Setting Up Basic Authentication with Apache

Used Software

virtualbox version 6.1

vagrant version 2.2.19

vagrant box: centos/7

apache version 2.4.6

What is Basic Authentication?

In the context of an HTTP transaction, basic access authentication is a method for an HTTP user agent (e.g. a web browser) to provide a user name and password when making a request. In basic HTTP authentication, a request contains a header field in the form of Authorization: Basic <credentials>, where credentials is the Base64 encoding of ID and password joined by a single colon :.


How to Set Up a virtualhost in Apache and Apply Basic Authentication

In this case, the goal is to apply basic authentication to a public screen configured with a VirtualHost installed in vagrant.

Change the Vagrantfile settings and log in to vagrant

Edit the vagrantfile to enable internet access in the local environment.

An example Vagrantfile has the following settings.

# -*- mode: ruby -*-
# vi: set ft=ruby :
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
  # Every Vagrant development environment requires a box. You can search for
  # boxes at = "centos/7"
  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine. In the example below,
  # accessing "localhost:8080" will access port 80 on the guest machine.
  # NOTE: This will enable public access to the opened port "forwarded_port", guest: 80, host: 8080
  # Create a private network, which allows host-only access to the machine
  # using a specific IP. "private_network", ip: ""

In the above file, It is a must that the line about the connection is like below. "private_network", ip: ""

After you edit the file, use the commands below to complete the connection.

vagrant up
vagrant ssh

Install apache and check the test page

Install apache with the command.

sudo yum install httpd

Then check the status.

systemctl status httpd

You will get the result "inactive(dead)" since apache is not started yet.

● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:httpd(8)

So let's start it.

sudo systemctl start httpd

If you check its status after that, you will get the result below.

systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2022-08-12 05:55:17 UTC; 4s ago
Docs: man:httpd(8)
Main PID: 2443 (httpd)
Status: "Processing requests..."
CGroup: /system.slice/httpd.service
tq2443 /usr/sbin/httpd -DFOREGROUND
tq2444 /usr/sbin/httpd -DFOREGROUND
tq2445 /usr/sbin/httpd -DFOREGROUND
tq2446 /usr/sbin/httpd -DFOREGROUND
tq2447 /usr/sbin/httpd -DFOREGROUND
mq2448 /usr/sbin/httpd -DFOREGROUND

Then check if the apache test page is properly displayed.

Check http://localhost:8080 in your browser and if the apache test screen appears, you are good to go.

Set up a virtualhost

The first step is to create a document root for Virtualhost.

mkdir -p /var/www/vhosts/

Once the document root is created, move it to public_html.

cd /var/www/vhosts/

Create files to display under public_html

vi index.html

The content can be described arbitrarily. In this case, it is for a test for Virtualhost, so the wording would be as follows.

This is a test for the basic document

After writing in the page as above, save and close the page with :wq.

Next, create a virualhost conf file. To read the conf file, it must be placed under /etc/httpd/conf.d, so move to a file under conf.

cd /etc/httpd/conf.d/

Once in the conf directory, create a conf for Virtualhost.

vi vhost.conf

Write ServerName and DocumentRoot in vhost.conf.

<VirtualHost *:80>
DocumentRoot /var/www/vhosts/

Restart apache to reflect the configuration.

systemctl restart httpd

Edit the hosts file, as it needs to be configured locally in windows to reflect the settings. the location of the hosts file is in the following directory.


Enter this path in explorer, open the host file in notepad with administrator rights and add the following description.

Then save it.

If the configuration is successful, the site described in index.html will be displayed when you type in your browser.

Next, configure basic authentication on the VirtualHost you have set up.

Set up basic authentication


Set up basic authentication so that it is only applied to sites in the path of the site where basic authentication will be applied this time.

sudo htpasswd -c /var/www/vhosts/ {username}

The user name and password can be set arbitrarily. Type the above command and set the password. Then type the cat command to check that the user and password have been set.

cat /var/www/vhosts/

Ensure that the output result shows the username and hashed password.


Now it is time to configure the settings so that basic authentication is performed. This time .htaccess is used to perform basic authentication.

Create .htaccess files under the document root.

sudo vi /var/www/vhosts/

Then, set up the setting where basic authentication is applied in the .htaccess.

AuthType Basic
AuthName basic auth test
AuthUserFile /var/www/vhosts/
require valid-user

apache is not configured by default to allow .htaccess settings, so you need to configure it to allow them.

Specifically, the settings are added to vhost.conf so that basic authentication can be set for /var/www/vhosts/ The content to be added is the following description.

<VirtualHost *:80>
  DocumentRoot /var/www/vhosts/
  <Directory /var/www/vhosts/>
    AllowOverride AuthConfig

First, <Directory /var/www/vhosts/></Directory> is written to determine which directory the settings should be reflected in. Basic authentication is reflected by setting AllowOverride to AuthConfig. Once these changes have been added, reboot the system to reflect the settings.

sudo systemctl restart httpd

Access again and check the state.

If basic authentication is displayed, this means that the settings have been correctly reflected. Enter the username and password you have set and check that the index.html is displayed properly.

This blog post is translated from a blog post written on our Japanese website.