How to configure basic authentication in Apache httpd virtual hosts?
Solution 1
You should place this inside a Location directive:
<VirtualHost *:8080>
<Location /> #the / has to be there, otherwise Apache startup fails
Deny from all
#Allow from (You may set IP here / to access without password)
AuthUserFile /usr/local/etc/httpd/users
AuthName authorization
AuthType Basic
Satisfy Any # (or all, if IPs specified and require IP + pass)
# any means neither ip nor pass
require valid-user
</Location>
...
</VirtualHost>
Solution 2
I am running Apache2 on ubuntu 10.04 — same problem and thanks for the solution. I found that I had to put the configuration in /etc/apache2/apache2.conf
You can generate the username and password using htpasswd. New file:
$ htpasswd -c /srv/auth/.htpasswd squire
To append to existing file:
$ htpasswd -b /srv/auth/.htpasswd squire2 tickleme2
Solution 3
You can protect a Location or a Directory. For a Directory add something like:
<Directory /some/dir/cgi-bin/>
Options +ExecCGI
AddHandler cgi-script .cgi
AuthType Basic
AuthName 'Private scripts'
AuthUserFile '/some/other/dir/.htpasswd'
Require valid-user
</Directory>
You can also add Deny
and Allow
directives for a finer control.
Solution 4
It sounds like you're specifying the authentication settings within the VirtualHost
. Typically, these settings are specified under the Directory
directive.
You could also use .htaccesss
files, but specifying in the Apache conf is a good default, as it has less exposure.
Solution 5
I'm running Apache2 on ubuntu 10.10. I've been having problems with all the solutions above, but this worked well (from apache docs):
<Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all AuthType Basic AuthName "Restricted" AuthBasicProvider file AuthUserFile /etc/users Require user visitor </Directory>
The biggest difference from the answers above seems to be the AuthBasicProvider directive set to "file" and the Require directive including the "user" bit before the actual username.
Hope this helps someone.
Related videos on Youtube
Jader Dias
Updated on September 17, 2022Comments
-
Jader Dias almost 2 years
I'm trying to configure mercurial access using Apache http. It requires authentication. My
/etc/apache2/sites-enabled/mercurial
looks like this:NameVirtualHost *:8080 <VirtualHost *:8080> UseCanonicalName Off ServerAdmin webmaster@localhost AddHandler cgi-script .cgi ScriptAliasMatch ^(.*) /usr/lib/cgi-bin/hgwebdir.cgi/$1 </VirtualHost>
Every tutorial I read on the internet tells me to insert these lines:
AuthType Basic AuthUserFile /usr/local/etc/httpd/users
But when I do it I get the following error:
# /etc/init.d/apache2 reload Syntax error on line 8 of /etc/apache2/sites-enabled/mercurial: AuthType not allowed here
My distro is a customized Ubuntu called Turnkey Linux Redmine
-
shorif2000 about 11 yearsthis does not work for me.
<Location /opt/mcmap/shapefiles.php> AuthType Kerberos AuthName KerberosLogin KrbServiceName HTTP/intranet.spectrumasa.com KrbMethodNegotiate On KrbMethodK5Passwd On KrbAuthRealms DOMAIN.COM Krb5KeyTab /etc/httpd/conf/intranet.keytab require valid-user Options Indexes MultiViews FollowSymLinks AllowOverride All Order allow,deny Allow from all SetOutputFilter DEFLATE </Location>
-
Buttle Butkus almost 11 yearsThe apache doc page explains all this, but annoyingly never gives you a complete example. I copied part of their example, but missed the
require valid-user
portion. A complete example can be a wonderful thing. Thanks. -
agbb over 8 years@sharif should be <Location />, meaning access to the root url of yourhost.com/ should require that auth configuration
-
Sz. over 7 yearsWhy was
<Location />
edited to<Location>
with an internal log message of "fixed ... to avoid a lot of trouble", but telling nothing about the real reason in the answer itself? There is no such thing as a<Location>
directive (i.e. one without a location) in Apache. That definitely causes trouble now. ;) (See e.g. above.) -
Colin 't Hart over 2 yearsThis answer contains an annoying mix of old and new directives. Remove the
Deny from all
andSatisfy Any
and disable the modulemod_access_compat
for a cleaner solution.