Apache httpd: How to Use htpasswd to Password Protect Areas of your Site

This doesn’t cover the basics of configuring httpd, etc. You should know how to do that! Also, this is being done on an old RHEL 4 box.

If you’re having trouble with selinux blocking CGI in weird and wonderful ways, disable it:

Anyway … modify /etc/httpd/conf/httpd.conf and add a <Directory> directive for the directory that you wish to protect, e.g. :

It will protect all subdirectories under the directory too. You can obviously just specify a specific directory if you want, but I want to password protect the entire website.

Create a directory for your htpasswd file – do not put this under your DocumentRoot – somewhere under the ServerRoot is good, but I put it in /usr/local/etc/httpd:

Then create the htpasswd file and add your first user

I always chown apache:apache /usr/local/etc/httpd/users and then chmod 400 /usr/local/etc/httpd/users.

The -c is not required when adding further users to the users file

Then, just restart httpd (only needed as we changed the httpd.conf file – you don’t need to restart httpd after just adding/deleting users with htpasswd), and browse!

(or service httpd restart, /etc/init.d/httpd stop && /etc/init.d/httpd start, whatever….)

Done !