Again, this is almost a copy-and-paste recipe. This configuration will allow you to ask for a password to access a specific directory published through HTTP. It is very handy and I use it very often, so it is worth having it in an article.
Edit your .htaccess file and put the following content:
AuthUserFile /etc/httpd/htpasswd
AuthName "Please Log In"
AuthType Basic
require valid-userAfter that, you must use the htpasswd command to create the proper hashes in the pointed file.
Be sure your Apache configuration, in the <Directory> that points to your directory the AllowOverride parameter is set correctly. Usually, a value of All is enough. CentOS has it disabled by default.
Some security concerns:
- Basic auth sends the user and password in encoded with base64
- You should use it with HTTPS, a good way to do this is by adding some extra configuration into the .htaccess file to redirect your HTTP traffic to HTTPS transparently
Good luck!
";