password authentication with apache on centos 7 and rhel 7

Apache Security is always the first priority for everyone and if you are maintaining the security of data then you have a great responsibility on you. If you are a webmaster and you want to limit access of specific website to the limited person then this is the best best way secure your webpage.

In Simple, Authentication is any process by which you verify that someone is who they claim they are. Authorization is any process by which someone is allowed to be where they want to go, or to have information that they want to have.

In this tutorial, I am going to show you how to Setup Password Authentication with Apache web server. We can do this in one of two ways: either directly in a site’s virtual host file or by placing .htaccess files in the directories that need restriction. It’s generally best to use the virtual host file, but if you need to allow non-root users to manage their own access restrictions, check the restrictions into version control alongside the website, or have a web applications using .htaccess files for other purposes already, check out the second option.

Choose the option that best suits your needs :

  1. Apache password protect directory without htaccess
  2. Apache password protect directory with htaccess

First of all Install Apache on Centos 7 / RHEL 7, if you didn’t installed then checkout the following article:

Now, I assume that you installed apache on your webserver. It’s time to do Password Authentication so follow the following steps

Method 1 : Setup password authentication with apache without .htaccess file 


1. Creating the Password File

Now, for Password Authentication we are going to use htpasswd utility. We can use this to create a password file that Apache can use to authenticate users. We will create a hidden file for this purpose called .htpasswd within our /etc/httpd/ configuration directory.

The first time we use this utility, we need to add the -c option to create the specified file.

so, In this command vaibhav is a username, you can create any username that you want. After pressing enter You will be asked to supply and confirm a password for the user.

Another User : (Note: Leave the -c argument for any additional users you wish to add. because if you use -c at the second time it will create another .htpasswd file).

If we view the contents of the file, we can see the username and password is in encrypted format

Sample output :

2. Configuring Apache Password Authentication

Now, we have a file with users and passwords in a format that Apache can read, we need to configure Apache to check this file before serving our protected content.

Open Apache VirtualHost File (httpd-vhosts.conf)

Authentication is done on a per-directory basis. so, To set up authentication, you will need to target the directory you wish to restrict with a <Directory ___>  block. Add the following <Directory> Block in your VirtualHost.

Final Output of this file should look like this

Save and close the file when you are finished.

Before restarting the web server, you must check the configuration is proper or not using following command.

If everything checks out and you get Syntax OK, then restart the server to implement your password policy.

Now, the directory you specified should now be password protected.

Method 2 : Setup password authentication with apache using .htaccess file


Apache can use .htaccess files in order to allow certain configuration items to be set within a content directory. if you are already using .htaccess file or need to allow non-root users to manage restrictions, .htaccess files make sense.

To enable password protection using .htaccess files, open Apache Main configuration file:

Find the <Directory> block for the /var/www/html directory that holds the document root. To turn on .htaccessprocessing you have to change AllowOverride directive from “None” to “All“:

Save and close the file when you done with the changes.

Next, we need to add an .htaccess file to the directory we wish to restrict. In our demonstration, we’ll restrict the entire document root (the entire website) which is based at /var/www/html, but you can place this file in any directory where you wish to restrict access:

Add the following lines in this file :

Save and close the file & Restart the web server to password protect all content in or below the directory with the .htaccess file.

Test / Confirm Password Authentication

To confirm that your content is protected or not. you have enter Server ip or Domain name in Web browser

syntax:

Output :

Password Authentication
Password Authentication with apache

If you enter the correct credentials, you will be allowed to access the content.

If you enter the wrong credentials or hit “Cancel”, you will see the “Unauthorized” error page like this:

wrong credentials

That’s it Guys,Now you’ve have successfully set up basic authentication for your site.

LEAVE A REPLY

Please enter your comment!
Please enter your name here