If we take a look at the .htpasswd file we created, it should look something like this:
This file contains the username, the algorithm used ($apr1 denotes a specific Apache MD5 implementation), the salt, and then the password. While some may be worried at the use of MD5, the htpasswd application iterates the password for 1,000 times to limit brute force attempts. This, combined with salting (the addition of random data) ensures that the password is very hard to brute force.
We will then define two extra directives within our location block directive to enable the basic authentication. The auth_basic directive enables authentication and the "Restricted Area" string is used as a message by some browsers.
We will then ask the authentication module to use the file we created (/var/www/private/.htpasswd) with the auth_basic_user_file directive. Again, as a reminder, make sure that this isn't in a location that can be publicly accessible from your website. Because we have set the location root directive to /var/www/html, and the password file within /var/www/private, it cannot be directly accessed.