I. Preamble
Now many web sites have strict restrictions on the access rights of users, users need to give "username/password" to confirm their identity when accessing certain resources.
Currently, the most common authentication method is to use the user name, password stored in a database, when users want to access certain restricted resources, to enter a user name and password in a page, the program will user input username and password and database stored "username/password" Compared, if the input is correct, Resources are normally used, otherwise, resource access is denied. However, there are two major problems with this way of identity authentication, on the one hand, as long as the user has a successful identity authentication, you can record the link address of the restricted resources, the next visit only to enter the address, without having to pass the identity authentication process can access the restricted resources; On the other hand, the user can -Level link point right, select "Properties", you can view the restricted resources of the link address, direct access to the address, so that identity authentication can not achieve the desired effect.
Apache can solve these problems well. Apache is the software that builds the WWW web site and runs on Linux, UNIX, and Windows operating systems. Let's take Linux as an example to introduce how Apache completes the user authentication function.
Second, the Basic principles
The basic principle of Apache authentication is that when the system administrator initiates the authentication feature, a file with the default name ". htaccess" can be added to the directory to be restricted. When a user accesses a resource under this path, a dialog box pops up asking the user to enter a username/password. In other words, its identity authentication function is not controlled by the person, but by the system directly. This avoids the user logging a hyperlink to a resource that requires authentication, and does not access the resource directly next time.
There are many methods of authentication, including the precompiled Mod-auth module in Apache and the module with Apache but not compiled, such as: MOD-AUTH-DBM module, mod-auth-db module, Mod-auth-msql module, and so on. There are also a number of third-party-developed modules, such as the Mod-auth-mysql modules used in the MySQL database, they can limit a group of users or a user.
Third, the concrete realization
The following is mainly about the use of Mod-auth modules and Mod-auth-mysql modules. But no matter what kind of authentication, you must first make some settings for Apache: In the configuration file access.conf the following settings:
Accessfilename. Htaccess
Alloerride All