Configuring Apache Authentication using either HTTP Basic or HTTP Digest. It's possible to protect based on either Directory (preferred) or Location. Directory is preferred, this way, if there are multiple web-accessible paths to the same directory they will all have the authentication enforeced.
However, complicated setups such that there is access the same file-system path via different URI paths, perhaps different user databases; these must use the Location basis.
htpasswd is used to create the password database for Apache.
htpasswd -cb /path/to/the/file username password htpasswd -b /path/to/the/file username password
It should be noted that this is not the only method. Apache can also connect to LDAP systems, or use custom-built external authentication programs/scripts.
The simplest form we have a location protected by HTTP-Basic authentication.
<IfModule !mod_auth_basic.c> LoadModule auth_basic_module modules/mod_auth_basic.so </IfModule> <IfModule !authn_file_module.c> LoadModule authn_file_module modules/mod_authn_file.so </IfModule> # Any requests to this directory are Auth required <Directory /usr/share/redmine> AuthType Basic AuthName "Redmine" AuthUserFile /usr/share/redmine/config/htpasswd Require valid-user </Directory> # Here we expose the same directory, three ways Alias /private /var/www/private Alias /semi-private /var/www/private Alias /open /var/www/private # Primary auth file <Location /private> AuthType Basic AuthName "Protected Space" AuthUserFile /path/to/first/htpasswd Require valid-user </Location> # different auth file <Location /semi-private> AuthType Basic AuthName "Semi-Protected Space" AuthUserFile /path/to/second/htpasswd Require valid-user </Location> # Now here we can get to those paths w/o auth # This is the kind of thing we must watch for when not using Directory <Location /open> AuthType Basic AuthName "Semi-Protected Space" AuthUserFile /path/to/second/htpasswd Require valid-user </Location>
If using these methods Digest is preferred over Basic
LoadModule auth_digest_module modules/mod_auth_digest.so LoadModule authn_file_module modules/mod_authn_file.so <Location /private> AuthType Digest AuthName "Protected Space" AuthDigestDomain /private/ /and/another http://still.one.more/ AuthUserFile /path/to/file/htpasswd Require valid-user </Location> # Implement similar configuration for various directores and locations.