In Apache web server, access to a website can be controlled to users in several ways. Enable user authentication is one such mechanism. User authentication can be implemented in the site by it self with the PHP or any other language you used to develop the site OR server administrator can configure the web server to handle user authentication.
The directives provided by mod_authz_host are used to control access to particular parts of the server. From Apache 2.2, mod_access is renamed as mod_authz_host.
Access can be controlled based on the client hostname, IP address, or other characteristics of the client request, as captured in environment variables. The
It is done under the <Directory> directive with the AuthUserFile and AuthTypeThe format of a apache based authentication is as follows;
This will allow accesses for the contents in the settings folder to the users who has the login credentials in users_password_file
<Directory "/var/www/html/your-site/settings">
AllowOverride AuthConfig FileInfo Indexes Limit Options
AuthUserFile /etc/httpd/users/users_password_file
SSLRequireSSL
AuthName "Secure Users"
AuthType Basic
require valid-user
</Directory>
How you can allow accesses for the above folder from specific IP addresses. That is much easier. By just defining the 'allow from' parameter, it can be achieved.
Following given the format for that setup;
<Directory /var/www/html/your-site/settings>
Order Deny, Allow
Deny from all
Allow from aaa.bbb.ccc.dddd/netmask
</Directory>
I have used both control mechanisms, with password authentication and IP address filtering.
The directives provided by mod_authz_host are used to control access to particular parts of the server. From Apache 2.2, mod_access is renamed as mod_authz_host.
Access can be controlled based on the client hostname, IP address, or other characteristics of the client request, as captured in environment variables. The
Allow and Deny directives are used to specify which clients are or are not allowed access to the server, while the Order directive sets the default access state, and configures how the Allow and Deny directives interact with each other. It is done under the <Directory> directive with the AuthUserFile and AuthTypeThe format of a apache based authentication is as follows;
This will allow accesses for the contents in the settings folder to the users who has the login credentials in users_password_file
<Directory "/var/www/html/your-site/settings">
AllowOverride AuthConfig FileInfo Indexes Limit Options
AuthUserFile /etc/httpd/users/users_password_file
SSLRequireSSL
AuthName "Secure Users"
AuthType Basic
require valid-user
</Directory>
How you can allow accesses for the above folder from specific IP addresses. That is much easier. By just defining the 'allow from' parameter, it can be achieved.
Following given the format for that setup;
<Directory /var/www/html/your-site/settings>
Order Deny, Allow
Deny from all
Allow from aaa.bbb.ccc.dddd/netmask
</Directory>
I have used both control mechanisms, with password authentication and IP address filtering.
No comments:
Post a Comment