Saturday, January 23, 2016

how to protect a single apache directory with basic authentication (debian)



1) generate a password file (api=username)

htpasswd -cs /usr/local/apache/passwd/passwords api

2) change /etc/apache2/apache2.conf (AllowOverwrite)
<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride AuthConfig
        Require all granted
</Directory>
3) create local .htaccess file inside the folder you like to protect
AuthType Basic
AuthName "protected"
# (Following line optional)
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
Require user api

"protected" is the message shown when the server requests the credentials.