Apache Basic Auth and Controlling Access: Difference between revisions
Jump to navigation
Jump to search
Cesar Chew (talk | contribs) No edit summary |
(No difference)
|
Latest revision as of 17:47, 24 November 2014
<slideshow style="nobleprog" headingmark="⌘" incmark="…" scaled="true" font="Trebuchet MS" >
- title
- Apache Basic Auth and Controlling Access
- author
- Sam Bashton (NobleProg Ltd)
</slideshow>
Basic Auth ⌘
- Basic authentication is built into HTTP
- Sends a hash of username:password in the HTTP header
- Also works over HTTPS
- It requires no modification of any code
- User interaction handled by the browser
Configuring HTTP auth in Apache ⌘
- First, we need to create a password file and add a user
``` $ htpasswd -mc /etc/httpd/htpasswd example ```
- This creates the file /etc/httpd/htpasswd file, with the user 'example'
- Do this **only when creating a new password file**
- To add more users (in this case **example2**:
``` htpasswd -m /etc/httpd/htpasswd example2 ```
Requiring authentication ⌘
- In the vhost config, add a Location section
``` <Location /> AuthType Basic AuthName "Authentication" AuthUserFile /etc/httpd/htpasswd Require valid-user </Location> ```
Limiting access by IP ⌘
- You can also limit by IP address
``` <Location /> Order allow,deny Allow from 192.168.1.1 Deny from all </Location> ```
Requiring a password only to some IPs ⌘
- All everyone from a certain set of IPs access without a username/password
- Require that anyone accessing from outside must supply username/password
``` <Location /> AuthType Basic AuthName "Authentication" AuthUserFile /etc/httpd/htpasswd Require valid-user Allow from 192.168.1.1 Deny from all Satisfy any </Location> ```
Exercise ⌘
- Make the virtualhost specified in /etc/httpd/conf.d/example.conf require a username + password
