How to password protect a webpage on
Fedora 8, Apache.
March 12 , 2008

These are basic steps that can be taken to protect a website behind a user account name and password. One method is to setup an .htaccess file with the appropriate settings, but here we describe how to password protect a webpage with modifications made to the server's settings.

This howto assumes you have the following setup:

  Fedora 8 with Apache version 2.2.6. ,

a functioning webserver with the following test URL to the website:


which is accessing the html files from the following location on the server:


This will be the directory which we will try to password protect.

First we create the password file. This file will contain the names and passwords of the users we wish to allow access to the website. This file can be placed anywhere on the server, but it is best to not place it anywhere within the html accessible directories of the website itself.

So as root, we will create a directory for it as follows:

  >  cd  /etc

  >  mkdir  webpasswords

Here we will create the initial password file called testpasswords, using the command htpasswd, for a user called trill.

  > htpasswd  -c  /etc/webpasswords/testpasswords trill

When the program asks, enter the password:


Other command line options to htpasswd will allow you to add or delete more users.

For example, to add another user, called "asmith":

  > htpasswd   /etc/webpasswords/testpasswords asmith

When the program asks, enter the password:


This will append the user "asmith" to the passwords file, with the above password.

Printing out the contents of the password file should list the two users names and the encrypted passwords:

  >  cat   /etc/webpasswords/testpasswords

The last step is to modify the server's configuration file: httpd.conf. First make a backup of the file:

  >  cd   /etc/httpd/conf

  >  cp   httpd.conf   httpd.conf.saved

Next, append the following to the end of the configuration file (httpd.conf):

  <Directory "/var/www/testsite">
  AuthType Basic
  AuthName "testsite files"
  AuthUserFile /etc/webpasswords/testpasswords
  Require valid-user

Or, even better, place the above lines into thier own configuration file, call it, for example: webpage_auth.conf.
Then place that file into the directory:


Any configuration file placed in the above directory (/etc/httpd/conf.d) will be accessed during a restart of the Apache server, if the main configuration file (/etc/httpd/conf/httpd.conf) contains the line:

   Include conf.d/*.conf

Notice that the paths listed above /var/www/testsite, and /etc/webpasswords/testpasswords, point to the directory of the website we wish to password protect and to the location of the password file, respectively.

And finally, restart the server. There are operating system line commands for restarting the http daemon, but a GUI is just as easy

  >  /usr/bin/system-config-services

Scroll down, select the daemon labeled httpd, and hit restart. Hopefully Apache restarts successfully, if not, then you may need to reload the original configuration file (httpd.conf) and try again.

To test the setup, open up a web browser and access the website:


If everything has been done correctly a popup window should appear asking for a user name and password. Entering one of the user names and passwords previously added should allow access to the website.

dark maelstrom icon dark maelstrom
flash games
  t-shirt icon dark maelstrom
t-shirt designs

  purple bitcoin icon 1NempEdpogR6XB6QUky9wAd7HjaAy9M5ts