How to secure site with htpassword using Apache
configuration instead of through external .htaccess file
It's actually very easy in order to enable this authentication via
your website VirtualHost find the;
<Directory /var/www/yourwebsite>
....
</Directory>
Substitute the /var/www/yourwebsite with your correct
website location in between the opening and closing Directory
apache directive place something similar to the following
lines:
AllowOverride All
AuthName "Add your login message here."
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
AuthGroupFile /dev/null
require user name-of-user
Eventually your Directory directive in your let's say
/etc/apache2/apache2.conf should look something like the
example in below
<Directory /var/www/yourwebsite>
AllowOverride All
AuthName "Add your login message here."
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
AuthGroupFile /dev/null
require user name-of-user
</Directory>
Of course in this example you need to set the name-of-user
to an actual user name let's say you want your login user to be
admin, then substitute the name-of-user with
admin
Of course set the desirable location for your .htpasswd in
the AuthUserFile. Just in case if you decide to keep the same
location as in my example you will further need to create the
/etc/apache2/.htpasswd file.
Note here that in the above exapmle the AllowOverride All
could also be substituted for AllowOverride AuthConfig , you
might need to put this one if you don't want that all .htaccess
directives are recognized by Apache.
To create the .htpasswd issue the command:
debian~:# htpasswd -c /etc/apache2/.htpasswd admin
New password:
Re-type new password:
In the passwords prompts just type in your password of choice. Now
we're almost ready to have the website apache authentication
working, only thing left is to reastart Apache.
I'm using Debian so restarting my apache is done via:
debian:~# /etc/init.d/apache2 restart
In other Linux distributions exec the respective script for Apache
restart.
Now access your website and the password protection dialog asking
for your credentials to login should
popup.