(08) Basic Authentication

Set Basic Authentication to limit access on specific web pages.

1. Username and password are sent with plain text on Basic Authentication, so Use secure connection with SSL/TLS setting, refer to here.

2. Configure Apache2. For example, set Basic Authentication to the directory [/var/www/html/auth-basic].

root@www:~# apt -y install apache2-utils
root@www:~# vi /etc/apache2/sites-available/auth-basic.conf
# create new

<Directory /var/www/html/auth-basic>
    SSLRequireSSL
    AuthType Basic
    AuthName "Basic Authentication"
    AuthUserFile /etc/apache2/.htpasswd
    require valid-user
</Directory> 

# add a user : create a new file with [-c]

root@www:~# htpasswd -c /etc/apache2/.htpasswd debian

New password:     # set password

Re-type new password:
Adding password for user debian
root@www:~# mkdir /var/www/html/auth-basic

root@www:~# a2ensite auth-basic

Enabling site auth-basic.
To activate the new configuration, you need to run:
  service apache2 reload

root@www:~# systemctl reload apache2
# create a test page

root@www:~# vi /var/www/html/auth-basic/index.html

<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Test Page for Basic Authentication
</div>
</body>
</html>

3. Access to the test page from any client computer with web browser. Then authentication is required as settings, answer with a user added in 1.

4. That's OK if authentication is successfully passed and test page is displayed normally.