6. Security and Access ControlUnderstanding the Need for Access Control Differences Between Apache Versions Understanding Basic and Digest Authentication Introducing Apache Access Control Introducing Apache Authorization and Authentication Configuration Creating a User Database Using Require to Authorize Users and Groups Handling a Large Number of Users Allowing Access Only to Specific IP Addresses Denying Access to Specific IP Addresses Combining Access Control Methods Customizing Your Access Denied Page Putting Users in Control Denying Access to System and Sensitive Files Restricting Program Execution Preventing Abuse Disabling Directory Listings Changing the Server: Header Preventing Hotlinking to Your Images Restricting Specific HTTP Methods Restricting Access Based on the Browser Type Using Location and Directory Sections Additional Authentication Modules Apache 2.2 Keeping Up to Date with Apache Security Security Checklist |