Passwords For Your Apache Server


I just realized that it might be important to password protect some stuff on your website. Here’s how to do it.

Let’s assume that your website fils are stored in /var/www/. So create a sub-directory called e.g. protected.

In /var/www/protected/, create a file called .htpasswd. This will store the username and password require to access files in this folder from the Internet. The file should contain lines formatted like:


You may want to encrypt your passwords before putting them in. This means that if somebody hacks your folder, they will see some gibberish password that is hard to reverse-engineer into what you actually need to type into the password box. To do this, use a utility like the one at the bottom of this page. Note that you are trusting that they aren’t screwing you over and recording your password when they encrypt it for you…

Almost done. Now you need to tell your server to use this.

As per this link, you need to open your Apache configuration file with e.g.

sudo nano /etc/apache2/apache2.conf

and then add to the end of the file a block as follows:

<Directory "/var/www/protected">
  AuthType Basic
  AuthName "Authentication Required"
  AuthUserFile "/var/www/.htpasswd"
  Require valid-user

  Order allow,deny
  Allow from all

That should just about do it. To force the changes into effect, restart your server:

sudo service apache2 reload

Now try navigating to the protected folder from your browser. You should encounter a pop-up asking you for your credentials.


One thought on “Passwords For Your Apache Server

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s