Today world is insecure. We have to provide different type of security measures like authentication. In HTTP servers like Apache or Nginx we can use HTTP Basic Authentication. HTTP Basic Authentication is authentication protocol provided by web server. We can use
htpasswd tool to create HTTP Basic Authentication Database and Users. Using application level authentication is better solution by the way.
Install Htpasswd Tool
htpasswd is provided by Apache Utils package for Ubuntu, Debian, Mint and Kali. We can install it with the following command.
$ sudo apt install apache2-utils
Install Htpasswd Tool For Fedora, CentOS, RHEL
As RPM based distributions like Fedora, CentOS and RHEL names Apache as
httpd we can install
htpasswd with the following command.
$ sudo yum install httpd-tools
Create Htpasswd Database and User
We will create a user password database with the
-c option and providing related information like database file name, user and password. In this example we will create database named
ismail and password .
$ htpasswd -c db ismail
We can list existing users from providing database file with the
cat command. Because our file named
db is just a text file where password is stored in encrypted format.
$ cat db
Change Existing User Password
We can change existing user password we just need to provide the user name again like creating from scratch. This will ask us the
user password again. In this example we will change password of
$ htpasswd db ismail
As we can see from out that we have successfully update the password of
If we want to prevent user from access we should remove user from our database. We will use
-D option and specify the user name we want to remove. In this example we will remove the user named
$ htpasswd -D db ali
Configure Authentication For Apache
Up to now we have learned how to manage user database. In this part we will look how to configure Apache for basic authentication. Following configuration will be put into Apache main conf or in a site configuration like virtual host.
<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html <Directory "/var/www/html"> AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/apache2/db Require valid-user </Directory> </VirtualHost>
- In this configuration we assume that our database file named `db` is located at `/etc/apache2/db`
- This authentication will be applied for the directory `/var/www/html`
In order to make configuration we should restart Apache2 server after saving configuration.
Check HTTP Basic Authentication
If we try to browse the web page we will get a prompt like below which is asking for
password those will be checked from our