Apache basic authentication

From OpenWetWare
Revision as of 17:29, 3 January 2012 by Ben Woodcroft (talk | contribs) (Acknowledgements)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Apache basic authentication is a general mechanism to password-protect certain webpages, without installing anything extra on top of Apache web server. Apache comes already installed on OSX computers, and can easily be installed on Linux computers. Windows users can also probably use this tutorial as well, but that has not been tested by the author(s). As password-protection of a server is not a problem specific to bioinformatics, there are numerous websites detailing how to set it up. Here, a protocol specific to setting up a wwwblast server is provided, assuming there may be multiple wwwblast installations on the one server.

Tell Apache to use password-protection

As an administrator, add the following lines to your Apache config of the directory you want to password-protect. The apache config file might be for instance, /etc/httpd/httpd.conf or /etc/apache2/conf.d/blast.conf

  AuthUserFile /etc/apache_users
  AuthName "myblastname welcome message"
  AuthGroupFile /etc/apache_groups
  AuthType Basic
  Require group myblastname

So then the whole directory entry might look like this, for example:

<Directory "/Users/ben/Sites/blast">
  Options FollowSymLinks +ExecCGI +Indexes
  AuthUserFile /etc/apache_users
  AuthName "myblastname welcome message"
  AuthGroupFile /etc/apache_groups
  AuthType Basic
  Require group myblastname

Apache needs to be restarted for this to take effect. The easiest way to do this is to restart the computer. If that is not possible, it may be possible to use apache2ctl. As an adminstrator,

$ apache2ctl graceful

After restarting the webserver, going to your webpage e.g. http://localhost/~ben/blast/blast.html should now require a password. However, you won't be able to login just yet.

Specify the passwords themselves

The first time a password is specified, the file that stores the passwords needs to be created. The passwords are encrypted in this file. Use the -c flag to create the file. As an administrator,

$ htpasswd -c /etc/apache_users <myfirstusername>
New password: 
Re-type new password: 
Adding password for user <myfirstusername>

replacing <myfirstusername> with the login name of the first user. It is normal that nothing appears to happen when you type / copy the password in (unlike what happens when you login to your computer and stars or dots appear).

As usual with passwords, it is most likely best to specify a strong password. There are many websites that will generate strong passwords randomly, for instance the first google hit for "password generator".

After this users file has been created, the -c flag can be omitted:

$ htpasswd /etc/apache_users <mysecondusername>
New password: 
Re-type new password: 
Adding password for user <mysecondusername>

After this step is complete there should be a new file /etc/apache_users with username and encrypted passwords in it, for instance


Add users to groups

Above, in the apache configuration file, these lines were specified:

  AuthGroupFile /etc/apache_groups
  Require group myblastname

was specified. This means that only people in the group "myblastname" will be able to get through the password protection. To specify who is in which group, create a new file in a text editor, use the template below, and save it as "/etc/apache_groups":

myblastname: mysecondusername myfirstusername

After this step is complete, you should be able to login to your blast webpage.


When configuring Apache, it is easy to lose track of whether you are logged into particular servers. Therefore, it is best to start a new browser session and go from start to finish. Open up a browser you don't usually use (e.g. if you use Safari usually, then open up Firefox). Go to your server's webpage and make sure that:

  1. It asks you for a password. If it doesn't then your server isn't password-protected.
  2. You can actually login using the username/password that you expect.


Creation of this wiki page by User:Ben Woodcroft was funded by Dan Jackson's group at the University of Göttingen.