Authenticate site with Apache2

Are you an open source web developer or application developer? If yes, probably you heard about Apache server but have you heard already regarding its authentication?
If not, this article is for you and for those who want to maximize its authentication feature.

Introduction:
If you have information on your web site that is sensitive or intended for only a small group of people, the techniques in this article will help you make sure that the people that see those pages are the people that you wanted to see them.

This article covers the “standard” way of protecting parts of your web site that most of you are going to use.

Let us define first 2 authentication that Apache 2 offers:

1. BASIC and 2. DIGEST

BASIC Authentication – This module allows the use of HTTP Basic Authentication to restrict access by looking up users in the given providers. This module should usually be combined with at least one authentication module such as `mod_authn_file` and one authorization module such as `mod_authz_user`. In order for this authentication module to work, `mod_auth_basic` module should be enabled or installed first.

DETAILS:
Description:	Basic HTTP authentication
Status:	Base
Module Identifier:	auth_basic_module
Source File:	mod_auth_basic.c
Compatibility:	Available in Apache 2.1 and later

How to use BASIC authentication:
1. Create a .htaccess file under the directories you wanted to protect:
Example: > touch /home/steve/projectdir/jobs.project.com/htdocs/admin/.htaccess

2. Add the following codes on .htaccess file, if override is allowed on httpd.conf apache2 folder:
Example:
AuthType Basic
AuthName “Restricted for members only”
AuthUserFile “/home/steve/projectdir/jobs.project.com/htdocs/admin/htpasswd/.htpasswd”
Require valid-user

3. Create htpasswd folder:
Example: mkdir htpasswd

4. Run this code on command line to create the htpasswd file:
htpasswd -c /home/steve/projectdir/jobs.project.com/htdocs/admin/htpasswd/.htpasswd steve

Note: it will require you to add your password for user you specified

5. To add other user access on existing htpasswd file run this:
htpasswd /home/jelly/projectdir/jobs.project.com/htdocs/admin/htpasswd/.htpasswd jelly

6. Test now on browser. (Note: On IE Edge its not working correctly unless you added double slash at the end)
Example this is your current website. `jobs.project.com`
Now you should be able to see a modal box that will pop-up for you to login. Check the image below.

Modal_Box

DIGEST Authentication – This module implements HTTP Digest Authentication. In order for this authentication module to work, `mod_auth_digest` module should be enabled or installed first.

Description:	User authentication using MD5 Digest Authentication.
Status:	Experimental
Module Identifier:	auth_digest_module
Source File:	mod_auth_digest.c

How to use DIGEST authentication:

1. Create a .htaccess file under the directories you wanted to protect:
Example: touch /home/steve/projectdir/jobs.project.com/htdocs/admin/.htaccess

2. Run this on command line to create the digest file:
htdigest -c /home/steve/projectdir/jobs.project.com/htdocs/admin/admin.users “Restricted for members only” steve

3. To add other user access on existing digest file run this:
htdigest /home/jelly/projectdir/jobs.project.com/htdocs/admin/admin.users “Restricted for members only” jelly

4. To add the following codes on .htaccess, if override is allowed on httpd.conf apache2 folder

Example:
AuthType Digest
AuthName “Restricted for members only”
AuthUserFile “/home/steve/projectdir/jobs.project.com/htdocs/admin/admin.users”
Require user steve

Hope you learn something!