Password protect web directory running on Apache

1. Enable the AllowOverride to ALL for the website root directory (DocumentRoot) so the .htaccess file can override the parent configuration.

<Directory "/path/to/website/root/directory">
AllowOverride All

2. Go to the website root directory and run the htpasswd as shown below to createt he .htpasswd file. When you enter the htpasswd commands below, it will ask you to enter a password and whatever you entered will be the password corresponding to the user john and doe accordingly.

cd /path/to/website/root/directory
htpasswd -c .htpasswd john
htpasswd .htpasswd doe

3. Go to the website root directory to create a file named .htaccess and put this in the file

AuthType Basic
AuthName "restricted area"
AuthUserFile /path/to/website/root/directory/.htpasswd

4. Restart apache

sudo service apache2 restart #ubuntu
sudo /usr/sbin/apachetcl restart #mac os

Note, the .htpasswd doesn’t have to be placed in the website root folder, it can be created and placed in other directories where the apache has the read access to it, just have to make sure the AuthUserFile has the correct path to the .htpasswd file. Step 1 and step 3 can be done in the httpd.conf or virtual config file.

Search within Codexpedia

Custom Search

Search the entire web

Custom Search