Password protect folders apache

If you have any sensitive folder in your websites or if you like to grant access to only a group of peoples then you can setup a password protected folder in Apache to protect the folders from public or common access. This article explains you how to setup setup a password protected directory and what need to be turned on in the web server configuration.

Requirment :

1 -> Mod_auth module allows the use of HTTP Basic Authentication by plain text password and group usually stored in MDS crypt. If you are more concern about not to store it in a plain text then you can try the mod_auth_dbm which stores the password in DBM type database files which is a best alternative to plain text storage.

2 -> Edit your httpd.conf file in your favorite editor and find the line AllowOverride (inside the <Directory “/var/www/html”> directive) and change it to

  • AllowOverride AuthConfig

By default it will  AllowOverride None so you need to change that to the above and have to restart the httpd service to take on effect.

3 -> htpasswd binary to generate the password or you can use online password generator like to generate the password.
Create a file called .htaccess with the following lines on the exact directory which you like to protect. Say for example /home/gtoolbox/password/

  • AuthUserFile /home/gtoolbox/password/.htpasswd
    AuthType Basic
    AuthName “My Secret Folder”
    Require valid-user

Create the .htpasswd folder inside the /home/gtoolbox/password/ folder and just past the output(username and password) from the online password generator or using the htpasswd file

  • htpasswd -c /home/gtoolbox/password/.htpasswd gnutoolbox

If will prompt to enter the password twice and that’s it, you have created the md5 password crypt file. Just cat the file and you could see something similar to

Where the gnutoolbox is the username and [email protected] is password which is separated by ‘ : ‘. It is also possible to create multiple users for a single password protected folder, just add the new user in the .htpasswd folder to allow access.

Now try access the folder in your web browser and you will be prompt to enter the user-name and password. If the htpasswd protection is not working, then make sure the requirement steps 1 & 2 are configured properly. You can also edit and change the AuthName to your favorite words which you like to label the folder.