Introduction
After the creation of a website there may be the need to restrict access to certain areas to specific users only. When using a CMS or a web application, there may be some features already integrated to do so, but not everyone knows that there is the possibility to access to some folders directly from the Apache web server configuration.
In this tutorial you will see how to create users and restrict their access to specific Apache directories on a Linux CentOS 8 distribution, either by modifying the Apache configuration or by using the htaccess file.
First, connect to your server via an SSH connection. If you haven't done so yet, following our guide is recommended to
connect securely with the SSH protocol. In case of a local server, go to the next step and open your server terminal.
Creating the reserved area on Apache
Through the terminal move to the Apache DocumentRoot with this command:
$ cd /var/www/html
Create the "reserved" folder and go inside it:
$ sudo mkdir reserved && cd reserved
Use the nano editor to create the index.html file:
$ sudo nano index.html
Paste this sample content for the reserved area into the html file:
<html>
<head></head>
<body>
<h2>Reserved Area</h2>
<b>Welcome!</b>
</body>
</html>
Save the file by pressing CTRL + X, then Y and finally ENTER.
At this point your reserved area is ready, but still visible to everyone. Now, it’s time to create the user that will have permission to view it.
Creating the htpasswd file with the authentication data
Use the htpasswd command to create authentication credentials by entering the proper username to use in the place of the USERNAME word:
$ sudo htpasswd -c /etc/httpd/.htpasswd USERNAME
At this point, you will be prompted to enter a user password for your authentication.
N.B. To add a new user to the file, just enter the same command without the -c flag, like this:
$ sudo htpasswd /etc/httpd/.htpasswd USERNAME
Restricting access to the directort
At this point, configure Apache to restrict access to the directory only to users entered in the.htpasswd file. To do so, edit the Apache configuration file or use the.htaccess file.
Editing the Apache configuration file
Edit the Apache configuration file using the nano editor:
$ sudo nano /etc/httpd/conf/httpd.conf
Immediately after the DocumentRoot configuration block (/ var / www / html) paste the following content:
<Directory "/var/www/html/reserved">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/httpd/.htpasswd
Require valid-user
</Directory>
To obtain this result:
...
#
# Relax access to content within /var/www.
#
<Directory "/var/www">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
# Further relax access to the default document root:
<Directory "/var/www/html">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in.htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
<Directory "/var/www/html/reserved">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/httpd/.htpasswd
Require valid-user
</Directory>
....
Save the file by pressing CTRL + X, then Y and finally ENTER.
Finally, restart the Apache service to apply the changes:
$ sudo systemctl restart httpd
Use the.htaccess file
Alternatively, edit the Apache configuration file using the nano editor:
$ sudo nano /etc/httpd/conf/httpd.conf
Change the "AllowOverride" directive, related to the DocumentRoot <Directory> block, to "All". In this way:
...
# Further relax access to the default document root:
<Directory "/var/www/html">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in.htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
....
Save the file by pressing CTRL + X, then Y and ENTER.
Finally, restart the Apache service to apply the changes:
$ sudo systemctl restart httpd
Then, go to the "reserved" folder and create the ".htaccess" file:
$ cd /var/www/html/reserved && sudo nano.htaccess
Paste the following content:
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/httpd/.htpasswd
Require valid-user
Save the file by pressing CTRL + X, then Y and finally ENTER.
Verifying authentication functionality with password
To verify that the reserved area has been correctly configured, browse to the corresponding internet address, that is, http: //IP.SERVER/reserved.
NB Clearly replace "IP.SERVER" with your server IP or website address.
A message requesting to enter the previously created credentials will appear.
In case of correct credentials, the reserved area will be shown:
Otherwise an error will be displayed:
At this point you will have correctly configured the reserved area of your website on CentOS 8 to restrict access to the files in the "reserved directory" "of Apache.