on stdout.
 -m  Force MD5 encryption of the password (default).
 -d  Force CRYPT encryption of the password.
 -p  Do not encrypt the password (plaintext).
 -s  Force SHA encryption of the password.
 -b  Use the password from the command line rather than prompting for it.
 -D  Delete the specified user.

Do not forget to restart the Apache server to take the new settings into use.

sudo service apache2 restart

Leave a Reply

Your email address will not be published. Required fields are marked *