Apache Wind2003 Configure Site Directory permissions summary _win server

Source: Internet
Author: User
Tags auth mysql client php script create database

Very simple permission settings, that is, access to the site will be pop-up username and password, through the authentication can be normal browsing, the following figure.

In Apache and Windows2003 is also very convenient to configure, mainly reference to the apche manual

1. Create a password file

Apache provides the HTPASSWD tool in the bin subdirectory of its installation directory to create a password file:

Copy Code code as follows:

Htpasswd-b-c-m-d-s c:\password.txt username password

Where-m-d-s are encrypted, see the reference manual
2. Enable authentication
There are a variety of ways that can be configured in the httpd.conf or. htaccess root directory, but configuration in. htaccess affects server performance, so the httpd.conf is used here <directory/usr/local/apache/ Apache/htdocs/secret> Add the following configuration information:
Copy Code code as follows:

Options None
AllowOverride authconfig
Order Allow,deny
Allow from all
AuthType Basic
AuthName "Restricted Files"
AuthUserFile C:/password.txt
Require Valid-user

Where the 2nd line is where the certification
Line 5th AuthType Indicates the Basic authentication method, which is an unencrypted authentication
Line 6th AuthName Indicates the authentication area, which prompts us when we enter our username and password.
Line 7th AuthUserFile Set the location of the password file, which should not be under Web service (unless you want someone to know the username and password)
Line 8th Valid-user indicates that all user names and passwords that appear in Password.txt can be accessed
3. Restart Apache
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
/////////////////////////////////////////////////////////////////////////////////////////////////////////////// ///////////////////////////
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Here's another one. In more detail, some details can be referred to:
Readers who surf the web often experience this: when accessing some resources on some sites, the browser pops up a dialog box asking for a username and password to access the resource. This is a technology of user authentication. User authentication is the first line of defense to protect network system resources, it controls all login and check the legality of access users, the goal is to allow legitimate users to access the network system resources with legitimate privileges. The basic user authentication technology is "username + password".
Apache is the current popular Web server, can run in Linux, Unix, Windows and other operating systems, it can well solve the "username + password" authentication problem. The user name and password required for Apache authentication are stored in two different ways: one is a text file and the other is a database of mSQL, Oracle, and MySQL. The following is the example of the Linux Apache, the two storage methods, respectively, describes how to implement the user authentication function, while the Apache user authentication for Windows is briefly described.
Using text file storage
The basic idea of this kind of authentication is: After Apache starts authentication function, can establish a file named. htaccess in the directory that needs to restrict access, specify the authentication configuration command. When a user accesses a file for that directory for the first time, the browser displays a dialog box asking for a user name and password to confirm the user's identity. If the legitimate user, then display the content of the page visited, then access each page of the directory, the browser automatically sent the user name and password, no longer entered, until the browser is closed. The following are the specific steps to implement:
Go to Linux with Superuser root, assuming that Apache 1.3.12 has been compiled and installed into the/usr/local/apache directory. By default, when you compile Apache, you automatically join the Mod_auth module, which enables you to implement the authentication function of "username + password" With text file as storage mode.
1. Modify Apache configuration file/usr/local/apache/conf/httpd.conf, set configuration commands for the directory where the authentication resources reside.
The following example is a configuration of the/usr/local/apache/htdocs/members directory:
<Directory/usr/local/apache/htdocs/members>
Options Indexes FollowSymLinks
AllowOverride authconfig
Order Allow,deny
Allow from all </Directory>
Among them, the allowoverride authconfig line allows for user authentication of files under the/usr/local/apache/htdocs/members directory.
2. Create a file under the Restricted Access directory/usr/local/apache/htdocs/members. htaccess, which reads as follows:
AuthName "Member Area"
AuthType Basic
Authuserfile/usr/local/apache/members.txt
Require Valid-user
Description: The following are some of the common configuration commands in file. htaccess:
1) AuthName command: Specify the name of the authentication zone. The zone name is displayed to the user in a dialog box that prompts for authentication.
2) AuthType command: Specifies the authentication type. In HTTP1.0, there is only one authentication type: Basic. There are several types of authentication in HTTP1.1, such as: MD5.
3 authuserfile Command: Specifies a text file containing a username and password, one pair for each row.
4 authgroupfile Command: Specifies a text file that contains a list of user groups and members of these groups. The members of the group are separated by spaces, such as: Managers:user1 user2.
5 require command: Specifies which users or groups are authorized to access. Such as:
Require user User1 User2 (only users User1 and User2 can access)
Require group managers (only members of group managers can access)
Require Valid-user (accessible to any user in the file specified by AuthUserFile)
3. Use the program htpasswd that comes with Apache to generate a text file containing a username and password:/usr/local/apache/members.txt, each line of content in the format "username: password."
