Support Online
MirrorLooking Glass
GenixNodeGenixNode
Client Panel
Skip to main content

Apache Basic Authentication Setup

In this guide, you will learn how to setup Basic Authentication (password protection) on the Apache web server.

Thanks to this method, specific directories:

  • Can protect with username and password
  • Can hide areas such as admin panel
  • You can prevent unauthorized access

On Apache, this process is done with the .htpasswd file and AuthType Basic configuration.

What is Apache Password Protection?

Basic Authentication requires from the user before accessing a directory on the web server:

  • Username
  • Password

It's just a simple security layer.

Example:

/admin

→ the login screen opens

1. Installing Required Packages

Install Apache utilities:

sudo apt update
sudo apt install apache2-utils

This package provides the htpasswd tool.

2. Creating .htpasswd File

Create the first user

sudo htpasswd -c /etc/apache2/.htpasswd genixnode-user

Description

-c → creates new file (used on first user ONLY)

Adding new user:

sudo htpasswd /etc/apache2/.htpasswd yeni-kullanici

Checking the file

cat /etc/apache2/.htpasswd

3. Password Protection with Apache VirtualHost

Open the VirtualHost file

sudo nano /etc/apache2/sites-available/ornek.com.conf

Secure configuration (Recommended method)

<VirtualHost *:443>

    ServerName ornek.com
    DocumentRoot /var/www/ornek.com

    <Directory "/var/www/ornek.com">
        AuthType Basic
        AuthName "Gizli Alan"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
    </Directory>

</VirtualHost>

Test Apache configuration

sudo apache2ctl configtest

Restart Apache

sudo systemctl restart apache2

4. Alternative Method: Password Protection with .htaccess

Activating AllowOverride

sudo nano /etc/apache2/apache2.conf

Directory setting

<Directory /var/www/ornek.com>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

Creating .htaccess file:

sudo nano /var/www/ornek.com/.htaccess

Authentication rules:

AuthType Basic
AuthName "Gizli Yönetim Alanı"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user

Apache restart

sudo systemctl restart apache2

5. Testing Password Protection

When you log in to the site:

Kullanıcı adı / şifre screen appears, Correct information → access is provided. Incorrect information → 401 Unauthorized hatası is received.

Security Note

Why isn't .htpasswd kept outside?

Creates a downloadable vulnerability if placed in the web root

Why is HTTPS important?

Basic Auth passwords:

If there is no HTTPS, it is transmitted as Base64. If there is HTTPS, it is encrypted.

Frequently Asked Questions

Is Basic Authentication safe?

Yes, but it's only secure when used with HTTPS.

Is VirtualHost or .htaccess better?

VirtualHost → faster and more secure (recommended) .htaccess → flexible but slower

Can I grant access to specific user?

Yes:

Require user genixnode-user

How to change the password?

The same htpasswd command is run again.

Result

On Ubuntu 20.04 with this guide:

You have installed Apache Basic Authentication. You have password protected the directories. You have learned .htpasswd user management.

This structure specifically:

Admin panelleri Test ortamları Gizli dizinler

Ideal for.

You can use the GenixNode infrastructure for more secure server management.