Re: [users@httpd] apache2.conf AuthType Basic

Wed, 11 Mar 2026 06:33:33 -0700

People... Learn how to use AI (securely or with anonymous data), seriously... 

1. Does that path exist ?
2. Does the passwords file have the exact format a htpasswd file should have ? 
3. Did you restart apache2 if you modified the config file ?
4. Do you have user xxx in /etc/apache2/passwd/passwords defined correctly with the correct form of the password ?... 

I use this script for generating htpasswd conf files:
(of course, you need to adapt it to your paths)

compile.sh:

#!/bin/bash

# Path to your existing htpasswd file
HTPASSWD_FILE=/etc/apache2/htpwd/htpasswd

# Your source file with plain passwords
SRC=/etc/apache2/htpwd/src.txt

# Truncate existing file (empty it)
> "$HTPASSWD_FILE"

# Loop through your source file and add users/passwords
while IFS=: read -r user pass; do
  # -b = use password from command line (non-interactive)
  # -B = bcrypt (better security than SHA; but Apache must support)
  # You can use -s for SHA1, but bcrypt (-B) is better if supported
  htpasswd -bB "$HTPASSWD_FILE" "$user" "$pass"
done < "$SRC"
echo ""
echo "Restarting Apache..."
systemctl restart apache2
echo "... done !"
echo ""

I enter "username:password" in my src.txt and run this script.
It produces the entry with hashed password in htpasswd.

Then, I point my conf to that file:

    <Directory "/path/to/secure/dir">
        SSLRequireSSL
        Options -Indexes +FollowSymLinks
        AllowOverride None

        AuthType Basic
        AuthName "<> Red Authentication Required <>"
        AuthBasicProvider file
        AuthUserFile /etc/apache2/htpwd/htpasswd
        Require user RedUser
        ErrorDocument 401 /401.html
    </Directory>


Ensure that this declaration is in a VirtualHost 443 or some form of SSL 
! (HTTPS !)



Do NOT use this in non-https because it exposes your password as 
plain-text. Someone on the network could sniff your password in certain 
conditions.


Cu stima,
Adam Mihai Gergely
Informatician
www.infosky.ro

On 3/11/26 15:07, Egon Frerich wrote:



I want to allow only user with password to see /gitweb. I put this 
into apache.conf:



|<Directory /opt/gitweb> Options Indexes FollowSymLinks AllowOverride 
None #Require all granted AuthType Basic AuthName "flora" 
AuthBasicProvider file AuthUserFile "/etc/apache2/passwd/passwords" 
Require user xxx </Directory> |


But could see gitweb without a password.

What should I do?

Egon























					Reply via email to