Lock down web site directory in Apache

By | June 24, 2013

First, make sure you Virtual Host container with your site configuration has the following section:

<Directory “/var/www/path/to/your/website/html”>
allow from all
Options -Indexes
AllowOverride All

This will you to create .htaccess files to have directory level control over certain sections of your site.  Next, we need to create the .htaccess file.  Go to your web site directory and use your favorite text editor to create a file in that directory named .htaccess (period is necessary to keep it hidden).  This file will contain the following:

AuthType Basic
AuthName “Admin Section”
AuthUserFile /var/www/path/to/your/website/html/.htpasswd
Require valid-user

Now that we are referencing the .htpasswd file, we need to create the file using the following command:

htpasswd -c /var/www/path/to/your/website/html/.htpasswd username

Where username is the username you specify.  It will prompt you for your password twice for the user you specify.  After you’ve done so your directory will be locked down.