Home arrow Site Administration arrow Page 2 - Getting More Out Of Apache (Part 2)

Eyes Only - Administration

Learn more about the world's best-loved Web server, with examplesof Apache's authentication and logging capabilities, and also pay a briefvisit to its unique URL re-writing module.

  1. Getting More Out Of Apache (Part 2)
  2. Eyes Only
  3. Identity Check
  4. Grouping Things Together
  5. Timmmmmmbbbbberrrr!
  6. When Things Go Wrong
  7. Just Rewrite It!
  8. Putting It Into Practice
By: icarus, (c) Melonfire
Rating: starstarstarstarstar / 1
January 23, 2001

print this article


Security has always been a prime concern so far as the Internet isconcerned; barely a week passes without media reports of security breachesat one Web site or another. If this is something you're concerned about(and you should be), you can set up Apache to protect confidentialinformation on your Web site with a simple form of user authentication.

Apache's user authentication mechanism is based on the traditionalusername-password challenge mechanism. When the Web server receives arequest for a directory or file that it knows to be a protectedresource (aka "realm"), it responds by sending the client browser anauthentication challenge. It is only after receiving a valid username andpassword back from the client browser that access is granted to the realm.

The concept is simple, and it works well; however, implementing it requiresa little more work.

The simplest way to add protection to a specific directory is via the".htaccess" file. In order to see how this works, create a file named".htaccess" in the directory you wish to protect. Open the file in yourfavourite text editor and add the following lines to it:

# members table AuthType Basic AuthName "Top-Secret Information" AuthUserFile /usr/local/apache/auth/mfre/users require valid-user
The first two directives are pretty standard - the AuthType directivespecifies the type of authentication (usually "Basic", although there isalso a "Digest" type of authentication), while the AuthName directivespecifies a name or description for the resource. This description willappear in the client browser when the user attempts to access the protecteddirectory, so you should choose something descriptive.

The AuthUserFile directive specifies the location for the file containing alist of authorized users, together with their passwords. This file should*always* be placed outside the Web server root, in an area notaccessible to a browser; if this is not done, anyone can download the fileand view the information in it.

Finally, the "require valid-user" statement specifies the kinds of usersthat have access to this directory - in this case, it means that all validusers (read: users listed in the authorization file) have the ability toview the contents of the directory. You could further restrict the numberof people allowed access by specifying user or group names - for example,the statement "require user joe beth" would only allow users "joe" and"beth" access to this area.

You should be aware, however, that the server will only read the".htaccess" file if it is configured to do so. In order to confirm this,open up your main Apache configuration file, "httpd.conf", and look for the tags which reference your Web server root. These tags shouldlook something like this:

...stuff... AllowOverride All ...stuff...

AllowOverride All
directive tells the server that global configuration parameters can beoverridden by local ones - the parameters in the per-directory ".htaccess"file.

>>> More Site Administration Articles          >>> More By icarus, (c) Melonfire

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Coding: Not Just for Developers
- To Support or Not Support IE?
- Administration: Networking OSX and Win 7
- DotNetNuke Gets Social
- Integrating MailChimp with Joomla: Creating ...
- Integrating MailChimp with Joomla: List Mana...
- Integrating MailChimp with Joomla: Building ...
- Integrating MailChimp with Joomla
- More Top WordPress Plugins for Social Media
- Optimizing Security: SSH Public Key Authenti...
- Patches and Rejects in Software Configuratio...
- Configuring a CVS Server
- Managing Code and Teams for Cross-Platform S...
- Software Configuration Management
- Back Up a Joomla Site with Akeeba Backup

Developer Shed Affiliates


Dev Shed Tutorial Topics: