htaccess is the best way to password protect directories. It can also be used to give user or group specific access to directories. This will tell you how to setup apache for htaccess and to set up basic protection.
Open up /etc/apache2/sites-available/default
# vim /etc/apache2/sites-available/default
find the lines that look like the following:
Options Indexes FollowSymLinks MultiViews +SymlinksIfOwnerMatch
IndexOptions NameWidth=* +SuppressDescription
AllowOverride None
Order allow,deny
allow from all
In order to use htaccess, you’ll need to change the line
AllowOverride None
To
AllowOverride AuthConfig
Now restart apache for the changes to take effect.
# /etc/init.d/apache2 restart
Create a file in the dir you want to protect called .htaccess
# vim /var/www/.htaccess
AuthUserFile /var/www/.htpasswd
AuthGroupFile /dev/null
AuthName “Himanthaj Test Login”
AuthType Basic
require valid-user
To create an initial .htpasswd file, use the -c tag.
The syntax is: htpasswd passwordfilename user (add -c if you’re creating the file)
# htpasswd -c /var/www/.htpasswd himanthaj
New password:
Re-type new password:
Adding password for user himanthaj
To create new users in the same file, simply drop the -c.
# htpasswd /var/www/html/.htpasswd guest
New password:
Re-type new password:
Adding password for user guest
When running htpasswd it will ask you for that username’s password. Now, everything should be set up, and your directory should be protected.