Security is always the first priority for everyone and if you are maintaining security of data then you have a great responsibility on you. If you are a webmaster and you want to limit access of specific website to limited person who has the login details only. Then this article will help you to How to Setup Basic Apache Authentication using Virtual Host.
For this article you must have apache access with full privileges. If you are using shared hosting visit below link to configure the same using .htaccess.
1. Create Credentials File
Let’s start with creation of users in .htpasswd file. This file will contain user and password information either in plain text or md5 encrypted, which can access the website.
# htpasswd -cm /etc/apache2/.htpasswd myuser1
-c :is used only for first time when you create .htpasswd file. Do not use this if .htpasswd already exists else it will recreate file. -m :is used to save password in md5 format.
Let’s create another user using following command..
# htpasswd -m /etc/apache2/.htpasswd myuser2
2. Edit Apache VirtualHost
Now edit Apache virtual host configuration file and add the following configuration in virtual host block.
<VirtualHost *:80> ... <Location /> Deny from all #Allow from (Set IP to allow access without password) AuthUserFile /etc/apache2/.htpasswd AuthName "Restricted Area" AuthType Basic Satisfy Any require valid-user </Location> ... </VirtualHost>
<Location /> :Part of website you want to restrict. / is for retrict full website or you can specify location like /admin or /demo etc. Deny from all :Restrict everyone AuthUserFile :File where users login details are saved. AuthName :Message will be appeared on credentials window. AuthType :Type of authentication to be used. Read more. Satisfy :Interaction between host-level access control and user authentication. Read more. require :Selects which authenticated users can access restricted area on website. Read more
Restart Apache Service
After making any changes in apache configuration file (httpd.conf or apache2.conf), you need to restart Apache web service.
For CentOS/RHEL 6/5 Users:
# service httpd restart
For CentOS/RHEL 7 Users:
# systemctl enable httpd.service
For Ubuntu/Debian Users:
# service apache2 restart