{"id":1490,"date":"2018-11-23T13:37:32","date_gmt":"2018-11-23T10:37:32","guid":{"rendered":"http:\/\/kifarunix.com\/?p=1490"},"modified":"2024-03-11T21:31:02","modified_gmt":"2024-03-11T18:31:02","slug":"how-to-protect-apache-web-directories-with-password-on-ubuntu-18-04","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/how-to-protect-apache-web-directories-with-password-on-ubuntu-18-04\/","title":{"rendered":"How to Protect Apache Web Directories with Password on Ubuntu 18.04"},"content":{"rendered":"\n

Hello there. Welcome to our guide on how to protect Apache web directories with password on Ubuntu 18.04. This will enable you to restrict access to various sections of your web site. In this regard, Apache supports two contexts in which Authentication directives can be applied and these are; Directory<\/code> <\/strong>and htaccess<\/strong><\/code>.<\/p>\n\n\n\n

While the authentication directives can be used within <Directory><\/code><\/strong>, <Location><\/code><\/strong>, <Files><\/code><\/strong> and even <Proxy><\/code> <\/strong>blocks in the Apache configuration file, the htaccess<\/strong><\/code> context authentication directives can be used within .htaccess<\/strong><\/code> files.<\/p>\n\n\n\n

In this guide, we are going to learn how setup password Apache protected directories in both contexts.<\/p>\n\n\n\n

Well, before you can proceed, ensure that you have Apache HTTP server utility program installed in your server. This utility provides the htpasswd<\/code> command. To verify that this packages is already installed,run the command below;<\/p>\n\n\n\n

