How to apply the authentication module and. htaccess file to ensure Web Security

How to apply the authentication module and. htaccess file to ensure Web Security

To restrict access to a webpage, you can use the Authentication Modules and methods provided by Apache and a third party to verify the user's creden (such as the user name and password ). Some modules support Identity Authentication through various databases (including NIS and LDAP.

User Authentication commands are usually placed in. htaccess files. The following is a basic. htaccess file that uses the Apache default authentication module (mod_auth. When this file is stored in/var/www, Apache requires the user to enter a password for verification before the browser can access the content in the/var/www directory hierarchy. The application must be replaced with the corresponding value of the local server.

# Cat. htaccess

AuthUserFile/var/www/. htpasswd

AuthGroupFile/dev/null

AuthName "Browser dialog box query"

AuthType Basic

Require valid-user

/Var/www/. htpasswd is a typical absolute path name of the. htpasswd file. You can see the string Browser dialog box query in the dialog box asking to enter the user name and password.

Disable the group function in the second line of the preceding. htaccess file. The fourth line specifies that the user's identity authentication type is Basic, which is also the default setting of the mod_auth module. The last line tells Apache which users can access protected directories. The valid-user entry authorizes any user (the user name is in the Apache password file and the entered password is correct) to access this directory.

As long as Apache can read its password file, it can be stored anywhere on the system. It is safe to put this file and the. htaccess file in the same directory, because by default, Apache will not reply to any file request whose name starts with. ht. However, do not change the httpd. conf configuration file to prevent Apache from replying to requests from files whose names start with. ht.

The following command creates (-c) A. htpasswd file with a Sam entry in the working directory. If the-c option is omitted, you can add a user or change the password in the existing. htpasswd file.

$ Htpasswd-c. htpasswd sam

New password:

Re-type new password:

Adding password for user sam

The default httpd. conf file contains the AllowOverride None command for/var/www. To enable Apache to process user authentication commands (such as reading the. htaccess file), you must change this command to AllowOverride AuthConfig or delete it.

It has been configured as processing in Apache. after the htaccess file, when it receives a request for the file, it must traverse the directory hierarchy from the requested file up to the root directory to find. the htacess file to determine whether it can provide the requested file. This search may affect performance. Generally, the performance decline is not very serious, but if the performance is critical, this problem will be tricky.