====== Apache - Authentication - Basic Authentication ======

To restrict access to certain HTTP resources, create two files: .htaccess and .htpasswd (or equivalent per httpd.conf setting). 

----

===== Configure Apache to allow .htaccess authentication. =====

By default Apache does not allow the use of .htaccess files.

  * Apache will need to be configured to allow **.htaccess** based authentication.

Editing the Apache config file:

<code bash>
sudo vi /etc/httpd/conf/httpd.conf
</code>

Find the section that begins with **<Directory "/var/www/html">**.

Change the line from **AllowOverride none** to **AllowOverride AuthConfig**.

<file apache /etc/httpd/conf/httpd.conf>
AllowOverride AuthConfig
</file>

Save and close the file.

----

===== Create a password file with htpasswd =====

The **htpasswd** command is used to create and update the files used to store usernames and password for basic authentication of Apache users.

  * A hidden file **.htpasswd** will need to be created in the /etc/httpd/ configuration directory.

For example, create a .htpasswd file for user1.

<code bash>
sudo htpasswd -c /etc/httpd/.htpasswd user1
</code>

This will prompt to supply and confirm a password for user1.

<WRAP warning>
**WARNING**: Only use **-c** the first time the file is created.

  * Do not use **-c** when another user is added in the future.

</WRAP>

----

Create another user named user2:

<code bash>
sudo htpasswd /etc/httpd/.htpasswd user2
</code>

----

===== Display the username and encrypted password for each user =====

<code bash>
sudo cat /etc/httpd/.htpasswd
</code>

returns:

<code>
user1:$apr1$0r/2zNGG$jopiWY3DEJd2FvZxTnugJ/
user2:$apr1$07FYIyjx$7Zy1qcBd.B8cKqu0wN/MH1
</code>

----

===== Allow Apache to read the .htpasswd file =====

<code bash>
sudo chown apache:apache /etc/httpd/.htpasswd
sudo chmod 0660 /etc/httpd/.htpasswd
</code>

----

===== Configure Apache password authentication =====

Create a **.htaccess** file in the web directory which is to be restricted.

For example, create the .htaccess file in the /var/www/html/ directory to restrict the entire document root.

<code bash>
sudo vi /var/www/html/.htaccess
</code>

Add the following content:

<file apache /var/www/html/.htaccess>
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/httpd/.htpasswd
Require valid-user
</file>

Save and close the file, then restart Apache to make these changes take effect.

<code bash>
sudo apachectl restart
</code>

----

===== Testing password authentication =====

Try to access the restricted content in a web browser by visiting the URL or static IP address.

This will prompt for a username and password to access the website.

<WRAP info>
**NOTE:**  If the correct credentials are entered, the site will be accessible.

  * If the wrong credentials or entered, or **Cancel** is pressed, this should show the **Unauthorized** error page.

  * Password protection should be combined with SSL, so that the credentials are not sent to the server in plain text. 

</WRAP>

----

===== References =====

http://www.webtrafficexchange.com/how-create-htpasswd-file-encrypted-password