Apache Webserver Basic Authentication using htpasswd - How to

Overview
To Secure the Apache  Virtualhost (or) a particular document root /directory.  We can use this Basic Auth mechanism.
When the user is trying to access the resource from the directory. User will be prompted  for Authentication.

 

Step1
Create a Password file with username and password entry using htpasswd  tool. Available at apache bin directory.

This is how the users file looks like by default the password entered will be  encrypted using MD5 algorithm

 

Step2

 

Make configuration changes in httpd.conf  file.
Under the Directory module that you want to apply BasicAuth secuirty
Add the below lines
AuthType Basic
AuthName sarasoftaccess
AuthUserFile bin/users
Require valid-user
DirectoryIndex index.html
Allow from all

 

This is how our configuration looks like
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot J:/www/sarasoft/staticfiles/
ServerName sarasoft.com
ErrorLog logs/sarasoft-error.log
CustomLog logs/sarasoft-access.log common
</VirtualHost>
<Directory  />
AuthType Basic
AuthName sarasoftaccess
AuthUserFile bin/users
Require valid-user
DirectoryIndex index.html
Allow from all
</Directory>
<Directory  J:/www/sarasoft/staticfiles/>
AuthType Basic
AuthName sarasoftaccess
AuthUserFile bin/users
Require valid-user
DirectoryIndex index.html
Allow from all
</Directory>
Here we are enabling security for both  ROOT directory and Our Site's Document Root.

 

Step3
Restart the Web server and  Test it using the URL

http://localhost

Now you will be prompted for the password.

When you enter the correct password that you have saved at step1. You will be  able to see the page.

Thanks,
AKSARAV