Few days ago, I wrote an article about configuring Apache authentication with .htaccess file. Today, I’ll wrote a tutorial how to make Apache directory authentication within Virtual Host Definition.
Apache directory authentication within Virtual Host definition tutorial will be useful for you if you have some public directory on your apache server that you need to restrict access for other people.
I will assume that you have apache installed on your system.
If you don’t have Apache installed, see our LAMP Installation tutorial.
Apache directory authentication within Virtual Host
Lets now proceed to configuring Apache authentication.
Note: First two steps are the same as for configuring authentication with .htaccess file, so, if you have done that, you can jump to step 3.
1. Update your system
First check if there are any updates for your system:
sudo apt-get update
2. Install htpasswd for making password
Next we will use an apache tool for making passwords called htpasswd, to install that, run:
sudo apt-get install apache2-utils
If you are running htpasswd for the first time, you will run this command:
sudo htpasswd -c /etc/apache2/.htpasswd <username>
Note: <username> is username that you want to enter when you visit protected directory (example: john)
Next time you’ll run command from above without -c, like this:
sudo htpasswd /etc/apache2/.htpasswd <username>
/etc/apache2/.htpasswd will contain all usernames with encrypted passwords for users you made with htpasswd.
3. Configure Virtual Host definition file
Now we’ll proceed with configuring Virtual Host file.
Go to Apache virtual hosts directory:
Note: We’ll use default apache virtual host file, but you can do that for every site on your server
Edit 000-default.conf file with nano or any other text editor:
sudo nano 000-default.conf
We’ll use Basic authentication and we’ll allow access for every user with valid credentials.
Now, within <VirtualHost></VirtualHost> block we need to add <Directory> block, it will look like this
<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html <Directory "/var/www/html"> #Authorization section </Directory> </VirtualHost>
In the #Authorization section we’ll add following code:
AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/apache2/.htpasswd Require valid-user
The complete file should look like this:
<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html <Directory "/var/www/html"> AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/apache2/.htpasswd Require valid-user </Directory> </VirtualHost>
Note: This code will protect root directory of our web server.
Ctrl+X to close file, enter Y to save changes and that’s it.
Restart your Apache server to apply changes made to Virtual Host file:
sudo service apache2 restart
Now point your browser to the URL
Pop up should appear and ask for login credentials.
If you enter invalid credentials or you click Cancel, you’ll see an “Unauthorized” page error
You can visit official Apache documentation for additional information.