Apache Password Protect

Password Protect Folder Using Apache

Web designers can utilize the Apache Web Server to protect web folders. Content can be protected by a password prompt.

Content will not be accessible when a web visitor enters the wrong credentials. A user name and password will be requested every time a new browser instance is used to visit the protected content.

This tutorial uses HTML and Apache as the HTTP Server.

    Tools are required:

  • Text editor.
  • Apache HTTP Server.
  • Apache Module mod_authn_file.
  • Browser to view output.

Optional Download and install Geany

Geany is required in order to follow this tutorial. For more information about Geany read Ojambo.com Lightweight Programming Editors.

Created Protected Folder

The “protected” folder will contain the protected content. One file called “index.html” will be created in the “protected” folder.

Index.html file

<!--
index.html

Copyright 2012 edward <http://ojambo.com>

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
MA 02110-1301, USA.
   
   
-->

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
	<title>Ojambo.com index.html</title>
	<meta http-equiv="content-type" content="text/html;charset=utf-8" />
</head>

<body>
	<p>This Content is Protected.</p>
</body>

</html>

The HTML file contains a single paragraph inside “p” tags. This information will only be displayed when the web visitor enters the correct credentials.

.htaccess file

AuthUserFile /home/username/myfiles/.htpasswd
AuthGroupFile /dev/null
AuthName "Ojambo.com's protected content"
AuthType Basic

<Limit GET>
	Require valid-user
</Limit>

“AuthUserFile” sets the name of a text file containing the list of users and passwords for authentication. “AuthGroupFile” sets the name of a text file containing the list of user groups for authentication. “AuthName” is the authorization realm for use in HTTP authentication.

“AuthType” is the type of user authentication. “Require valid-user” will allow anyone in that is listed in the password file, and who correctly enters their password. The authentication options information was obtained from the Apache website in the tenth month of 2012.

.htpasswd file

htpasswd -c .htpasswd username

To create the .htpasswd file use the “-c” option. Additional users can be added to the same .htpasswd without the “-c” option. By default, the password file will contain the username and MD5 encrypted password.

How to Use:

    Open Browser

  • Save the “htpasswd” file where it can be accessible on the web.
  • Attempt to access the “protected” folder in your browser.

Demonstration:

Ojambo.com Apache Password Protect Tutorial

Image Missing
Ojambo.com Apache Password Protect Prompt

Image Missing
Ojambo.com Apache Password Protect Folder

Conclusion:

Apache can be used to protected web folders. Web folders can be accessible by approved users. The users and their passwords are stored in a file created by the htpasswd command.

The “.htaccess” file will contain the authentication options. The most important authentication information is the location of the file created by the htpasswd command. A user will not be able to access protected information without prior knowledge of the proper credentials.

    Recommendations:

  1. Place your “.htaccess” file in the “protected” folder.
  2. Place your “htpasswd” file in a different location from the “protected” folder.
  3. Use encryption for the password.