2.9. HTTP Authentication
You may want to allow access to your site to certain users. For example, when you are demonstrating your website to your boss, you will give her username and password for logging into your site.
To allow access to your website by username and password, you can modify the virtual host file as follows:
...
<Directory /home/username/helloworld/public/>
DirectoryIndex index.php
AllowOverride All
AuthType Basic
AuthName "Authentication Required"
AuthUserFile /usr/local/apache/passwd/passwords
Require valid-user
</Directory>
...
Line 5 defines Basic authentication method. The most common method is
Basic. It is important to
be aware, however, that Basic authentication sends the password from the client
to the server unencrypted. This method should therefore not be used for highly
sensitive data. Apache supports one other authentication
method: AuthType Digest. This method is much more
secure. Most recent browsers support Digest authentication.
Line 6 defines the text that will be displayed to user when he tries to log in.
Line 7 defines the file where passwords will be stored. This file should be created
with the htpasswd utility.
Line 8 will allow anyone to log in that is listed in the password file, and who correctly enters their password.
To create passwords file, type the following command:
htpasswd -c /usr/local/apache/passwd/passwords <username>
In the command above, you should replace the <username> placeholder
with the name of the user. You can choose an arbitrary name, for example "admin".
The command will request the user's password and write the password to the file:
# htpasswd -c /usr/local/apache/passwd/passwords <username>
New password:
Re-type new password:
Adding password for user <username>
When the user tries to visit the site, he/she sees the HTTP authentication dialog. To log into your site, the visitor should enter the correct username and password.
For additional information on HTTP authentication, you can refer to Authentication and Authorization topic of Apache documentation.