How to Set Up Password Authentication with Apache


In this tutorial we are going to explain how to set up password authentication with Apache on Linux VPS server.

  • To install the apache utilities package.

Our initial step will be to introduce the apache utilities packages as we will require the utility htpasswd apache. It is a piece of the apache2-utils package.

sudo apt-get update

sudo apt-get install apache2-utils

Above commands with install the apache2-utils package.

  • To create the password file.

Since we have installed the apache2-utils bundle we can access the htpasswd command and utilize it to make a password  document. The password document will be of htpasswd file format.

All things considered, now, how to utilize htpasswd ?

Here's how:

When we utilize the htpasswd for very first time we have to add -c. The -c is included so that that we can make the specified file.

To make another section inside the specified file we need to specify the username toward the finish of the command. In this tutorial, the username is john'.

sudo htpasswd -c /etc/apache2/.htpasswd john

At the point when the above executed is executed, you will be needed to put a password and afterward enter it again to affirm it.

Now, create another user this time you do not have use -, as we are just going to make another entry i.e user and not another password record.

The another username is michael.

sudo htpasswd /etc/apache2/.htpasswd michael

To see the encrypted password with it's username you should utilize the underneath command:

cat /etc/apache2/.htpasswd

It will show every one of the passages in the predetermined document alongside their encrypted passwords.




  • To configure apache for password authentication.

Now we have created a password file that apache web server can read.

On next step what we have to do is verify that apache web server on your linux VPS server really confirms this password file before it gives clients access to the restricted substance.

So we fundamentally need to apache apache to get that going.

This is be accomplished in 2 different ways.

You can select either one of them relied on your requirements i.e

You can design it for password  verification specifically by adding few lines to the virtual host or you can include .htcacess records in the directories where you have to limit access.

1) To arrange get to control in the virtual host definition:

This is alternative, you need to alter the apache configuration and you can do that by adding password security to the virtual host record.

It will give you faster outcomes by overlooking the time taken for reading dispersed configuration documents.

sudo nano /etc/apache2/sites-enabled/000-default.conf

  • When you open the 000-defult.conf file it will look almost similar to this:

<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html . . . . . . ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>

  • You have to add a catalog block to the virtual host record. It is important to do this as confirmation is done on a for each catalog premise.

At the present time, what we will do is limit access to the whole root registry.

You can pick some other directory you need to confine access to.

<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined . . . .. . . <Directory "/var/www/html"> </Directory> . . .. . . . </VirtualHost>

  • Ensure that you don't set the authtype as none. You need to set apache authtype to Basic. It implies that you're setting up essential verification for root index.

In the event that you set AuthType to none it implies you are crippling verification, which is precisely the opposite we are doing.

Set an applicable Authname, as it will be shown when the client is requested the accreditations while they are attempting to get to the limited substance.

<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html . . . . .. . ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined <Directory "/var/www/html"> AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/apache2/.htpasswd Require valid-user </Directory> . . . . .. . </VirtualHost>

When you have refreshed the virtual host directory with the above information save the document and afterward close it.

Verify the configuration of the web server on Linux based VPS server with the command given below. It will provide you a Syntax Ok result in case everything is okay. Or else it will provide you details about the error of syntax.

sudo apache2ctl configtest

At present, you need to restart the web server. You can even check the status of the server to ensure that it's running.

sudo systemctl restart apache2 sudo systemctl status apache2

This is the way you setup password protection for chosen directory straight away via virtual host.

2) To configure access control with the .htaccess file:

This choice doesn’t provide you quick outputs by in case you are already working with .htaccess file it is good to opt this option.

sudo nano /etc/apache2/apache2.conf

We can empower password security by utilizing .htaccess file. For that, we need to open the apache2.conf record and change AllowOverride none to AllowOverride All.

This is completed to turn of the .htaccess process

. . . <Directory /var/www/> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory> . . .

Now we have to add the .htaccess file to the directory we want to restrict permission to. At present we are going to perform it for the root directory.

sudo nano /var/www/html/.htaccess

With the authtype essential htaccess will allow fundamental verification. The Authname will be shown when the client is requested his/her accreditations.

We need to mention the password  document we made as the AuthUserFile. Lastly, we require a substantial client to whom access will be conceded upon when he/she enters the legitimate accreditations.

AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/apache2/.htpasswd Require valid-user

In the wake of including the .htaccess record restart the web server of your Linux VPS server and check the status of your server with the accompanying commands.

sudo systemctl restart apache2 sudo systemctl status apache2

  • To verify password authentication.

Go to your web browser and endeavor to get to the confined content

In the event that you have taken after every one of the means, you will be requested your credentials i.e. the username along with password.

It may look similar to :

Now if you put the connect login details, you will be able to access the restricted content.

Be that as it may, on the off chance that you hit cancel or enter the wrong accreditations you will be directed to the accompanying website page.

If you are looking for best web server to host your website then You can choose our VPS server where it is highly secured with latest security features. Not only that with our VPS server you will be provided wtih root access to your server so with the help of that you can easily install, update, run and delete any files, data, software, etc. We also provide 99.9% server uptime with 24/7 customer support via phone, chat, email and ticket system.