Protecting a directory using .htpasswd and .htaccess

Recently I wanted to restrict the access to a directory in one of our server via web, the easiest solution found was to achieve it through the use of a .htpasswd and a .htaccess file. Following are the steps used to achieve this.

Creating .htaccess file

Navigate to the directory required to provide the rescricted access via Internet and create a file .htaccess using one of your favorite editor

AuthType Basic
AuthName "Website Site with Restriced Access"
AuthUserFile /path/to/folder/required/restricted/access/.htpasswd
AuthGroupFile /dev/null
require valid-user

Creating .htpasswd file

This file will holds the allowed login credentials to content inside the restricted access folder.

$ htpasswd -c /path/to/folder/required/restricted/access/.htpasswd
$ Enter Password:
$ Re-enter Password:
$ New user added successfully

In the first command htpasswd -c will create a new file called .htpasswd in the specified location. To add more users simply issue htpasswd command without -c

Enabling Apache mod_rewrite

Use locate to find if the is available on your server.

$ sudo updatedb
$ locate

It will found in /usr/lib/apache2/modules

New apache follow some folders to enable and disable mods. So now do this:

$ cd /etc/apache2/mods-enabled
$ vim rewrite.load (you may use any editor to edit this file)

Now paste this following line

LoadModule rewrite_module /usr/lib/apache2/modules/

Then edit /etc/apache2/sites-available/default or /etc/apache2/sites-available/000-default (check which one available on your system). Find the following

Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all

and change it to

Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all

Finally restart Apache

$ sudo /etc/init.d/apache2 restart
$ sudo service apache2 restart