How to set the background page in the Apache server to allow access to only one IP address in a Linux system

Source: Internet
Author: User
Tags file info ftp login password protection phpmyadmin root access

Supplemental Information This network uses the Linux server, the Web server is built by Apache, the IP address is 192.168.1.5, the background page is/admin/login.jsp. How to set the background page login.jsp only allow 192.168.1.10 access. And the front page is accessible to everyone?
Please answer the details, such as what fields are added to the Apache section.  Thank you I remember the forum has a post saying how to set access permissions. Search under ... The following for reference, relatively busy no time to organize ....

1, modify the http.conf
Assuming you want to control permissions for different access permissions for the directory, you can add a line between the and: AllowOverride all
This means that the access permissions for the directory are controlled by the. htaccess file in the directory, and the permissions policies of the different directories can be overwritten with each other.

2. Edit the. htaccess file under the directory you want to control
Assuming your phpMyAdmin directory is under Progra*/apache*/htdocs, you can create a. htaccess file in the phpMyAdmin directory as follows:

AuthUserFile progra*/apache*/apache/pass/pwdphp
AuthType Basic
AuthName "Database Security Zone"


3. Generate User Password files
There is a user password generator: htpasswd (under Program*/apache*/bin), which can add user password information to the specified file, such as/usr/local/apache/pass/pwdphp. The contents of my user password file are as follows: Htpasswd-c f:/.htaccess test


Set Directory access permissions through the. htacess file. Usually we can authenticate in the program, that is, the header file written to the HTTP protocol via PHP. and using Apache control is more efficient. For articles, refer to the official Apache website documentation. (www.apache.org) Here is my configuration (note that because the Fat32/ntfs file system under Windows does not support the. htaccess type of file name, we need to overwrite the file name.) First change the Apache configuration file httpd.conf find the following line Accessfilename. htaccess to Accessfilename user.htaccess (of course, the following names can be other, as long as they don't start with.) But it's easier to remember and read) then the next regular match will be changed to find <filesmatch "^\.ht" >
Order Allow,deny
Deny from all
</filesmatch>: <filesmatch "^user\.ht" > #这里因为要匹配passwd文件, so your password file is not available under window. Start. The unified name is USER.HTPASSWD good. Oh
Order Allow,deny
Deny from all
</filesmatch> next is to find: allowoverride None This line, will be commented out (preceded by #) and then add two lines, become like this: # allowoverride none allowoverride File Info authconfig Limit
Options multiviews SymLinksIfOwnerMatch includesnoexec Well, by now we have configured the end and then re-started the Apache service, Then, in the directory that needs to set access permissions to prevent the user.htaccess file, write in him such as certified content. For example: Generate User.htaccess file contents in Www/mytest directory as follows: <limit GET POST options>
Deny from all
Allow the directory to be accessed by users from the 10.29.100.0/24 #只允许10.29.100 network segment.
</LIMIT&GT;AUTHUSERFILE/HOME/USER.HTPASSWD #登陆权证验证的用户密码文件
#AuthGroupFile/dev/null #验证组文件
AuthName "Login Information"
AuthType Basic #验证类型 #<limit get>
#require User Newsadmin
#</limit> so we can then generate a user password file from the command line (CMD) d:\apache\bin>htpasswd-c user.htpasswd mytestautomatically using MD5 Format.
New Password: ******
Re-type New Password: ******
Adding password for user mytest then accesses the directory through the browser, you need to first enter the authenticated user name and password, correct if your IP network segment within the specified range of Access content, otherwise access is denied. Of course, this can be a loss to the efficiency of the server, because each access to the directory must first check whether there is a validation file exists. Of course, you can also write the validation section directly within the httpd.conf, but the benefit of this writing is that you can change the validation conditions at any time without restarting the server. and good readability.


The. htaccess file is a setup file on the Apache server. It is a text file that can be written using any text editor: The htaccess file provides a way to configure a directory change by placing a file (. htaccess file) that contains one or more instructions in a specific document directory to act on this directory and all of its subdirectories: Htaccess's features include setting the page password, Set the file that appears when the error occurs, change the file name of the home page (such as index.html), disable the reading of the file name, re-direct files, add MIME categories, prohibit files under the column directory, and so on.

You should use the. htaccess file when you need to change the configuration of the server for the directory and do not have root access to the server system. If the server administrator is unwilling to modify the configuration frequently, You can allow users to modify the configuration by using the. htaccess file themselves, especially if the ISP provides multiple user sites on a single machine and wants the user to be able to change the configuration by themselves. The function of htaccess is set to user.

Note that the. htaccess is a full file name, not a ***.htaccess or other format (and of course the administrator sets it to another name, but is generally used. htaccess). Also, when uploading a. htaccess file, you must use the Ascⅱ mode and change the permissions with the chmod command to: 644 (rw_r__r__). Each placed. htaccess directory and its subdirectories are affected by the. htaccess. For example, one is placed under the/abc/directory. htaccess files, it is important that all the files in/abc/and/abc/def/are affected by it, but/index.html will not be affected by it.

