Differences

This shows you the differences between two versions of the page.

--- apache:basic_authentication [2020/07/15 09:30] – external edit 127.0.0.1
+++ apache:basic_authentication [2023/07/17 08:45] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== Apache - Basic Authentication ======
-To restrict access to certain HTTP resources, we need to create two files: .htaccess and .htpasswd (or equivalent per httpd.conf setting).
-===== Configure Apache to allow .htaccess authentication. =====
-By default Apache does not allow the use of .htaccess files.  You will need to set up Apache to allow .htaccess based authentication.
-You can do this by editing the Apache config file:
-<code bash>
-sudo vi /etc/httpd/conf/httpd.conf
-</code>
-Find the section that begins with **<Directory "/var/www/html">**.  Change the line from **AllowOverride none** to **AllowOverride AuthConfig**.
-<file apache /etc/httpd/conf/httpd.conf>
-AllowOverride AuthConfig
-</file>
-Save and close the file.
-===== Create a password file with htpasswd =====
-The **htpasswd** command is used to create and update the files used to store usernames and password for basic authentication of Apache users.  We will create a hidden file .htpasswd in the /etc/httpd/ configuration directory.
-Let's begin by creating a .htpasswd file for user1.
-<code bash>
-sudo htpasswd -c /etc/httpd/.htpasswd user1
-</code>
-You will be asked to supply and confirm a password for user1.
-<WRAP warning>
-**WARNING**: Only use **-c** the first time you create the file.  Do not use **-c** when you add a user in the future.
-</WRAP>
-Let's create another user named user2:
-<code bash>
-sudo htpasswd  /etc/httpd/.htpasswd user2
-</code>
-After creating user2, you can see the username and the encrypted password for each record:
-<code bash>
-sudo cat /etc/httpd/.htpasswd
-</code>
-The output will look something like this:
-<code>
-user1:$apr1$0r/2zNGG$jopiWY3DEJd2FvZxTnugJ/
-user2:$apr1$07FYIyjx$7Zy1qcBd.B8cKqu0wN/MH1
-</code>
-Now, you need to allow the apache user to read the .htpasswd file.
-<code bash>
-sudo chown apache:apache /etc/httpd/.htpasswd
-sudo chmod 0660 /etc/httpd/.htpasswd
-</code>
-===== Configure Apache password authentication =====
-Now you need to create a .htaccess file in the web directory you wish to restrict.
-For this example, we will create the .htaccess file in the /var/www/html/ directory to restrict the entire document root.
-<code bash>
-sudo vi /var/www/html/.htaccess
-</code>
-Add the following content:
-<file apache /var/www/html/.htaccess>
-AuthType Basic
-AuthName "Restricted Content"
-AuthUserFile /etc/httpd/.htpasswd
-Require valid-user
-</file>
-Save and close the file, then restart Apache to make these changes take effect.
-<code bash>
-sudo apachectl restart
-</code>
-===== Testing password authentication =====
-After everything has been set up, it's time to test your Apache server.
-From your desktop computer, try to access your restricted content in a web browser by visiting your URL or static IP address.
-You will be prompted with a username and password to access the website.
-If you enter the correct credentials, you will be allowed to access the content.
-If you enter the wrong credentials or hit "Cancel" you will see the "Unauthorized" error page:
-Your website is now secure with password authentication.  Remember that password protection should be combined with SSL, so that your credentials are not sent to the server in plain text.
-===== References =====
-http://www.webtrafficexchange.com/how-create-htpasswd-file-encrypted-password