How to Setup Password Authentication with Apache in Ubuntu

To Setup Password Authentication with Apache in Ubuntu

Apache is a popular web server that hides the websites private information from unauthorized users. It provides easiest way to secure your site with free trusted certificates. This article shows how to setup password authentication with Apache in Ubuntu.


Installation of Apache

Utilize the following command to install Apache package.

root@linuxhelp1:~# apt-get install apache2 apache2-utils -y
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  apache2-bin apache2-data libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.1-0
Suggested packages:
  apache2-doc apache2-suexec-pristine | apache2-suexec-custom
The following NEW packages will be installed:
  apache2 apache2-bin apache2-data apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.1-0
0 upgraded, 9 newly installed, 0 to remove and 421 not upgraded.
Need to get 1,537 kB of archives.
After this operation, 6,350 kB of additional disk space will be used.
Get:1 http://in.archive.ubuntu.com/ubuntu xenial/main amd64 libapr1 amd64 1.5.2-3 [86.0 kB]
Get:2 http://in.archive.ubuntu.com/ubuntu xenial/main amd64 libaprutil1 amd64 1.5.4-1build1 [77.1 kB]
Get:3 http://in.archive.ubuntu.com/ubuntu xenial/main amd64 libaprutil1-dbd-sqlite3 amd64 1.5.4-1build1 [10.6 kB]
Get:4 http://in.archive.ubuntu.com/ubuntu xenial/main amd64 libaprutil1-ldap amd64 1.5.4-1build1 [8,720 B]
Get:5 http://in.archive.ubuntu.com/ubuntu xenial/main amd64 liblua5.1-0 amd64 5.1.5-8ubuntu1 [102 kB]
Get:6 http://in.archive.ubuntu.com/ubuntu xenial-updates/main amd64 apache2-bin amd64 2.4.18-2ubuntu3.1 [923 kB]
Get:7 http://in.archive.ubuntu.com/ubuntu xenial-updates/main amd64 apache2-utils amd64 2.4.18-2ubuntu3.1 [81.3 kB]                 
Get:8 http://in.archive.ubuntu.com/ubuntu xenial-updates/main amd64 apache2-data all 2.4.18-2ubuntu3.1 [162 kB]                     
Get:9 http://in.archive.ubuntu.com/ubuntu xenial-updates/main amd64 apache2 amd64 2.4.18-2ubuntu3.1 [86.7 kB]                       
Fetched 1,537 kB in 29s (51.3 kB/s)                                                                                                 
Selecting previously unselected package libapr1:amd64.
(Reading database ... 173836 files and directories currently installed.)
.
.
.
Enabling conf localized-error-pages.
Enabling conf other-vhosts-access-log.
Enabling conf security.
Enabling conf serve-cgi-bin.
Enabling site 000-default.
Processing triggers for libc-bin (2.23-0ubuntu3) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for systemd (229-4ubuntu4) ...
Processing triggers for ufw (0.35-0ubuntu2) ...


To create password file

The ' htpasswd' command allows you to create a password file. Here we will creating a hidden file .htpasswd within our /etc/apache2 configuration directory.

root@linuxhelp1:~# htpasswd -c /etc/apache2/.htpasswd user1
New password:
Re-type new password:
Adding password for user user1
root@linuxhelp1:~# htpasswd -c /etc/apache2/.htpasswd user2
New password:
Re-type new password:
Adding password for user user2

You can view the username and the encrypted password for each user.

root@linuxhelp1:~# cat /etc/apache2/.htpasswd
user1:$apr1$d/XhO7Ko$/nyf1UGdWfaA0rQ17VVAT/

Now its time to configure Apache password authentication.

root@linuxhelp1:~# nano /etc/apache2/sites-enabled/000-default.conf

< Directory " /var/www/html" > 
      AuthType Basic
      AuthName " Restricted Content" 
      AuthUserFile /etc/apache2/.htpasswd
      Require valid-user

Save and exit the file.

