How can I secure an Apache web page with Password Authentication on Ubuntu / Debian web server?. How to use Basic Authentication to limit access to specific web pages on Apache?. After installing and configuring your Apache web server, you may want to configure password authentication for a web page. This guide will cover how to set up a password protected directory using basic authentication.

Apache web server can be installed on Ubuntu or Debian server/workstation by running the command below.

sudo apt update
sudo apt -y install apache2

Confirm that the service is started.

$ systemctl status  apache2
* apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
   Active: active (running) since Fri 2019-06-21 12:21:47 PDT; 32s ago
 Main PID: 3797 (apache2)
    Tasks: 55 (limit: 1110)
   CGroup: /system.slice/apache2.service
           |-3797 /usr/sbin/apache2 -k start
           |-3799 /usr/sbin/apache2 -k start
           `-3800 /usr/sbin/apache2 -k start

Jun 21 12:21:47 ubuntu-01 systemd[1]: Starting The Apache HTTP Server...
Jun 21 12:21:47 ubuntu-01 apachectl[3771]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using
Jun 21 12:21:47 ubuntu-01 systemd[1]: Started The Apache HTTP Server.

The following test page should be visible on the server’s IP address/hostname.

install apache debian ubuntu

Configure Apache password protected directory using basic authentication.

After installing Apache web server, install Basic Authentication packages.

sudo apt -y install apache2-utils pwauth libapache2-mod-authnz-external 

Then create Apache website configuration file under /etc/apache2/sites-available directory.

sudo tee /etc/apache2/sites-available/secure-page.conf<<EOF
<Directory /var/www/html/secured>
    AuthType Basic
    AuthName "Basic Authentication"
    AuthUserFile /etc/apache2/.htpasswd
    require valid-user

Add users to the Basic Authentication file.

$ sudo htpasswd -c /etc/apache2/.htpasswd webuser1
New password: 
Re-type new password: 
Adding password for user webuser1

The “-c” option is used to create a file during initial setup. To update file by adding other users, use:

$ sudo htpasswd /etc/apache2/.htpasswd webuser2
New password: 
Re-type new password: 
Adding password for user webuser2

The file with users will have:

$ cat /etc/apache2/.htpasswd

Now enable secure website.

$ sudo a2ensite secure-page
Enabling site secure-page.
To activate the new configuration, you need to run:
  systemctl reload apache2

Create secure website directory.

sudo mkdir -p /var/www/html/secured

Add content to the directory for testing.

sudo tee /var/www/html/secured/index.html<<EOF
<div style="width: 100%; font-size: 50px; font-weight: bold; text-align: center;">
My secure web page - Using Basic Auth

Restart Apache service.

sudo systemctl restart apache2

Test access to the page.

secure apache debian ubuntu 01

When asked for username and password, authenticate with credentials configured earlier.

secure apache debian ubuntu 02

We have confirmed basic authentication to be working for accessing a secure web page. The same procedure applies to secure existing web pages on your server.

You can also check.

Secure LDAP Server with SSL/TLS on Ubuntu

Best secure Backup Application for Linux, macOS & Windows

How To Secure GitLab Server with SSL Certificate

How to Set Secure Password Policy on Zimbra

Your support is our everlasting motivation,
that cup of coffee is what keeps us going!

As we continue to grow, we would wish to reach and impact more people who visit and take advantage of the guides we have on our blog. This is a big task for us and we are so far extremely grateful for the kind people who have shown amazing support for our work over the time we have been online.

Thank You for your support as we work to give you the best of guides and articles. Click below to buy us a coffee.


Please enter your comment!
Please enter your name here