sudo dpkg -s apache2-utils | grep -i status\nStatus: install ok installed<\/pre>\n\n\n\n
If for some reasons it is not installed, you can just install it by running the following command;<\/p>\n\n\n\n
sudo apt install apache2-utils<\/pre>\n\n\n\n
Setting up Password Protected Directory using Directory Context<\/h3>\n\n\n\n
So to kick off with, let us assume that you want to password protect the web site root directory located at \/var\/www\/html\/example<\/code>.<\/p>\n\n\n\n
To proceed, you have to create a flat-file that is used to store usernames and password for basic authentication of HTTP users. The password file is generated using the htpasswd<\/code> utility and can be stored just about anywhere in your server. htpasswd<\/code> encrypts passwords using either bcrypt, a version of MD5 modified for Apache, SHA1, or the system’s crypt() routine.<\/p>\n\n\n\n
Create a Password File<\/h4>\n\n\n\n
To create a password file, run the command below.<\/p>\n\n\n\n
sudo htpasswd -c \/etc\/apache2\/.webroot amos<\/pre>\n\n\n\n
This will create a hidden flat-file called webroot<\/code> under \/etc\/apache2\/<\/code>. The -c<\/strong><\/code> tells htpasswd to create a password file. If the file already exists, it will be rewritten and truncated. Therefore, to add another user to the same file, run the same command without option -c<\/strong>. For example, to add user mibey,<\/p>\n\n\n\n
sudo htpasswd \/etc\/apache2\/.webroot mibey<\/pre>\n\n\n\n
You now have two users who can authenticate to the specific web root directories and whose passwords are hashed.<\/p>\n\n\n\n
sudo less \/etc\/apache2\/.webroot\namos:$apr1$FJuti2Ok$4apPG6wrlrhV0lexnRLoA1<\/strong>\nmibey:$apr1$Hqc217.G$d2rzs8d9SbzE1ap\/v7jbP\/<\/strong><\/pre>\n\n\n\n
Note that if htpasswd utility is not located in your PATH, you can find its location with which<\/code> command and specify the full path when running i.e \/full\/path\/to\/htpasswd<\/strong>.<\/p>\n\n\n\n
Ensure that Apache has access to the password file. Thus you can set ownership and permissions as follows.<\/p>\n\n\n\n
sudo chown www-data.www-data \/etc\/apache2\/.webroot\nsudo chmod 644 \/etc\/apache2\/.webroot<\/pre>\n\n\n\n
Protect Apache Directory<\/h4>\n\n\n\n
Now that we have generated the authentication details, you can now set the directory authentication directives within the main Apache config file or your virtual host config file as follows;<\/p>\n\n\n\n
vim \/etc\/apache2\/sites-available\/example.conf<\/pre>\n\n\n\n
<VirtualHost *:80>\n  # Admin email, Server Name (domain name) and any aliases\n  ServerAdmin webmaster@test.com\n  ServerName  example.com\n  ServerAlias www.example.com\n  \n  DirectoryIndex index.html\n  DocumentRoot \/var\/www\/html\n  # Custom log file locations\n  LogLevel warn\n  ErrorLog \/var\/log\/apache2\/error-example.com.log\n  CustomLog \/var\/log\/apache2\/access-example.com.log combined\n\n  <Directory \"\/var\/www\/html\/example\"><\/strong>\n    AuthType Basic<\/strong>\n    AuthName \"Authentication Required\"<\/strong>\n    AuthUserFile \"\/etc\/apache2\/.webroot\"<\/strong>\n    Require valid-user<\/strong>\n  <\/Directory><\/strong>\n<\/VirtualHost><\/pre>\n\n\n\n
The directives used above are;<\/p>\n\n\n\n
    \n
  • AuthType<\/strong><\/code> – Defines the type of authentication, basic in this example<\/li>\n\n\n\n
  • AuthName<\/code> <\/strong>– Defines the message displayed on the password prompt from the browser.<\/li>\n\n\n\n
  • AuthUserFile<\/strong><\/code> – Defines the location of the password file.<\/li>\n\n\n\n
  • Require<\/strong><\/code> – Specifies that only authenticates users are granted access.<\/li>\n<\/ul>\n\n\n\n
    Once you are done with the configuration, save the file and restart Apache.<\/p>\n\n\n\n
    sudo apachectl -t\nSyntax OK<\/pre>\n\n\n\n
    sudo systemctl restart apache2<\/pre>\n\n\n\n
    When you try to access your page on your browser, you should get a password prompt.<\/p>\n\n\n\n
    http:\/\/192.168.43.99\/example<\/pre>\n\n\n\n
    \"directory-htaccess\"<\/h3>\n\n\n\n
    When you enter your Password, you can be able to see your site contents.<\/p>\n\n\n\n
    \"directory-access\"<\/figure>\n\n\n\n
    Setting up Password Protected Directory using .htaccess File<\/h3>\n\n\n\n
    The .htaccess<\/code> files also known as distributed configuration files, provide a way to make configuration changes on a per-directory basis. If it is possible, do not use this file at all as it will slow down your Apache HTTP server.<\/p>\n\n\n\n
    To use htaccess<\/strong>, create .htaccess<\/strong> file in the directory whose access is to be protected with the following content.<\/p>\n\n\n\n
    sudo vim \/var\/www\/html\/example\/.htaccess\nsudo chown www-data.www-data \/var\/www\/html\/example\/.htaccess<\/pre>\n\n\n\n
     AuthType Basic<\/strong>\n AuthName \"Restricted Content\"<\/strong>\n AuthUserFile \"\/etc\/apache2\/.webroot\"<\/strong>\n Require valid-user<\/strong><\/pre>\n\n\n\n
    After that, edit the main Apache config file or your virtual host config file and create a <Directory> <\/strong>block with the following content;<\/p>\n\n\n\n
    vim \/etc\/apache2\/sites-available\/example.conf<\/pre>\n\n\n\n
    ...<\/strong>\n  ErrorLog \/var\/log\/apache2\/error-test.com.log\n  CustomLog \/var\/log\/apache2\/access-test.com.log combined\n  <Directory \"\/var\/www\/html\/example\"><\/strong>\n    Options Indexes FollowSymLinks<\/strong>\n    AllowOverride All<\/strong>\n    Require all granted<\/strong>\n  <\/Directory><\/strong>\n<\/VirtualHost><\/pre>\n\n\n\n
    Save and close the file when you are done making changes. After that, you need to restart you web server in order to effect the changes. When you navigate to the browser and try to access your site content, you should be prompted to authenticate.<\/p>\n\n\n\n
    \"Apache<\/figure>\n\n\n\n
    Well, that is all about how to password protect an Apache directory using basic authentication. We hope this was informative.<\/p>\n","protected":false},"excerpt":{"rendered":"
    Hello there. Welcome to our guide on how to protect Apache web directories with password on Ubuntu 18.04. This will enable you to restrict access<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,254,253],"tags":[255,257,256],"class_list":["post-1490","post","type-post","status-publish","format-standard","hentry","category-howtos","category-apache","category-web-servers","tag-apache2","tag-htaccess","tag-htpasswd","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/1490"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=1490"}],"version-history":[{"count":6,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/1490\/revisions"}],"predecessor-version":[{"id":21054,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/1490\/revisions\/21054"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=1490"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=1490"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=1490"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}