Home > Developer > Web Develop

Access Control for HTTPD services

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Client address restrictions, user authorization restrictions, both access control methods are applied to the httpd.conf configuration file
·
#################################### #客户机地址限制 #################################
Require All granted: Indicates that all hosts are allowed access
Require all denied: Indicates deny all host access
Require Local: Indicates only localhost access
Require "not" host < hostname or domain name list;: Indicates allow or deny access to the specified host or domain name
Require "not" IP <ip address or network segment list;: Indicates that the specified IP address or network segment access is allowed or denied
·
# # # # # # # # # # #允许或拒绝所有 ###### to select requirements
Vi/etc/httpd.conf
<directory "/usr/local/httpd/htdocs" >
.../Omit part
Require all denied # # #允许所有
#Require all granted # # #拒绝所有
#Require IP 192.168.10.100 # # # #仅允许改ip访问
</Directory>
·
You need to place it in the <RequireAll></RequireAll> container when you use not to disable access.
You want to disallow host access from two segments 192.168.1.0/24 and 192.168.2.0/24, but allow other network segment access to use the following throttling policies.
·
<directory "/usr/local/httpd/htdocs" >
...... Omit part
<RequireAll>
Require all granted
Require not IP 192.168.1.0/24 192.168.2.0/24
</RequireAll>
</Directory>
·
403 error is usually prompted when client access is denied
·
#################################### #用户授权限制 ####################################
The HTTPD server supports two ways of using Digest authentication (Digest) and Basic authentication. Using Digest authentication requires adding the "--enable-auth-digest" option before compiling httpd, but not all browsers support Digest authentication, while Basic authentication is the basic function of the HTTPD service and does not require pre-configured special options.
The following will be a Basic authentication method, for example, the content of the Web page in the/usr/local/httpd/htdocs Web site to add user authorization restrictions.
·
# # # #创建用户认证数据文件 # #
Cd/usr/local/httpd
·
Bin/htpasswd-c/usr/local/httpd/conf/.awspwd Jack #####-c is the new build <.awspwd> folder that contains a user information named Jack
·
Bin/htpasswd/usr/local/httpd/conf/.awspwd Tom # # # #添加新用户tom
·
Cat/usr/local/httpd/conf/.awspwd ##### #确认用户数据文件
Tom: $apr 1$/jcduw9g$v2vfjldl1zdxyovxz3as0/
Jack: $apr 1$skek1i92$6qmwb1nbjkfjq3nyc7.wc0
·
# # #添加用户授权配置 #######
With an authorized user account, you will also need to modify the httpd.conf configuration file to add an authorization configuration to the specific directory area to enable Basic authentication and set allow those users access.
·
Vi/usr/local/httpd/conf/httpd.conf
<directory "/usr/local/httpd/htdocs" >
...... Omit part
AuthName "Www.haha.com"
AuthType Basic # # # #基本认证
AUTHUSERFILE/USR/LOCAL/HTTPD/CONF/.AWSPWD # # # # #账号, password Authentication file path
Require Valid-user # # # # # # # #表示所有合法用户jack, Tom can specify a single user (such as Jack)
</Directory>
·
Friendly tip: When user access authorization is set with host access authorization control, setting host access control takes precedence.

Access Control for HTTPD services

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More