Securing Apache

Previous page
Table of content
Next page


In addition to properly configuring Apache, you can secure access to directories (or even the entire server) through authentication.

Before you enable authentication in the server, you're going to need to create an authentication database of users and passwords.

To create an Apache password file

1.

Log in as root, or use su to become root.

2.

cd /path/to/apache

Change to the directory with your Apache httpd.conf file (Code Listing 9.7). This isn't a requirement, as you can put the password file anywhere.

Don't put your password file in a directory that's accessible through the Web server, as this would be a security risk.

3.

htpasswd - c

 /path/basic-auth-passwords user

Create (the -c option) the basic-auth-passwords file in path (you can put this in the same directory as httpd.conf, and you can name it anything). Add user to this file after prompting for user's password.

This password is used only for this Web server, and it should be different from the user's usual passwords.

Code listing 9.7. Creating a password file for use with Apache's basic authentication.
 bsd# cd /usr/local/etc/apache2 bsd# htpasswd -c basic-auth-passwords chrish New password: Re-type new password: Adding password for user chrish bsd# chmod 640 basic-auth-passwords bsd# htpasswd basic-auth-passwords megatron New password: Re-type new password: Adding password for user megatron

4.

At the "New password" prompt, enter user's password. Enter the password again at the "Re-type new password" prompt to verify it.

5.

chmod 640 /path/basic-auth-passwords

Make the basic-auth-passwords file readable/writable by root, and readable by members of root's primary group (usually wheel, but admin on Mac OS X).

6.

htpasswd /path/basic-auth-passwords user

Use the htpasswd command without the -c option to add more users to the basic-auth-passwords file.

To enable basic authentication in Apache

You can specify these authentication directives in .htaccess files or in the httpd.conf file's Directory directive.

1.

Log in as root, or use su to become root.

2.

Use your favorite text editor to edit the httpd.conf file.

3.

Find the Directory directive you want to restrict to authenticated users. You can add this to the default Directory directive if you want to restrict the entire site.

4.

Add the following directives to the Directory block:

 AuthType Basic AuthName "message" AuthUserFile /path/basic-auth-passwords Require valid-user

The message is displayed in visitors' Web browsers when they are prompted for a user name and password to access the site. Replace the path with the full path to your basic-auth-passwords file.

5.

Save the httpd.conf file and exit your editor.

6.

apachectl -t && apachectl restart

Check the httpd.conf for syntax errors and restart the server.

7.

Use your favorite Web browser to access an authenticated part of the browser. You should be prompted for a user name and password before being allowed to access the page.


    Previous page
    Table of content
    Next page
    Unix Advanced. Visual QuickPro Guide
    Unix Advanced: Visual QuickPro Guide
    ISBN: 0321205499
    EAN: 2147483647
    Year: 2003
    Pages: 116
    Authors: Chris Herborth
    BUY ON AMAZON
    Qshell for iSeries
    Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
    Twisted Network Programming Essentials
    The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
    DNS & BIND Cookbook
    User Interfaces in C#: Windows Forms and Custom Controls
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy