Wiki

User Tools

Site Tools

Trace:
apache:authentication:basic_authentication

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
apache:authentication:basic_authentication [2023/07/17 08:45] – created peterapache:authentication:basic_authentication [2023/07/17 08:54] (current) peter
Line 1: Line 1:
 ====== Apache - Authentication - Basic Authentication ====== ====== Apache - Authentication - Basic Authentication ======
  
 +To restrict access to certain HTTP resources, create two files: .htaccess and .htpasswd (or equivalent per httpd.conf setting). 
 +
 +----
 +
 +===== Configure Apache to allow .htaccess authentication. =====
 +
 +By default Apache does not allow the use of .htaccess files.
 +
 +  * Apache will need to be configured to allow **.htaccess** based authentication.
 +
 +Editing the Apache config file:
 +
 +<code bash>
 +sudo vi /etc/httpd/conf/httpd.conf
 +</code>
 +
 +Find the section that begins with **<Directory "/var/www/html">**.
 +
 +Change the line from **AllowOverride none** to **AllowOverride AuthConfig**.
 +
 +<file apache /etc/httpd/conf/httpd.conf>
 +AllowOverride AuthConfig
 +</file>
 +
 +Save and close the file.
 +
 +----
 +
 +===== Create a password file with htpasswd =====
 +
 +The **htpasswd** command is used to create and update the files used to store usernames and password for basic authentication of Apache users.
 +
 +  * A hidden file **.htpasswd** will need to be created in the /etc/httpd/ configuration directory.
 +
 +For example, create a .htpasswd file for user1.
 +
 +<code bash>
 +sudo htpasswd -c /etc/httpd/.htpasswd user1
 +</code>
 +
 +This will prompt to supply and confirm a password for user1.
 +
 +<WRAP warning>
 +**WARNING**: Only use **-c** the first time the file is created.
 +
 +  * Do not use **-c** when another user is added in the future.
 +
 +</WRAP>
 +
 +----
 +
 +Create another user named user2:
 +
 +<code bash>
 +sudo htpasswd /etc/httpd/.htpasswd user2
 +</code>
 +
 +----
 +
 +===== Display the username and encrypted password for each user =====
 +
 +<code bash>
 +sudo cat /etc/httpd/.htpasswd
 +</code>
 +
 +returns:
 +
 +<code>
 +user1:$apr1$0r/2zNGG$jopiWY3DEJd2FvZxTnugJ/
 +user2:$apr1$07FYIyjx$7Zy1qcBd.B8cKqu0wN/MH1
 +</code>
 +
 +----
 +
 +===== Allow Apache to read the .htpasswd file =====
 +
 +<code bash>
 +sudo chown apache:apache /etc/httpd/.htpasswd
 +sudo chmod 0660 /etc/httpd/.htpasswd
 +</code>
 +
 +----
 +
 +===== Configure Apache password authentication =====
 +
 +Create a **.htaccess** file in the web directory which is to be restricted.
 +
 +For example, create the .htaccess file in the /var/www/html/ directory to restrict the entire document root.
 +
 +<code bash>
 +sudo vi /var/www/html/.htaccess
 +</code>
 +
 +Add the following content:
 +
 +<file apache /var/www/html/.htaccess>
 +AuthType Basic
 +AuthName "Restricted Content"
 +AuthUserFile /etc/httpd/.htpasswd
 +Require valid-user
 +</file>
 +
 +Save and close the file, then restart Apache to make these changes take effect.
 +
 +<code bash>
 +sudo apachectl restart
 +</code>
 +
 +----
 +
 +===== Testing password authentication =====
 +
 +Try to access the restricted content in a web browser by visiting the URL or static IP address.
 +
 +This will prompt for a username and password to access the website.
 +
 +<WRAP info>
 +**NOTE:**  If the correct credentials are entered, the site will be accessible.
 +
 +  * If the wrong credentials or entered, or **Cancel** is pressed, this should show the **Unauthorized** error page.
 +
 +  * Password protection should be combined with SSL, so that the credentials are not sent to the server in plain text. 
 +
 +</WRAP>
 +
 +----
 +
 +===== References =====
 +
 +http://www.webtrafficexchange.com/how-create-htpasswd-file-encrypted-password
apache/authentication/basic_authentication.1689583512.txt.gz · Last modified: 2023/07/17 08:45 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki