The Apache server provides two authentication methods: common authentication and digest authentication. There are a lot of articles on how to configure Apache common authentication on the Internet, but they are almost all similar configuration methods that tell you how to protect files in a folder. If you want to authenticate all HTTP requests and handle the post-authentication requests, how can you configure this? This is also related to my questions. First, I want to explain it. Why is this question based on applications? That is to say, the configuration here is not for Web servers that use Apache for Web browsing, but for users who need to develop applications on Apache to process custom services. To add custom processing for all HTTP requests, you must write your own Apache module and define the processing method. Here is hello-bdb. First, configure the httpd. conf file. You need httpd In the conf directory. add the following configuration to the conf file (the Location is not important, but must be placed at the top level): <Location/> SetHandler hello-bdb AuthName "Server Infomation" AuthType Basic AuthUserFile D: \ Apache22 \ conf \ htpasswd. pwd require valid-user </Location> explanation of the above configuration: (1) SetHandler is the added custom processing module, that is, the self-compiled processing module; (2) authName is followed by the server information. You can replace it with any character. It is best to use a string that reflects your server information. The information here will be displayed in the dialog box for entering the user and password, see the following figure. (3) AuthType is followed by authentication type. Basic indicates normal authentication. The command for Digest authentication is Digest; (4) AuthUserFile is followed by the file for storing your username and password. The following describes how to generate the file; (5) require valid-user indicates that all valid users in the configuration file can access the service. Second, generate the user name and password file. In this case, use the htpasswd tool provided by Apache. The method is as follows: htpasswd-bc ../conf/htpasswd. pwd user1 1234 the above command generates the htpasswd. pwd File and adds user1 to it with the password 1234. If it succeeds, the system prompts the following. Automatically using MD5 format. Adding password for user user1, run. Enter http: // localhost in the browser. The following dialog box is displayed:
Enter user1 and password 1234 respectively, and then the system will perform custom processing after authentication, and then return the processing result to the browser. At first glance, we felt that the general authentication security was not high, and the user name and password were only Base64 encoded during transmission, which was easy to be stolen. Abstract: authentication is more secure than normal authentication, but not all browsers support it.
Turn: http://blog.csdn.net/gobitan/archive/2007/03/24/1539933.aspx