Check the configuration, before restart it.

root@linuxhelp1:~# apache2ctl configtest
Syntax OK

Restart the Apache to take effect and check the status.

root@linuxhelp1:~# systemctl restart apache2
root@linuxhelp1:~# systemctl status apache2
 apache2.service - LSB: Apache2 web server
   Loaded: loaded (/etc/init.d/apache2  bad  vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
           ??apache2-systemd.conf
   Active: active (running) since Fri 2016-11-18 17:39:43 IST  18s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 4476 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
  Process: 4501 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)
    Tasks: 55 (limit: 512)
   CGroup: /system.slice/apache2.service
           ??4518 /usr/sbin/apache2 -k start
           ??4521 /usr/sbin/apache2 -k start
           ??4522 /usr/sbin/apache2 -k start

Nov 18 17:39:42 linuxhelp1 systemd[1]: Starting LSB: Apache2 web server...
Nov 18 17:39:42 linuxhelp1 apache2[4501]:  * Starting Apache httpd web server apache2
Nov 18 17:39:43 linuxhelp1 apache2[4501]:  *
Nov 18 17:39:43 linuxhelp1 systemd[1]: Started LSB: Apache2 web server.

Utilize the following command for access control with the .htaccess Files.

root@linuxhelp1:~# nano /etc/apache2/apache2.conf

  Options Indexes FollowSymLinks
  AllowOverride All
  Require all granted

Save and exit the file.

Here you need to add .htaccess file to the directory to restrict the entire document root.

root@linuxhelp1:~# nano /var/www/html/.htaccess

AuthType Basic
AuthName " Restricted Content" 
AuthUserFile /etc/apache2/.htpasswd
Require valid-user

Save and close the file.

Restart the web server to take effect and check the status for verification.

root@linuxhelp1:~# systemctl restart apache2
root@linuxhelp1:~# systemctl status apache2
 apache2.service - LSB: Apache2 web server
   Loaded: loaded (/etc/init.d/apache2  bad  vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
           ??apache2-systemd.conf
   Active: active (running) since Fri 2016-11-18 17:43:58 IST  17s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 4630 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
  Process: 4655 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)
    Tasks: 55 (limit: 512)
   CGroup: /system.slice/apache2.service
           ??4672 /usr/sbin/apache2 -k start
           ??4675 /usr/sbin/apache2 -k start
           ??4676 /usr/sbin/apache2 -k start

Nov 18 17:43:57 linuxhelp1 systemd[1]: Starting LSB: Apache2 web server...
Nov 18 17:43:57 linuxhelp1 apache2[4655]:  * Starting Apache httpd web server apache2
Nov 18 17:43:58 linuxhelp1 apache2[4655]:  *
Nov 18 17:43:58 linuxhelp1 systemd[1]: Started LSB: Apache2 web server.

Once the above process is completed, lets try to access the restricted content in a web browser as shown below,

Enter the following credentials.

Apache default page appears.

Again enter the same IP address.

If you are not giving the respective credentials, then it will display the output as shown below,

Tag : Apache password command Web Server
Comment
raghu
Sep 24 2018
Hi, I follow the same procedure but not getting the success of doing password protected. Can you please help is this any another procedure to do that.
Add a comment
FAQ
Q
Where are these password files getting located?
A
Specify "AuthUserFile" in apache configuration file in which mention the file path for getting the .htpassword location.
Q
What are the types of authentication available in apache web server?
A
There are two types of authentication available in Apache
Basic Authentication
Digest Authentication
Q
What command is used to create the password for that user?
A
This Command is as below:-

#htpasswd -c -m /etc/httpd/conf/.htpassword test.
Q
How do I do basic authentication using .htaccess and .htpasswd?
A
For creating Basic authentication,
htpasswd -c directory path.
Q
Is it mandatory to restart apache web server after setting up basic authentication?
A
Of course, you need to restart apache web server to make your basic authentication into effect.