Additional Authentication Modules

In addition to the main modules that provide IP-based access control and the standard basic and digest authentication, Apache bundles a number of other authentication modules, such as

• mod_auth_anon: Provides for FTP-style "anonymous" user access to file-download areas.

• mod_auth_ldap: This module, available in Apache 2 and later, allows authenticating users against an LDAP directory.

• mod_ssl: This module is covered in detail in Chapter 7 and allows you to use certificate-based client authentication.

One of the virtues of Apache is that it is modular and extensible. A number of third-party modules have been developed that allow Apache to interface with existing authentication frameworks such as Windows domains, LDAP, PAM, and NIS, and user information stored in a variety of databases such as MySQL, PostgreSQL, Oracle, and others. You can find most of those modules at http://modules.apache.org and http://freshmeat.net.

You can always manage authentication at the application level. Usually, this is accomplished by requesting the username and password in a web form and, upon validation, assigning a cookie that authenticates the user for the rest of the session. This is how popular portal and ecommerce sites manage their personalization features.

mod_security

This module deserves a special mention. It is, in essence, an HTTP-level firewall. It allows you to inspect HTTP requests and perform all kind of monitoring, reporting, and access-control operations. It can detect and block common application-level attacks such as those involving SQL-injection and path transversal. You can find more information about this module at http://www.modsecurity.org.