sudo htdigest -c filename realm username
Above, the "realm" argument needs to match AuthName in sites-available/default (add -ssl if you use SSL). You will be prompted to input and verify the password for the user you created.
Next, create the rules in your Apache config. On more modern distributions, you will usually find your site's config in /etc/apache2/sites-available/. If you have only one site and no virtualhosts, you're probably just running off the "default" in the above-mentioned directory, so do:
sudo nano /etc/apache2/sites-available/default
or, if your site is SSL-secured:
sudo nano /etc/apache2/sites-available/default-ssl
and enter the following lines in the config (I placed mine below the <Directory /var/www/>... section):
It is important to note that Apache's own docs say to use AuthDigestFile to point to where your password file is located, but this produces an error when trying to reload/restart apache2 which results in a failure to load. Using AuthUserFile instead fixes this.
The world REALM in quotes for AuthName can be anything but MUST MATCH the "realm" argument in the htdigest command when adding a user to the password file. If anyone finds out otherwise, please let me know (give me as much details as you can), though for me it wouldn't request authentication at all if they didn't match.
The example in Apache2 docs also shows the use of AuthDigestDomain which is actually not required (use it if you actually need it, otherwise leave it out). Leaving it out will force authentication for the entire web server. If this is not desired, use AuthDigestDomain. Ex:
Where "/private-area/" = /var/www/private-area/ directory on your web server.
Once you have the Directory section saved in your config, do:
sudo /etc/init.d/apache2 reload
You should see:
If all went as expected, you should now get a login prompt when accessing your web server, according to how you configured it.
You can also do more advanced things with digest auth, which I won't be covering in this post. For more information on digest auth, please refer to Apache docs: http://httpd.apache.org/docs/2.0/mod/mod_auth_digest.html.