Restrict access to a an apache directory

If you have a directory inside apache that you want to protect with a password, here is how to do :

Create a new user and set his password :

htpasswd -c /var/www/html/secret_dir/.pass_file secretuser
New password:
Re-type new password:


Modify your virtualhost conf file, by adding this :

<VirtualHost *:80>
    ServerName myServerName
    ServerAlias myServerName
    DocumentRoot "/var/www/html"
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    <Directory "/var/www/html">
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        Allow from All
    <Location /secret_dir>
        Order Allow,Deny
        Allow from all
         #### Authent for secret dir
         AuthUserFile /var/www/html/secret_dir/.pass_file
         AuthName authorization
         AuthType Basic
         require valid-user
         #### End secret authent

Restart apache :

service apache2 restart

That’s it.

Leave a Reply

Your email address will not be published. Required fields are marked *