Implementing password protection

1. Create a. htpasswd file
First, in the directory to set access control (such as Htdocs) to establish a file, the file name can be set by itself, the general server will be set to. htpasswd, the file is not read by HTTP. Each line in the. htpasswd file represents a consumer. The user's name and encrypted password are separated by a colon:

2..htaccess File Implementation Protection
The contents of the. htaccess file are as follows: AuthType basic
Authuserfile/usr/home/***/htdocs/.abcname1
Authgroupfile/usr/home/***/htdocs/.abcname2
AuthName Information
< limit get post>
Require Valid-user
</limit>



The second and third lines of the * * * can be changed to the personal FTP login name: abcname1 and. abcname2 can be any file name, such as. htpasswd,. Htpass, but not. htaccess. Upload the. htaccess to a directory for password protection, such as Htdocs.

The last "require" of the. htaccess file tells the server which users can enter. Require valid-user means that any one of the. HTPASSWD can be entered. You can also specify that someone on the list or a few people can pass, using require user username or require user username1 username2 Username3. You can also specify that a group of people can pass, using the Require group groupname.

3. Add a new licensed user
Enter the Htdocs directory, and in the command line state enter the following command to generate the. abcname1 file. echo >. abcname1
/VAR/WWW/BIN/HTPASSWD. ABCNAME1 ABC



ABC indicates the user name to be incremented. After entering this command, you will be prompted to enter this user's password so that the user name will take effect. In the future, if you want to increase the user, run the second line of the command to change a user name. If the user name exists, the password will be prompted to change.

4. Create a group that allows access
The set method for a group is to create a text file named. Htgroup, which reads as follows: Groupname1:username1 username2 Username3
Groupname2:username1 Username3 Username4



and add "Authgroupfile/absolute/path/.htgroup" to the. htaccess. When all files are uploaded in Ascⅱ mode, all files in that directory are protected.

Set Error file

It is also easy to open another HTML file if you want to not find a page hint that cannot find a page when the file is found. First write a new page and then open it with a text editor. htaccess, at the end of the file add: ErrorDocument 404 404.html. Here, 404.html is the name of the error file, which is the displayed page; 404 is the error code. The common error codes and the reasons for the errors represented are as follows: 401 Authorization failed authorization failed, that is, the password is wrong.
403 Access denied access error, that is, the file cannot be read.
404 File Not found found.
Internal Server Error
Server internal error, possibly a problem with the Web server itself, or an error in the program being written.



Disable reading of files

If some content, such as password, stored in a file, then others need only know the corresponding location of the file, it can be at a glance, it is too insecure. In fact, you can not change the other settings, do not have to move the file elsewhere to solve this problem, just add the following lines in the. htaccess file: <files filename.ext>
Order Allow,deny
Deny from all
</files>



If the system is installed after the Apache 1.3 version, you can also support regular expression FilesMatch. <filesmatch "\.tmp" >
Order Allow,deny
Deny from all
</filesmatch>



Files and FilesMatch indicate that only part of the document that meets the requirements is valid. "Order Deny,allow" means to find the block (Deny) first and then go to the permission (allow). If they are reversed in order, "order Allow,deny" means that the license is found before the prohibition is found. "Deny from all" means that all IP addresses are not licensed. By contrast, "allow from all" means that all are allowed. You can set this: order Allow,deny
Allow from all
Deny from 111.222



Deny from 111.222 means that all IP addresses starting with 111.222 (such as 111.222.0.1) are forbidden. In addition to setting the IP address, it can also be set to hostname (for example: ***.com). "Files" and "FilesMatch" use a lot of, not only can set the Deny, you can also set the individual file password, such as: <files 123>
Require user 123
</files>
< files abc>
Require user ABC
</files>



There are also problems with the. htaccess file, such as performance. If you use a. htaccess file, Apache needs to find the file in each directory, and it must also look for it in all the more advanced directories, and you will need to read the. htaccess file each time a page is requested. Therefore, allowing the use of. htaccess files can result in degraded performance.

For example, for a request to a page in/usr/hq/htdocs, Apache must look for the following files:/.htaccess
/usr/.htaccess
/usr/hq/.htaccess
/usr/hq/htdocs/.htaccess



In general, it is more convenient and secure to protect the site through. htaccess. Because it is not like using a program to implement password protection, it is possible to obtain a password by guessing the method. Using. htaccess files for password protection is generally difficult to crack. Given the advantages and disadvantages of the. htaccess approach, readers can choose the appropriate method to ensure the safety of the website according to the specific situation.

How to set the background page in the Apache server to allow access to only one IP address in a Linux system

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.