Apache Password Protect

On 4 minutes, 24 seconds read By Edward

Password Protect Folder Using Apache

Web designers can utilize the Apache Web Server to protect web folders. Content can be protected by a password prompt.

Content will not be accessible when a web visitor enters the wrong credentials. A user name and password will be requested every time a new browser instance is used to visit the protected content.

This tutorial uses HTML and Apache as the HTTP Server.

    Tools are required:

  • Text editor.
  • Apache HTTP Server.
  • Apache Module mod_authn_file.
  • Browser to view output.

Optional Download and install Geany

Geany is required in order to follow this tutorial. For more information about Geany read Ojambo.com Lightweight Programming Editors.

Created Protected Folder

The “protected” folder will contain the protected content. One file called “index.html” will be created in the “protected” folder.

Index.html file

<!--
index.html

Copyright 2012 edward <http://ojambo.com>

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
MA 02110-1301, USA.
   
   
-->

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
	<title>Ojambo.com index.html</title>
	<meta http-equiv="content-type" content="text/html;charset=utf-8" />
</head>

<body>
	<p>This Content is Protected.</p>
</body>

</html>

The HTML file contains a single paragraph inside “p” tags. This information will only be displayed when the web visitor enters the correct credentials.

.htaccess file

AuthUserFile /home/username/myfiles/.htpasswd
AuthGroupFile /dev/null
AuthName "Ojambo.com's protected content"
AuthType Basic

<Limit GET>
	Require valid-user
</Limit>

“AuthUserFile” sets the name of a text file containing the list of users and passwords for authentication. “AuthGroupFile” sets the name of a text file containing the list of user groups for authentication. “AuthName” is the authorization realm for use in HTTP authentication.

“AuthType” is the type of user authentication. “Require valid-user” will allow anyone in that is listed in the password file, and who correctly enters their password. The authentication options information was obtained from the Apache website in the tenth month of 2012.

.htpasswd file

htpasswd -c .htpasswd username

To create the .htpasswd file use the “-c” option. Additional users can be added to the same .htpasswd without the “-c” option. By default, the password file will contain the username and MD5 encrypted password.

How to Use:

    Open Browser

  • Save the “htpasswd” file where it can be accessible on the web.
  • Attempt to access the “protected” folder in your browser.

Demonstration:

Ojambo.com Apache Password Protect Tutorial

Image Missing
Ojambo.com Apache Password Protect Prompt

Image Missing
Ojambo.com Apache Password Protect Folder

Conclusion:

Apache can be used to protected web folders. Web folders can be accessible by approved users. The users and their passwords are stored in a file created by the htpasswd command.

The “.htaccess” file will contain the authentication options. The most important authentication information is the location of the file created by the htpasswd command. A user will not be able to access protected information without prior knowledge of the proper credentials.

    Recommendations:

  1. Place your “.htaccess” file in the “protected” folder.
  2. Place your “htpasswd” file in a different location from the “protected” folder.
  3. Use encryption for the password.

About Edward

Edward is a software engineer, web developer, and author dedicated to helping people achieve their personal and professional goals through actionable advice and real-world tools.

As the author of impactful books including Learning JavaScript, Learning Python, Learning PHP and Mastering Blender Python API, Edward writes with a focus on personal growth, entrepreneurship, and practical success strategies. His work is designed to guide, motivate, and empower.

In addition to writing, Edward offers professional "full-stack development," "database design," "1-on-1 tutoring," "consulting sessions,", tailored to help you take the next step. Whether you are launching a business, developing a brand, or leveling up your mindset, Edward will be there to support you.

Edward also offers online courses designed to deepen your learning and accelerate your progress. Explore the programming on languages like JavaScript, Python and PHP to find the perfect fit for your journey.

📖 Explore His Books – Visit the Book Shop to grab your copies today.
💼 Need Support? – Learn more about Services and the ways to benefit from his expertise.
🎓 Ready to Learn? – Check out his Online Courses to turn your ideas into results.

View all posts by Edward | Website