Let us take a closer look at how to set up Apache htpasswd Authentication with the support of our Server Management Support services at Bobcares.

Install Apache2 utils on Ubuntu to set up Apache htpasswd Authentication

If apache2-utils is not already installed on the server, use the following instructions to install it. To see if it is already installed, use the command below.

$ sudo apt-get update
$ sudo apt-get install apache2-utils

The installation process is now complete. To save the user information, we must now construct the htpasswd file.

Create Apache htpasswd file to setup htpasswd Authentication

The htpasswd file is really named .htpasswd. We can alter the default name to anything we choose. The initial character of the filename, “.”, indicates that the file should be hidden in the list. To generate a blank .htpasswd file in Apache’s configuration directory, use the following command. We can keep it anywhere we choose, according to our needs.

$ sudo touch /etc/apache2/.htpasswd

We may now add new users to the.htpasswd file. The htpasswd command will be used for this operation.

It’s worth noting that we’re not restricted to just one htpasswd file. For various apps with different users, we may generate numerous htpasswd files in separate places.

htpasswd Add User

We only need to run a command, and the utility will take care of the rest. To add a new user to the htpasswd file, use the following command in the terminal.

$ sudo htpasswd /etc/apache2/.htpasswd USERNAME

We may change the text color of the command to orange. Simply provide the right htpasswd file location and the user we want to add to that htpasswd file.

It will prompt us for a new password twice. Enter a secure password. To add more users, we may use the same command.

Apache Htpasswd protection using VirtualHost

A virtual host is a file that instructs the web browser (Apache) to redirect a request based on the domain name to a certain document root. By inserting a few lines of code into our virtual host file, we may secure a single directory or an entire program. Execute the following command to open the virtual host file in edit mode.

$ sudo nano /etc/apache2/sites-available/000-default.conf

Here we’re modifying a standard Apache virtual host here. However, by altering the file name, we may open the one we wish to modify. Once in edit mode, add the colored code below to the file.


.
.
.
Directory /var/www/html/protected
AuthType Basic
AuthName "Protected"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
Directory
/VirtualHost

Replace the absolute path to the directory to be protected as well as the location of the htpasswd file. Once finished, use CTRL+X, then Y, then Enter to save the configuration file. To restart the Apache web server, use the following command.

$ sudo service apache2 restart

To apply the modifications, we must restart the Apache server. After then, try to visit the directory or website to secure it. An alert will appear, requesting the username and password. We may access the website/directory by entering the right login and password.

Apache Htpasswd protection using htaccess

We can also protect the contents by editing the.htaccess file on the server. It is a simple procedure, and we can also create .htaccess files within subdirectories. To secure a directory with simple authentication, we can build a new.htaccess file within that directory.

To open the.htaccess file in edit mode, use the following command. The command will create a new file if it does not already exist.

$ sudo nano /var/www/html/protected/.htaccess

Remember to change the path to the directory we wish to protect. Once in edit mode, paste the following code at the start of the file.

AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user

Once finished, use CTRL+X, then Y, then Enter to save the file. After that, open a browser and try to visit the protected directory or a website. Before the contents are shown in the browser, it will prompt us for our username and password.

[Need assistance with similar queries? We are here to help]

Conclusion

To sum up we have now learned how to set up Apache htpasswd Authentication. With the support of our Server management support services, we have gone through all of the steps to set up the extra security.