How To Set Up Password Authentication with Apache on Linux Ubuntu

Password authentication is use for securing web resources and limiting access to authorized users. 

Password Authentication

Benefits of using password authentication

  • Access Control
  • User Management
  • Security
  • Privacy and Confidentiality
  • Temporary Access
  • Compatibility

Step 1 — Installing the Ubuntu Apache Utilities Package

Apache utility called as a htpasswd, part of the apache2-utils package. This package is a manage the username and passwords needed to access restricted content.

sudo apt update
sudo apt install apache2-utils

Step 2 — Creating the Password access File

The htpasswd command will allow to create a password file for that Apache can use to authenticate users.

We will create .htpasswd file in the /etc/apache2 directory. we have add the -c option to create the specified passwdfile.

We have using specify username (sohan)

sudo htpasswd -c /etc/apache2/.htpasswd sohan

This command run after you will be asked the password. Then you can enter the password.

If you check encrypted password in this directory

cat /etc/apache2/.htpasswd


Step 3 — Configuring Apache Password Authentication 

Apache authentication two way you can apply.

1).htaccess file create in the project directory. Below image type content add in the .htaccess file.


2)Another way is apache virtual host in a add project location and authentication file & name add. project apache2 conf file in a add this method.

Add this location in a add authentication method. /etc/apache2/sites-available/Domain_Name.conf


You have set authentication, you can restart apache2 service

sudo systemctl restart apache2

Step 4 — Confirming Password Authentication

Browser in a heat the domain url heat. Then you can check enter the authentication username and password.


If you enter the wrong credentials or hit “Cancel”, you will see the “Unauthorized” error page.

Remember that while password authentication provides basic security, it is not the most secure option available. Consider using additional security measures, such as enabling HTTPS (SSL/TLS) to encrypt communication, and encouraging users to choose strong and unique passwords. For even stronger security, you might also explore more advanced authentication methods like two-factor authentication 2FA(Two factor authentication)

Additionally, always keep your server and software up-to-date to ensure you're benefiting from the latest security improvements and patches.

Post a Comment