# Apache basic authentication

Apache basic authentication is a general mechanism to password-protect certain webpages, without installing anything extra on top of Apache web server. Apache comes already installed on OSX computers, and can easily be installed on Linux computers. Windows users can also probably use this tutorial as well, but that has not been tested by the author(s). As password-protection of a server is not a problem specific to bioinformatics, there are numerous websites detailing how to set it up. Here, a protocol specific to setting up a wwwblast server is provided, assuming there may be multiple wwwblast installations on the one server.

# Tell Apache to use password-protection

As an administrator, add the following lines to your Apache config of the directory you want to password-protect. The apache config file might be for instance, /etc/httpd/httpd.conf or /etc/apache2/conf.d/blast.conf

  AuthUserFile /etc/apache_users
AuthName "myblastname welcome message"
AuthGroupFile /etc/apache_groups
AuthType Basic
Require group myblastname


So then the whole directory entry might look like this, for example:

<Directory "/Users/ben/Sites/blast">
AuthUserFile /etc/apache_users
AuthName "myblastname welcome message"
AuthGroupFile /etc/apache_groups
AuthType Basic
Require group myblastname
</Directory>


Apache needs to be restarted for this to take effect. The easiest way to do this is to restart the computer. If that is not possible, it may be possible to use apache2ctl. As an adminstrator,

$apache2ctl graceful  After restarting the webserver, going to your webpage e.g. http://localhost/~ben/blast/blast.html should now require a password. However, you won't be able to login just yet. # Specify the passwords themselves The first time a password is specified, the file that stores the passwords needs to be created. The passwords are encrypted in this file. Use the -c flag to create the file. As an administrator, $ htpasswd -c /etc/apache_users <myfirstusername>


replacing <myfirstusername> with the login name of the first user. It is normal that nothing appears to happen when you type / copy the password in (unlike what happens when you login to your computer and stars or dots appear).

As usual with passwords, it is most likely best to specify a strong password. There are many websites that will generate strong passwords randomly, for instance the first google hit for "password generator".

After this users file has been created, the -c flag can be omitted:

\$ htpasswd /etc/apache_users <mysecondusername>


After this step is complete there should be a new file /etc/apache_users with username and encrypted passwords in it, for instance

myfirstusername:X/ZYo/PJfXMIw


Above, in the apache configuration file, these lines were specified:

  AuthGroupFile /etc/apache_groups
Require group myblastname


was specified. This means that only people in the group "myblastname" will be able to get through the password protection. To specify who is in which group, create a new file in a text editor, use the template below, and save it as "/etc/apache_groups":

myblastname: mysecondusername myfirstusername


After this step is complete, you should be able to login to your blast webpage.

# Checking

When configuring Apache, it is easy to lose track of whether you are logged into particular servers. Therefore, it is best to start a new browser session and go from start to finish. Open up a browser you don't usually use (e.g. if you use Safari usually, then open up Firefox). Go to your server's webpage and make sure that: