Apache Basic Auth and Controlling Access

From Training Material
Jump to navigation Jump to search
Category:Apache
title
Apache Basic Auth and Controlling Access
author
Sam Bashton (NobleProg Ltd)

Basic Auth ⌘

  • Basic authentication is built into HTTP
  • Sends a hash of username:password in the HTTP header
  • Also works over HTTPS
  • It requires no modification of any code
  • User interaction handled by the browser

Configuring HTTP auth in Apache ⌘

  • First, we need to create a password file and add a user
```
$ htpasswd -mc /etc/httpd/htpasswd example
```
  • This creates the file /etc/httpd/htpasswd file, with the user 'example'
  • Do this **only when creating a new password file**
  • To add more users (in this case **example2**:
```
htpasswd -m /etc/httpd/htpasswd example2
```

Requiring authentication ⌘

  • In the vhost config, add a Location section
```
<Location />
   AuthType Basic
   AuthName "Authentication"
   AuthUserFile /etc/httpd/htpasswd
   Require valid-user
 </Location>
```

Limiting access by IP ⌘

  • You can also limit by IP address
```
 <Location />
   Order allow,deny
   Allow from 192.168.1.1
   Deny from all
 </Location>
```

Requiring a password only to some IPs ⌘

  • All everyone from a certain set of IPs access without a username/password
  • Require that anyone accessing from outside must supply username/password
```
 <Location />
   AuthType Basic
   AuthName "Authentication"
   AuthUserFile /etc/httpd/htpasswd
   Require valid-user
   Allow from 192.168.1.1
   Deny from all
   Satisfy any
 </Location>
```

Exercise ⌘

  • Make the virtualhost specified in /etc/httpd/conf.d/example.conf require a username + password
Retrieved from "https://training-course-material.com/index.php?title=Apache_Basic_Auth_and_Controlling_Access&oldid=23958"