How to Secure Specific URLs in Apache {2 Methods}

Securing specific URLs in Apache is essential to protect important parts of your website. This guide will help you do it step by step, even if you’re new to Apache. You’ll learn how to limit access to certain URLs to specific IP address or by setting up a login requirement. This means only people with the right username and password or accessing from specified IP address can see those parts of your site. By following these simple instructions, you can keep your website more secure and ensure that sensitive information is protected from unauthorized access.

In this tutorial you will learn:

Restrict specific url to the IP address
Setting up Apache basic authentication for an specific url

Assuming that you want to secure the admin dashboard from users that is deployed at /admin URL. For example the admin section url is like http://example.com/admin/“.

1. Restrict Specific URL by IP Address

First, edit the Apache configuration file and add the below entry in VirtualHost. This will allow /admin URL to 192.168.10.11 or an IP range like 192.168.1.0/24.


<Location /admin>
  Order deny,allow
  Deny from all
  Allow from 192.168.10.11
  Allow from 192.168.1.0/24
</Location>

Save the Apache configuration file and restart the apache service using one of the following commands.

sudo systemctl restart httpd        #On RedHat based systems
sudo systemctl restart apache2        #On Debian based systems

Let’s try to access your site from any other IP address. Also, check the given IP address in the configuration file.

2. Setup User Authentication on Specific URL

You can also enable a login screen for a specific URL in the Apache webserver. To do this, edit the Apache configuration file and add the below entry in the website VirtualHost section.


<Location /admin>
  AuthUserFile /var/www/htpasswd/.htpasswd
  AuthName "Password Protected Area"
  AuthType Basic
  Require valid-user
</Location>

Now create a new htpasswd file using the below command and add a new user. You can also use an online htpasswd generator tool.

htpasswd -cm /var/www/htpasswd/.htpasswd myuser

Output
New password:
Re-type new password:
Adding password for user myuser

Restart the Apache service and access your site URL. It will prompt for login details.

sudo systemctl restart httpd        #On RedHat based systems
sudo systemctl restart apache2        #On Debian based systems

Conclusion

You have now secured a specific URL in Apache. This ensures that only authorized users can access certain parts of your website. Always remember to keep your .htpasswd file secure and regularly update your passwords. By following these simple steps, you can enhance the security of your web server and protect sensitive information.

View 3 Comments

3 Comments

Ume on March 14, 2019 6:15 am
How can we allow certain URLs only, e.g. URLs which starts with /resources , which contains certain word ?
Radesh on January 28, 2016 5:41 am
Very helpful and easy to follow. Thanks Chris!
chris on September 17, 2014 1:24 pm
Thanks for the info. Would really help if you mentioned where the apache config file is located.

How to Secure Specific URLs in Apache {2 Methods}

1. Restrict Specific URL by IP Address

2. Setup User Authentication on Specific URL

Conclusion

How to Configure Apache as a Reverse Proxy Server

How to enable TLS 1.3, TLS1.2 only in Apache

Setting Up ‘Upgrade-Insecure-Requests’ in Apache

3 Comments

How to Secure Specific URLs in Apache {2 Methods}

1. Restrict Specific URL by IP Address

2. Setup User Authentication on Specific URL

Conclusion

Related Posts

How to Configure Apache as a Reverse Proxy Server

How to enable TLS 1.3, TLS1.2 only in Apache

Setting Up ‘Upgrade-Insecure-Requests’ in Apache

3 Comments