Password Protect My Website

Question

I have recently created a new Amazon EC2 instance using Amazon Linux AMI. What is the best way to force a user accessing the domain to enter a username/password before allowing access to the site?

I am currently using apache http server, and saw some resources indicating I need to use a .htaccess file, but was looking for a more concise explanation.

Answer 1

Password Protecting Site via Htaccess

1. Create a .htaccess file with the following in the to-be-protected folder:

   AuthType Basic
   AuthName "Password Protected Area"
   AuthUserFile /var/www/admin/.htpasswd
   Require valid-user
   

2. Create a .htpasswd file in the same or preferably a folder that is outside /var/www.

   For demonstration, I used a dummy path above. The .htpasswd file should contain your password salt use this generator to create your .htpasswd file.

3. Assuming you are using ubuntu, you have to enable htaccess override via this file: /etc/apache2/sites-available/default

   Change the "AllowOverride None" to "AllowOverride All" in:

   <Directory /var/www/>
      Options Indexes FollowSymLinks MultiViews
      AllowOverride None
      Order allow,deny
      allow from all
   </Directory>
   

note: you may need to edit in ssh via command line: sudo nano /etc/apache2/sites-available/default

4. sudo /etc/init.d/apache2 reload