#cd/usr/local/apache/bin
#htpasswd-BC. /members.txt User1 1234
#htpasswd-B. /members.txt User2 5678
Text file Members.txt contains two users: User1, password is 1234;user2, password is 5678. Note that this text file should not be stored in the directory tree of the Web document, lest it be downloaded by the user.
For help with the HTPASSWD program, please perform htpasswd-h.
When the number of users is relatively small, this method of user authentication is convenient, easy, maintenance work is also simple. However, when the number of users has tens of thousands of people, or even hundreds of thousands of, will spend a certain amount of time to find users, thereby reducing the efficiency of the server. In this case, the database approach should be adopted.
Using Database storage
Currently, Apache, PHP4, MySQL are the best partners to build a Web site under Linux, these three software are free software. The combination of the three, through the HTTP protocol, the use of PHP4 and MySQL, the implementation of Apache user authentication function.
User authentication can only be performed when the PHP4 is run in the form of Apache modules. To do this, you need to join the PHP4 module to compile when you compile Apache. Suppose PHP4 as the Apache module, compile, install Apache to/usr/local/apache directory, compile, install MySQL to/usr/local/mysql directory. Then proceed to the following steps:
1. Establish a database member in MySQL, where you can create a table of users to hold the user name and password of the legitimate user.
1) with vi command in the/tmp directory to establish a SQL script file Auth.sql, content is:
Drop database if exists member;
Create database member;
Use member;
CREATE TABLE Users (
Username char (not null),
Password char (not null),
);
Insert into users values ("User1", Password ("1234"));
Insert into users values ("User2", Password ("5678"));
2 start MySQL client program MySQL, execute the above SQL script file Auth.sql command, add two users to the table users record.
#mysql-U root-pmypwd</tmp/auth.sql
2. Write a php script header file Auth.inc, the program content is:
<?php
function Authenticate () {
Header (Www-authenticate:basic realm= "member area");
Header (http/1.0 401 Unauthorized);
echo "You must enter the correct username and password." n ";
Exit
}
function CheckUser ($uname, $pwd) {
if ($uname = = "" | | $pwd = = "") return 0;
$query = "Select Username,password from Users WHERE username= $uname and Password=password ($pwd)";
$db _id = mysql_connect (localhost, oot, mypwd);
mysql_select_db (Member, $db _id);
$result = mysql_query ($query, $db _id);
$num =mysql_num_rows ($result);
Mysql_close ($db _id);
if ($num >0) {
return 1; Valid login
} else {
return 0; Invalid login
}
}
? >
function authenticate () is to use the function header (Www-authenticate:basic realm= "member area"), send a authentication request message to the browser, so that the browser pop-up user name/password dialog box. When the user enters a username and password, the URL containing the PHP script is automatically invoked again, storing the username, password, and authentication types in the PHP4 three special variables: $PHP _auth_user, $PHP _auth_pw, $PHP _auth_type, In the PHP program can be based on these three variable values to determine whether the legitimate user. In the Header () function, basic represents the base authentication type, and the realm value represents the authenticated zone name.
The function header (http/1.0 401 Unauthorized) causes the browser user to receive an HTTP 401 error when entering the wrong user name or password multiple times in succession.
The function checkuser () is used to determine whether the user name sent by the browser, the password is the same as the MySQL database, if the same return 1, otherwise return 0. where mysql_connect (localhost, oot, mypwd) database username root and password mypwd, should be changed according to their MySQL settings.
3. Add the following segment at the beginning of each PHP script that needs to be restricted access:
<?php
Require (AUTH.INC);
if (CheckUser ($PHP _auth_user, $PHP _auth_pw) ==0) {
Authenticate ();
} else {
echo "This is the Web page that legitimate users want to visit. "; Change this row to a Web page that is exported to legitimate users
}
? >
Place the content of the Web page that needs to be displayed to legitimate users in the ELSE clause, replacing one line of the above program segment:
echo "This is the Web page that legitimate users want to visit. ";
This way, when a user accesses the PHP script, it needs to enter a username and password to confirm the user's identity.
Apache User authentication for Windows
1. The use of a text file to store the user name and password, the same method as before, but it is necessary to note that the directory name of the path, the directory name and file name are all using slash "/" separate, rather than backslash "".
2. The use of MySQL database storage user name and password, the first in accordance with the following methods PHP 4.0.3 as the Apache module to run, and then according to the above "use database storage user name and password user Authentication" method completed.
1 Download the Windows version of Apache 1.3.12, PHP 4.0.3, MySQL 3.2.32, the three software to extract, install to C:apache, C:PHP4, C:mysql directory.
2 The C:php4sapi directory has several PHP module files for common Web servers, which copy Php4apache.dll to the Apache Modules subdirectory (c:apachemodules).
3 Modify Apache configuration file c:apacheconfhttpd.conf, add the following lines:
LoadModule Php4_module Modules/php4apache.dll
AddType application/x-httpd-php. php3
AddType Application/x-httpd-php-source. Phps
AddType application/x-httpd-php. php
The first exercise PHP4 in Apache module mode, so as to conduct user authentication, the following three lines to define the extension of the PHP script program.
4 in the path command of the Autoexec.bat file, add the PHP4 location "C:PHP4" and restart the computer.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.