In this article I will show you step by step guide where in you apache server you can create protected directoties which can be accessed only by respectvie users with proper access.
I would assume you have http package installed on your setup, if not you can manually install them
If you do not have an active online yum repository then you can create an offline yum repository
next install httpd and all it's dependency packages
I have a directory under "/var/www/html/secret/" which must be only accessed by user "deepak"
So let us first create this directory
I will create a dummy index.html file inside /var/www/html/secret/ for deepak
Before starting with our httpd configuration, we should create passwd file for user "deepak".
NOTE: Here deepak will not use the system's passwd file, instead we will have to create a new one which will be used by Apache for the authentication which will be created by htpasswd
NOTE: You can give any other secure path for the .htpasswd file. For me I am using /etc/httpd
If you see the content of this .htpasswd file
Here
Next, you'll need to configure the server to request a password and tell the server which users are allowed access.
You can do this either by editing the httpd.conf file or using an .htaccess file.
For example, if you wish to protect the directory /var/www/html/secret/, you can use the following directives, either placed in the file /var/www/html/secret/.htaccess, or placed in /etc/httpd/conf/httpd.conf inside a <Directory "/var/www/html/secret"> section.
Since we're talking here about authentication, you will need an AllowOverride directive like the following
So let me append this in my /etc/httpd/conf/httpd.conf
NOTE: Comment all other Directory variable in your httpd.conf pointing to /var/www or /var/www/html or similar path. Or you must add AllowOverride AuthConfig to all those Directory variables for .htaccess to work since our secret directory lies under /var/www/html
Next create a .htaccess file with below content at /var/www/html/secret/.htaccess
We are all set up to start out httpd server
Now you can try to access your page with an alias /web as we have used, it must prompt for username and password
![]()
NOTE: Here VirtualHosting is not needed mandatory, I have just added to add a custom error log and DocumentRoot which can come handy
Now you can try to access your page with an alias /web as we have used, it must prompt for username and password.
Assign password to all other users using below command and the same password file as used earlier
Now if we check we have three entries for three difference users
Next we will need to create a group file that associates group names with a list of users in that group. The contents of the file will look like this:
NOTE: You can create the group with any name and can be at any location, for me I am using below path.
Next update your httpd.conf with below content
Next save and exit the file and restart the httpd service to activate our change
So all looks good, give your change a trial to see if the browser prompts you for authentication
![]()
I hope the article was useful.
I would assume you have http package installed on your setup, if not you can manually install them
If you do not have an active online yum repository then you can create an offline yum repository
next install httpd and all it's dependency packages
# yum -y install httpd
I have a directory under "/var/www/html/secret/" which must be only accessed by user "deepak"
So let us first create this directory
# mkdir /var/www/html/secret/
I will create a dummy index.html file inside /var/www/html/secret/ for deepak
# cat /var/www/html/secret/index.html
###########
## This is a secret file for Deepak only
###########
###########
## This is a secret file for Deepak only
###########
Before starting with our httpd configuration, we should create passwd file for user "deepak".
NOTE: Here deepak will not use the system's passwd file, instead we will have to create a new one which will be used by Apache for the authentication which will be created by htpasswd
- htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of HTTP users.
- Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by htpasswd.
- htpasswd encrypts passwords using either bcrypt, a version of MD5 modified for Apache, SHA1, or the system's crypt() routine.
- Files managed by htpasswd may contain a mixture of different encoding types of passwords; some user records may have bcrypt or MD5-encrypted passwords while others in the same file may have passwords encrypted with crypt().
Use the below command syntax to create password for user "deepak"
# htpasswd -c /etc/httpd/.htpasswd deepak
New password:
Re-type new password:
Adding password for user deepak
New password:
Re-type new password:
Adding password for user deepak
NOTE: You can give any other secure path for the .htpasswd file. For me I am using /etc/httpd
If you see the content of this .htpasswd file
# cat /etc/httpd/.htpasswd
deepak:$apr1$2D7PPz82$cSP2lNCNmzE80dXrXakAI/
deepak:$apr1$2D7PPz82$cSP2lNCNmzE80dXrXakAI/
Here
-cCreate the passwdfile. If passwdfile already exists, it is rewritten and truncated. This option cannot be combined with the -n option.
Next, you'll need to configure the server to request a password and tell the server which users are allowed access.
You can do this either by editing the httpd.conf file or using an .htaccess file.
For example, if you wish to protect the directory /var/www/html/secret/, you can use the following directives, either placed in the file /var/www/html/secret/.htaccess, or placed in /etc/httpd/conf/httpd.conf inside a <Directory "/var/www/html/secret"> section.
