How to Secure Specific URL in Apache

Some times we required to secure a single url or few specific urls in our site, and all other site url keep remain with public access. This is very easy to manage with are using directory and file structure in sites. But some of framework like cakephp work on routing structure which is different from directory structure, we can’t secure it on directory level.

This article will help you secure specific url in Apache. For example a site has a secure area like http://example.com/admin/” and we need that only the authorized users or ips can access /admin/ section.

1. Setup IP Based Restriction on Specific URL

First edit apache configuration file and add below entry in VirtualHost. This will allow /admin url to 192.168.10.11 and 123.45.67.89 ips only.

<Location /admin>
  Order deny,allow
  Deny from all
  Allow from 192.168.10.11
  Allow from 123.45.67.89
</Location>

Save Apache configuration file and restart apache service using one of following commands.

# service httpd restart          #  For RHEL based systems
$ sudo service apache2 restart    # For Debian based systems

Let’s Try to access your site from any other ip. Also check from given ip in configuration file.

2. Setup User Authentication on Specific URL

Edit Apache configuration file and add below entry in website VirtualHost section.

<Location /admin>
  AuthUserFile /var/www/htpasswd/.htpasswd
  AuthName "Password Protected Area"
  AuthType Basic
  Require valid-user
</Location>

Now create new htpasswd file using below command and add a new user.

# htpasswd -cm /var/www/htpasswd/.htpasswd myuser

New password:
Re-type new password:
Adding password for user myuser

Restart apache and access your site url. It will prompt for login details.

# service httpd restart          #  For RHEL based systems
$ sudo service apache2 restart    # For Debian based systems

Thanks for using this article, I hope this article fulfill your needs. Click here to read more details about apache location directive.