Aug 11

Password Protect Your Web Directory (apache)


Have you ever just wanted to protect something on your web server.  Perhaps there’s a sensitive web page that you created like a blog that you only want certain people to see.  Well, here’s how you do it!  This will be written for a Fedora/Red Hat/CentOS platform, but will work on any apache web server installation.

First, navigate yourself to your httpd.conf file that you used to set up your server.  You can edit the file using either ‘vi’ or ‘nano’ but will most likely need sudo (super user) privileges in order to save it.  Navigate to the absolute end of the file and type the following.  The ‘’ should be changed to the location or folder that you’d like to protect.

<Directory “/var/www/html/”>
AuthType Basic
AuthName “Authentication Required”
AuthUserFile “/var/www/html/”
Require valid-user

Order allow,deny
Allow from all

Now, you need to create the .htpasswd file.  If you don’t already have one, simply use the below command.

$ sudo htpasswd -c /var/www/html/ <user>
New password:
Re-type new password:

The ‘-c’ tag tells the command that the file does not exist.  The ‘/var/www/html/’ tells the command that this is where you want the file, and what you want to call it.  The <user> is where you would input whatever you’d like your user name to be.  After you execute the command, simply input your new password twice and you’re in business.

Once these two steps are complete, make sure you restart your httpd service to have the changes take effect:

$ sudo service httpd restart

Now, when you go to that folder in your web server, it will prompt you for your user name and password.  Keep in mind that if you haven’t set up SSL on your web server, the user name and password will be sent ‘in the clear’ meaning that it’s not encrypted.

Enjoy your protection!