It may happen that there are parts of our web site we do not want to make accessible, for example, those directories have scripts of database administration, type phpmyadmin, or mailers
Apache offers several methods to achieve a level of basic access security. Here we refer to control access to the AuthType directive, which has the advantage of simplicity, as set out in the general file server config, httpd.conf. Obviously we can only use this system if we have full access to server configuration files, which usually only happen if we are the ISP, or if it is our test home server ..
The AuthType directive to determine the type of user authentication. Supports two values basic and digest. Here we see only the first, as digest is still experimental.
Together we must use this directive AuthName and Require directives, as well as AuthUserFile or AuthGroupFile
An example
< Directory htdocs / miadminsql >
AuthType Basic
Private AuthName
AuthUserFile "C: / Program Files / Apache Group/Apache2/bin/contr "
Require valid -user
< / Directory>
By this statement (which must include in the httpd.conf apache ) indicated in the first line is a container whose rules are to apply to the directory htdocs / miadminsql (We can set routes relative or absolute)
In the second line indicates that we want to use the module AuthtypeAnd that the access control method will basic
private AuthName simply serves to indicate the notice to appear in the dialog where the user is prompted for his identity and password. We can put anything, but if it contains spaces , we quote the sentence. You can see in the image below it appears.
AuthUserFile "C: / Program Files / Apache Group/Apache2/bin/contr " indicating the name and path of file containing the list of users that may access the directory, and passwords. On how to create this file then try
Require valid -user is the directive that indicates the range of users who can access the directory. The value used here , valid-userIndicates that any valid user can access , ie anyone who is included in the AuthUserFile.
We have now completed httpd.conf. Now we need to generate the file that contains the IDs and passwords. Such as encrypted data , we can not edit it directly , you generate a program that comes with the Apache distribution : htpasswd.exeThat we find in the / bin / apache .
This is a program that we use command line . Its most interesting options are:
-C Create a new file. If you already existed with the same name, rewrites .
-B batch mode. It allows us to enter the password from the command line (instead of making a prompt to enter it ). The advantage of using -B is the convenience of entering the data row , the disadvantage that the password is visible during their introduction.
filename, The name of the file containing the data
username user identity
passw password.
An example :
C: \ Archiv ... Apache2 \ bin> htpasswd -bc admin blah contr
Automatically using MD5 format.
Adding password for user admin
C: \ Archiv ... Apache2 \ bin>
In the first executable line htpasswd with modifiers -B and -C, Ie , batch mode, and new file , indicating that the file is called contr, The user admin and password blah. The rest is the response confirming the program .
Another example, updating contr adding another user. As we use no switches, not overwrite the file, but adds the new user. Do not introduce the password and the system then prompts us :
C: \ Program Files \ Apache Group \ Apache2 \ bin> htpasswd contr Admin2
Automatically using MD5 format.
New password: ********
Re -type new password: ********
Adding password for user Admin2
C: \ Program Files \ Apache Group \ Apache2 \ bin>
You see, in the first step we created and introduced a user file , and second we have updated the file by adding a second user.
To end an important safety advice . File AuthUserFile you keep it out of htdocs, ie outside of the folder that hosts the pages, so avoid it being downloaded by some curious
If you edit this file (in this case, you would find in the folder / apache2/bin / ) you'll see that contains one line for each user. The line starts with the user name , and the rest is encrypted
