Apache Basic Auth and Controlling Access
Jump to navigation
Jump to search
Basic Auth ⌘
- Basic authentication is built into HTTP
- Sends a hash of username:password in the HTTP header
- Also works over HTTPS
- It requires no modification of any code
- User interaction handled by the browser
Configuring HTTP auth in Apache ⌘
- First, we need to create a password file and add a user
``` $ htpasswd -mc /etc/httpd/htpasswd example ```
- This creates the file /etc/httpd/htpasswd file, with the user 'example'
- Do this **only when creating a new password file**
- To add more users (in this case **example2**:
``` htpasswd -m /etc/httpd/htpasswd example2 ```
Requiring authentication ⌘
- In the vhost config, add a Location section
``` <Location /> AuthType Basic AuthName "Authentication" AuthUserFile /etc/httpd/htpasswd Require valid-user </Location> ```
Limiting access by IP ⌘
- You can also limit by IP address
``` <Location /> Order allow,deny Allow from 192.168.1.1 Deny from all </Location> ```
Requiring a password only to some IPs ⌘
- All everyone from a certain set of IPs access without a username/password
- Require that anyone accessing from outside must supply username/password
``` <Location /> AuthType Basic AuthName "Authentication" AuthUserFile /etc/httpd/htpasswd Require valid-user Allow from 192.168.1.1 Deny from all Satisfy any </Location> ```
Exercise ⌘
- Make the virtualhost specified in /etc/httpd/conf.d/example.conf require a username + password
