How To Set Up Password Authentication With Apache on CentOS

Apache allows you to password protect directories, sub folders and even your entire website. This is useful in case you don’t want your website (or parts of it) to be accessed by unauthorized users. Let us take a look at how to set up password authentication with Apache on CentOS.

How To Set Up Password Authentication With Apache on CentOS

Before we proceed, please ensure that you have installed Apache on CentOS.

1. Enable .htaccess Authentication

By default, Apache doesn’t allow you to use .htaccess file. So we need to enable it. .htaccess allows you to change the Server configuration without accessing its config files.

To do this, open Apache’s config file (one time) in a text editor

$ sudo nano /etc/httpd/conf/httpd.conf

Look for the line <Directory “/var/www/html”> and change AllowOverride none to AllowOverride AuthConfig

Save and close the file

2. Create password file

Next, we create a password file using the htpasswd tool. It allows you to store usernames and encrypted passwords of users who have authorization.

For this, we will create a hidden file .htpasswd in /etc/httpd/ folder. You can name this file anything you want. Just make it hidden by adding a dot (.) in front of it.

Let’s create the file with user1 in it

$ sudo htpasswd -c /etc/httpd/.htpasswd user1

You will be asked to provide a password and confirm it.

Use ‘-c’ flag only the first time while creating the file. To add more users (e.g user2) don’t use it.

$ sudo htpasswd /etc/httpd/.htpasswd user2

After you have added all the required users, you can view the file

$ sudo cat /etc/httpd/.htpasswd

You’ll see a list of usernames and encrypted passwords

user1:$sahubekjeiuehfjkeEJenj3nrkrnugJ/
user2:$jk234bh3rbjhrbB8k3b3hb3bMH1

Next, change the ownership of this file to allow Apache to access it. Also, change its permission to make it secure.

$ sudo chown apache:apache /etc/httpd/.htpasswd
$ sudo chmod 0660 /etc/httpd/.htpasswd

3. Set up Password Authentication in Apache

Next, we create a .htaccess file in the directory that we want to password protect. If you want to restrict your entire website, place it at the website root folder (/var/www/html)

$ sudo nano /var/www/html/.htaccess

Add the following lines:

AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/httpd/.htpasswd
Require valid-user

Save and close the file. Restart Apache to apply changes

$ sudo apachectl restart

4. Test Password Authentication

To test the password authentication, simply open your web browser and go to your website (example.com). If it is on localhost, then go to http://192.168.0.1

You’ll see the following authentication form, which asks you for username and password

If you enter the right details, you’ll see the requested URL.

If you hit Cancel or provide incorrect details, then you’ll see the “Unauthorized” error message.

Congratulations! You have set up password authentication with Apache on CentOS.

• About Author

About Sreeram Sreenivasan

Sreeram Sreenivasan is the Founder of Ubiq, a business dashboard & reporting platform for small & medium businesses. Ubiq makes it easy to build business dashboards & reports for your business. Try it for free today!