| Author |
Restricted Web Access
|
|
| Mr. Linux Guy 2003-01-03, 11:21 pm |
| A dude axed me a question lately about how to make a certain directory on the web broseable but whcih would require authentication using BSD/Apache. Here was my reply:
You need to create a file called ".htaccess" in the directory that you want protected. The file should look something like this:
AuthUserFile /etc/.htpasswd
AuthGroupFile /dev/null
AuthName "The Bastard Inc"
AuthType Basic
<Limit GET>
require user Randy
</Limit>
This .htaccess file will only allow one user, Randy, to access the directory. Use the "htpasswd" command to set a password for the new user. Substitute your Virtual Server login name for randy below.
# htpasswd -c /usr/home/randy/etc/.htpasswd bier.es.gut;666
You are free to use a different name or directory location for the password file. Just change the /usr/home/randy/etc/.htpasswd above to whatever you want. The -c flag indicates that you are adding a user to the /etc/.htpasswd for the first time. When you add more users and passwords to the same password file, the -c flag is not necessary.
# htpasswd /usr/home/randy/etc/.htpasswd 6.heinekens.4.me
% htpasswd /usr/home/matt/etc/.htpasswd dbl.j.d.4;u
% htpasswd /usr/home/dave/etc/.htpasswd whye.dus;oll.wine$uck
Any extra comments might be appreciated. | |
| ccieToBe 2003-01-03, 11:36 pm |
| Thanks for the info. I've played around with .htaccess before, but didn't realize that it was that flexible. That could come in handy when you can upload files but have no shell access to a web server. | |
| Mr. Linux Guy 2003-01-03, 11:50 pm |
| Well, someone PM'd me about this topic, but I thought it important/useful enough to warrant inclusion in the forum, so here it is. Like most UNIX freaks, all I usually have to do is throw out a few terms, then the questioners search the man/info pages and the web and solve their own problems. Hope this he'ps some of the many lurkers here.  | |
| Boulware5 2003-01-03, 11:59 pm |
| I know who PM'ed you cuz he asked me first.  I don't know apache...I hope to "play" with it eventually. | |
| Mr. Linux Guy 2003-01-04, 6:45 am |
| quote:
Originally posted by Boulware5
I know who PM'ed you cuz he asked me first. I don't know apache...I hope to "play" with it eventually.
Apache's cool. It's not the easiest to configure or the fastest server around, but is definitely the most stable. The configuration, like most things in *nix, is done through a single text configuration file, but it can get hairy in parts. If you are interested, just install httpd and PHP/Perl and set it to start up when you boot into runlevel 3. The defaults work pretty good and you add your files to your Apache root directory (as listed in /etc/httpd/httpd.conf). It odes take a while to learn well though. | |
| mindmesh 2003-01-16, 2:39 pm |
| quote:
Originally posted by ccieToBe
Thanks for the info. I've played around with .htaccess before, but didn't realize that it was that flexible. That could come in handy when you can upload files but have no shell access to a web server.
I never used it myself but I had a customer interested in the service.. We don't do it, but I sent the customer this link:
http://www.javascriptkit.com/howto/htaccess.shtml | |
| Mr. Linux Guy 2003-01-16, 2:52 pm |
| Be warned that this is not really considered secure. | |
| mindmesh 2003-01-16, 3:32 pm |
| Is there a secure way of acomplishing this? | |
| Mr. Linux Guy 2003-01-16, 3:53 pm |
| You could use the "Allow" directive in the Apache configuration file. ideally, you would control who has access to your directory by IP address and hostname/network. You can use it within the "Directory" directive to limit its scope. Then use the "AuthType" for choosing the authentication method and the "Require" directive to specify the minimum requirements needed to access the site. Something like:
code:
<Directory /var/www/users
Allow from [host/network]
Require user [username][passwd]
AuthType Basic
<Limit GET>
Order allow, deny
Deny from all
</Limit>
</Directory>
Although if you are going to go to all that trouble, you might as well use secure shell. Don't let your system security files anywhere *near* your publicly accessible web files. |
|
|
|