Method 1: Using .htaccess file
If you plan to use .htaccess files, you will need to have a server configuration that permits putting authentication directives in these files. This is done with the AllowOverride directive, which specifies which directives, if any, may be put in per-directory configuration files.Since we're talking here about authentication, you will need an AllowOverride directive like the following
AllowOverride AuthConfig
So let me append this in my /etc/httpd/conf/httpd.conf
NOTE: Comment all other Directory variable in your httpd.conf pointing to /var/www or /var/www/html or similar path. Or you must add AllowOverride AuthConfig to all those Directory variables for .htaccess to work since our secret directory lies under /var/www/html
Alias /web "/var/www/html/secret/"
<Directory "/var/www/html/secret">
AllowOverride AuthConfig
</Directory>
NOTE: I have used an alias here which is optional.<Directory "/var/www/html/secret">
AllowOverride AuthConfig
</Directory>
Next create a .htaccess file with below content at /var/www/html/secret/.htaccess
AuthType Basic
AuthName "Secret Files"
AuthUserFile /etc/httpd/.htpasswd
Require user deepak
AuthName "Secret Files"
AuthUserFile /etc/httpd/.htpasswd
Require user deepak
We are all set up to start out httpd server
# systemctl restart httpd
# systemctl is-active httpd
active
# systemctl is-active httpd
active
Now you can try to access your page with an alias /web as we have used, it must prompt for username and password
Method 2: Using Directory in httpd.conf
Add below content at then end of "/etc/httpd/conf/httpd.conf".NOTE: Here VirtualHosting is not needed mandatory, I have just added to add a custom error log and DocumentRoot which can come handy
Alias /web "/var/www/html/secret/"
<VirtualHost 192.168.1.6:80>
ServerAdmin root@server.golinuxhub.com
ServerName golinuxhub-server
DocumentRoot /var/www/html/secret
ErrorLog logs/error_log
<Directory "/var/www/html/secret">
AuthType Basic
AuthName "Secret Files"
AuthUserFile /etc/httpd/.htpasswd
Require user deepak
</Directory>
</VirtualHost>
<VirtualHost 192.168.1.6:80>
ServerAdmin root@server.golinuxhub.com
ServerName golinuxhub-server
DocumentRoot /var/www/html/secret
ErrorLog logs/error_log
<Directory "/var/www/html/secret">
AuthType Basic
AuthName "Secret Files"
AuthUserFile /etc/httpd/.htpasswd
Require user deepak
</Directory>
</VirtualHost>
The AuthType directive selects that method that is used to authenticate the user. The most common method is Basic. It is important to be aware, however, that Basic authentication sends the password from the client to the server unencrypted. This method should therefore not be used for highly sensitive data, unless accompanied by mod_ssl.
Save and exit the file followed by a service restart# systemctl restart httpd
# systemctl is-active httpd
active
# systemctl is-active httpd
active
Now you can try to access your page with an alias /web as we have used, it must prompt for username and password.
How to provide authentication to multiple users?
The steps are similar and again can be done using both the methods as explained earlier. For the sake of this example I will use <Directory> method to give an exampleAssign password to all other users using below command and the same password file as used earlier
# htpasswd /etc/httpd/.htpasswd ankit
New password:
Re-type new password:
Adding password for user ankit
# htpasswd /etc/httpd/.htpasswd amit
New password:
Re-type new password:
Adding password for user amit
New password:
Re-type new password:
Adding password for user ankit
# htpasswd /etc/httpd/.htpasswd amit
New password:
Re-type new password:
Adding password for user amit
Now if we check we have three entries for three difference users
# cat /etc/httpd/.htpasswd
amit:$apr1$//0qsYXA$b/YBtjYWNVnAq.ktus1yD.
deepak:$apr1$eAmlseNr$F8TRQZvqoxGn5TDmdrT311
ankit:$apr1$bEXxG.Wh$Ejavy56OHpFVBHs8ETah41
amit:$apr1$//0qsYXA$b/YBtjYWNVnAq.ktus1yD.
deepak:$apr1$eAmlseNr$F8TRQZvqoxGn5TDmdrT311
ankit:$apr1$bEXxG.Wh$Ejavy56OHpFVBHs8ETah41
Next we will need to create a group file that associates group names with a list of users in that group. The contents of the file will look like this:
NOTE: You can create the group with any name and can be at any location, for me I am using below path.
# cat /etc/httpd/.groups
GroupName: deepak amit ankit
Here I have added three users to my group for which I will pass authentication using httpd.confGroupName: deepak amit ankit
Next update your httpd.conf with below content
Alias /web "/var/www/html/secret/"
<Directory "/var/www/html/secret">
AuthType Basic
AuthName "Secret Files"
AuthUserFile "/etc/httpd/.htpasswd"
AuthGroupFile "/etc/httpd/.groups"
Require group GroupName
</Directory>
<Directory "/var/www/html/secret">
AuthType Basic
AuthName "Secret Files"
AuthUserFile "/etc/httpd/.htpasswd"
AuthGroupFile "/etc/httpd/.groups"
Require group GroupName
</Directory>
IMPORTANT NOTE:
You can use the same content under "/var/www/html/secret/.htaccess" if you wish to use Method 1 from this article.i.e with htaccess
Here we are using "Require group" instead of "Require user" and added a new argument "AuthGroupFile" to point to the group file we have createdYou can use the same content under "/var/www/html/secret/.htaccess" if you wish to use Method 1 from this article.i.e with htaccess
Next save and exit the file and restart the httpd service to activate our change
# systemctl restart httpd
# systemctl is-active httpd
active
# systemctl is-active httpd
active
So all looks good, give your change a trial to see if the browser prompts you for authentication
I hope the article was useful.