<!-- review: finished -->

<a id="http-auth-basic"></a>

# Auth Basic

Allows limiting access to resources by validating the user name and password using the "HTTP Basic Authentication" protocol.

Access can also be limited by [address](https://en.angie.software//angie/docs/configuration/modules/http/http_access.md#http-access) or by the
[result of subrequest](https://en.angie.software//angie/docs/configuration/modules/http/http_auth_request.md#http-auth-request). Simultaneous limitation of
access by address and by password is controlled by the [satisfy](https://en.angie.software//angie/docs/configuration/modules/http/index.md#satisfy) directive.

<a id="configuration-example-6"></a>

## Configuration Example

```nginx
location / {
    auth_basic           "closed site";
    auth_basic_user_file conf/htpasswd;
}
```

<a id="directives-7"></a>

## Directives

<a id="index-0"></a>

<a id="id1"></a>

### auth_basic

| [Syntax](https://en.angie.software//angie/docs/configuration/configfile.md#configfile)   | `auth_basic` string | `off`;         |
|------------------------------------------------------------------------------------------|--------------------------------------|
| Default                                                                                  | `auth_basic off;`                    |
| [Context](https://en.angie.software//angie/docs/configuration/configfile.md#configfile)  | http, server, location, limit_except |

Enables validation of user name and password using the "HTTP Basic Authentication" protocol. The specified parameter is used as a realm. Parameter value can contain variables.

| `off`   | cancels the effect of the auth_basic directive inherited from the previous configuration level   |
|---------|--------------------------------------------------------------------------------------------------|

<a id="index-1"></a>

<a id="auth-basic-user-file"></a>

### auth_basic_user_file

| [Syntax](https://en.angie.software//angie/docs/configuration/configfile.md#configfile)   | `auth_basic_user_file` file;         |
|------------------------------------------------------------------------------------------|--------------------------------------|
| Default                                                                                  | —                                    |
| [Context](https://en.angie.software//angie/docs/configuration/configfile.md#configfile)  | http, server, location, limit_except |

Specifies a file that keeps user names and passwords. The format is as follows:

```none
# comment
name1:password1
name2:password2:comment
name3:password3
```

The file name can contain variables.

The following password types are supported:

* encrypted with the crypt() function; can be generated using the `htpasswd` utility from the Apache HTTP Server distribution or the "openssl passwd" command;
* hashed with the Apache variant of the MD5-based password algorithm (apr1); can be generated with the same tools;
* specified by the "{scheme}data" syntax as described in [RFC 2307](https://datatracker.ietf.org/doc/html/rfc2307#section-5.3); currently implemented schemes include PLAIN (an example one, should not be used), SHA (plain SHA-1 hashing, should not be used) and SSHA (salted SHA-1 hashing, used by some software packages, notably OpenLDAP and Dovecot).

#### WARNING
Support for SHA scheme was added only to aid in migration from other web servers. It should not be used for new passwords, since unsalted SHA-1 hashing that it employs is vulnerable to [rainbow table](http://en.wikipedia.org/wiki/Rainbow_attack) attacks.