Let's say we need to restrict some files that will be located under /var/www/secret (/var/www is our DocumentRoot - aka the place where our site html/java/php stuff is located).
First we need to create (-c flag) a new user and set it a password, pay attention to the file path, it will contain the username and it's encrypted password (somewhat similar to /etc/shadow):
#htpasswd -c /etc/apache2/userslist admin
Retype new password:*****Adding password for user admin
We can change the password later with htpasswd command (without any flag).
After we've added the user we need to edit our site configuration file, on Debian it's located under: /etc/apache2/sites-available/default
We need to edit our directory block with the proper settings, it should look something like this (pay attention to the last directory block):
If we want to allow more than one user we can add more valid users in the "Require user" line, More elegant approach will be to create group file (like /etc/apache2/groupfile) that will look something like this:
admins:paul admin bob dave
2 lines will be changed:
instead of require user , require group.
instead of AuthUserFile /path/to/file, AuthGroupFile /path/to/file
Last thing left is to restart apache: