How to password protect your Apache webpages

There are times where you may require your webpages to be password protected.

To achieve this within Apache the usernames and passwords are stored within a flat file called htpasswd. This is then referenced within your Apache configuration.

Configure Apache

Within your .htaccess file configure the following.

AuthType Basic
AuthName "restricted area"
AuthUserFile /var/www/html/website/.htpasswd
require valid-user

Create htpasswd

Next we create the htpasswd file and create a user named support.

[root@server /]# cd /var/www/html/website/
[root@server website]# htpasswd -c .htpasswd support
New password:
Re-type new password:
Adding password for user support

Create additional User

An additional user is then created named bob.

[root@server website]# htpasswd  .htpasswd bob
New password:
Re-type new password:
Adding password for user bob

Restart Apache

Finally Apache is restarted and you can then log into your webpage and confirm password authentication is working.

systemctl restart httpd

Tags: Apache, CentOS

About the Author


R Donato

Ricky Donato is the Founder and Chief Editor of He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Ricky on Twitter @f3lix001