HTTP Service (ii)--apache based on user name access control

Source: Internet
Author: User
Tags md5 encryption password protection

You need to enter a user name and password when visiting certain websites or Web pages. Identity authentication is an effective means to prevent illegal users from using resources, but also an effective way to manage registered users, many websites now use identity authentication to manage user resources and restrict access to users. The Apache server allows you to enforce password protection for the directory in the global access profile or in the user's ". htaccess" file. For password-protected directories, you must specify the corresponding values for the four different commands, namely the AuthName, AuthType, AuthUserFile, and AuthGroupFile commands. The following are introduced separately.
(1) AuthName. The AuthName command is a short string that tells the user the password they are asked for, such as:
"Please input valid username and password:".
(2) AuthType. The AuthType command identifies the authentication method used by the server. AuthType can choose one of two settings: Basic and digest. If you set AuthType to Basic, you use the Standard and UNIX-based Cryptography password system, and you need to use the AuthUserFile command. If you set it to digest, you are using the MD5 encryption method, which is a more secure encoding system. Digest should not be used on most sites because it is not yet supported by most browsers, but it can be used in small-scale applications where the intranet and the browser software that can determine the use of all users are available.
(3) AuthUserFile. The AuthUserFile command specifies the full path name of the Apache server user password file in the directory. You can use the HTPASSWD program to create a password file.
(4) Authdigestfile. If you are using the Digest authentication method, use Authdigestfile as the password list. As with AuthUserFile, simply set Authdigestfile to the path name and file name of the password file. To create a digest-style password file, you can use the Htdigest program.
(5) require. The Require command specifies what conditions are required to be authorized for access. You can use this command to enforce password protection for a directory. This command should be followed by an "entity" list. These entities can be the name of the user or group defined by the AUTHUSERFI1E or AuthGroupFile command, or you can use the keyword "valid-user" to tell the server to AuthUserFile Allows access to any user who can provide a valid password. It can list only the specified users who may be connected, a group of users who specify possible connections, or multiple groups, such as:
Require user user1 User2
#只有user1 and User2 can be accessed.
Require group test
#只有test groups can be accessed.
The following is a concrete example of access control for host-based Apache.
"Instance 12.6"
This example protects the/usr/apache/htdocs directory and requires a valid user name and password to access it. The operation process is as follows:
(1) Configure the httpd.conf file. The configuration module code in the httpd.conf file is as follows:
<Directory/usr/apache/htdocs/>
#该模块的作用目录为/usr/apache/htdocs/.
AuthName Protected
#提示用户的信息为 "Protected".
AuthType Basic
# AuthType Identification method is basic.
Authuserfile/usr/apache/conf/users
# This line is important, it specifies the path and file name of the authentication user name and password.
<limit GET post>
# restrict the Get and post methods in the HTTP protocol.
Require Valid-user
# requires a legitimate user, that is, the user in the/usr/apache/conf/users file.
</Limit>
</Directory>
(2) Generate user password files. Command HTPASSWD can help us accomplish this task.
For example, we want to generate LGM user password file, the operation is as follows:
[Email protected]/root]# htpasswd–c-m/usr/apache/conf/users LGM 123456
Where 123456 is the user's LGM authentication password. -m means encryption in MD5 mode,
If you want to build multiple users, you need to remove the-c parameter, otherwise overwrite the previous content, the following actions:
[[email protected]/root]# htpasswd–m/usr/apache/conf/users test 123456
After executing the above command, you can view the contents of the users file as follows:
[[email protected]/root] #cat/usr/apache/conf/users
The contents are as follows:
Lgm:bBdPD1.jOo3tQ
Test:3pio6y6wdbui2
(3) test. After restarting the Apache server, entering the native IP in the browser requires a user name and password to access.


HTTP Service (ii)--apache based on user name access control

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.