30/11/2020

Authenticate Website using .htaccess and .htpasswd

Use .htaccess and .htpasswd to authenticate the access to website

1. Edit the AllowOverride None line in your vhost configuration file and change it to AllowOverride All

2. Generate a new password for a user user1 using:

htpasswd -c /path/to/file/.htpasswd user1

  • -c : creates a new .htpasswd file. It is not necessary to add -c when adding another user if the file has already been created


3. Change ownership and give correct permission to .htpasswd

You can see the user with its hashed password using:

cat /path/to/file/.htpasswd


4. Create .htaccess file in the Apache DocumentRoot directory.

vim path/to/DocumentRoot/.htaccess

Add the following lines:

AuthType Basic
AuthName “Restricted Content”
AuthUserFile /path/to/file/.htpasswd
Require valid-user


5. Restart Apache

systemctl restart httpd

6. Test your website in browser. You should a pop-up more or less like the following:

Leave a Reply

Your email address will not be published.