Walking in Light With Christ - hip0's personal blog on System Administration, Free Software, Computer Security and Religion

How to secure site with htpassword using Apache configuration instead of through external .htaccess file

It's actually very easy in order to enable this authentication via your website VirtualHost find the;

<Directory /var/www/yourwebsite>
....
</Directory>


Substitute the /var/www/yourwebsite with your correct website location in between the opening and closing Directory apache directive place something similar to the following lines:

AllowOverride All
AuthName "Add your login message here."
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
AuthGroupFile /dev/null
require user name-of-user


Eventually your Directory directive in your let's say /etc/apache2/apache2.conf should look something like the example in below

<Directory /var/www/yourwebsite>
AllowOverride All
AuthName "Add your login message here."
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
AuthGroupFile /dev/null
require user name-of-user
</Directory>


Of course in this example you need to set the name-of-user to an actual user name let's say you want your login user to be admin, then substitute the name-of-user with admin

Of course set the desirable location for your .htpasswd in the AuthUserFile. Just in case if you decide to keep the same location as in my example you will further need to create the /etc/apache2/.htpasswd file.

Note here that in the above exapmle the AllowOverride All could also be substituted for AllowOverride AuthConfig , you might need to put this one if you don't want that all .htaccess directives are recognized by Apache.

To create the .htpasswd issue the command:

debian~:# htpasswd -c /etc/apache2/.htpasswd admin
New password:
Re-type new password:


In the passwords prompts just type in your password of choice. Now we're almost ready to have the website apache authentication working, only thing left is to reastart Apache.
I'm using Debian so restarting my apache is done via:

debian:~# /etc/init.d/apache2 restart


In other Linux distributions exec the respective script for Apache restart.

Now access your website and the password protection dialog asking for your credentials to login should popup.