edoceo

Apache Authentication via HTTP Basic or Digest

Configuring Apache Authentication using either HTTP Basic or HTTP Digest. It's possible to protect based on either Directory (preferred) or Location. Directory is preferred, this way, if there are multiple web-accessible paths to the same directory they will all have the authentication enforeced.

However, complicated setups such that there is access the same file-system path via different URI paths, perhaps different user databases; these must use the Location basis.

htpasswd Files

The tool htpasswd is used to create the password database for Apache.

htpasswd -cb /path/to/the/file username password
htpasswd -b /path/to/the/file username password

It should be noted that this is not the only method. Apache can also connect to LDAP systems, or use custom-built external authentication programs/scripts.

HTTP Basic

The simplest form we have a location protected by HTTP-Basic authentication.

<IfModule !mod_auth_basic.c>
    LoadModule auth_basic_module modules/mod_auth_basic.so
</IfModule>
<IfModule !authn_file_module.c>
    LoadModule authn_file_module modules/mod_authn_file.so
</IfModule>

# Any requests to this directory are Auth required
<Directory /usr/share/redmine>
    AuthType Basic
    AuthName "Redmine"
    AuthUserFile /usr/share/redmine/config/htpasswd
    Require valid-user
</Directory>

# Here we expose the same directory, three ways
Alias /private /var/www/private
Alias /semi-private /var/www/private
Alias /open /var/www/private

# Primary auth file
<Location /private>
    AuthType Basic
    AuthName "Protected Space"
    AuthUserFile /path/to/first/htpasswd
    Require valid-user
</Location>

# different auth file
<Location /semi-private>
    AuthType Basic
    AuthName "Semi-Protected Space"
    AuthUserFile /path/to/second/htpasswd
    Require valid-user
</Location>

# Now here we can get to those paths w/o auth
# This is the kind of thing we must watch for when not using Directory
<Location /open>
    AuthType Basic
    AuthName "Semi-Protected Space"
    AuthUserFile /path/to/second/htpasswd
    Require valid-user
</Location>


HTTP Digest

If using these methods Digest is preferred over Basic

LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so

<Location /private>
    AuthType Digest
    AuthName "Protected Space"
    AuthDigestDomain /private/ /and/another http://still.one.more/
    AuthUserFile /path/to/file/htpasswd
    Require valid-user
</Location>

# Implement similar configuration for various directores and locations.

See Also

Loading Comments from Disqus...