How to password protect your Apache webpages

There are times where you may require your webpages to be password protected.

To achieve this within Apache the usernames and passwords are stored within a flat file called htpasswd. This is then referenced within your Apache configuration.

Configure Apache

Within your .htaccess file configure the following.

AuthType Basic
AuthName "restricted area"
AuthUserFile /var/www/html/website/.htpasswd
require valid-user

Create htpasswd

Next we create the htpasswd file and create a user named support.

[root@server /]# cd /var/www/html/website/
[root@server website]# htpasswd -c .htpasswd support
New password: 
Re-type new password: 
Adding password for user support

Create additional User

An additional user is then created named bob.

[root@server website]# htpasswd  .htpasswd bob
New password: 
Re-type new password: 
Adding password for user bob

Restart Apache

Finally Apache is restarted and you can then log into your webpage and confirm password authentication is working.

systemctl restart httpd
Rick Donato

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial