Linux Apache user authorization and access control

User authorization and access control

You may have encountered this situation when visiting some websites. When you click a connection, your browser will pop up an authentication dialog box asking you to enter your account and password, if not, you cannot continue browsing. Some people may think that this is done using CGI. In fact, this is because the user authorization and access control mechanisms of the WWW server play a role.

Do you still remember that when you set up the apache service environment, there are ........ <./Directory> This command can provide different protection for different directories. However, this setting takes effect only after the server is restarted. The flexibility is poor. You can use the accessfile command to specify the access control file, to set a user's access control permission on the Apache server, follow these steps:

1. First, set the httpd. conf file as follows:

　　　　
# AllowOverride fileinfo authconfig limit
# Options Multiviews indexes symlinksifownermatch IncludesNOEXEC
Options includes followsymlinks Indexes
AllowOverride all // * Note that AllowOverride must be set to all, so that the later. htaccess file will take effect.
　　　　
Order allow, deny
Allow from all
　　　　
#
# Order deny, allow
# Deny from all
#
　　　　
# Specify the name of the file for configuring access control permissions
Accessfilename. htaccess
 
2. Create a. htaccess File Content

To control the access permission of a directory, you must create an access control file named ". htaccess" specified before the file name. The content format is as follows:

Authuserfile User Account Password File Name
Authgroupfile group account password file name
Authname text on screen
Authtype authentication method
　　　　
Password Verification Method
　　　　
User authentication method authtype currently provides two types: basic and digest.
The password verification method is the same as that in httpd. conf.
An example is as follows:
Authuserfile/etc/secure. User
Authname security authentication center
Authtype basic
　　　　
Require valid-user
　　　　
 
3. Create a User Password File

If you create a user password for the first time, the command format is as follows:

Htpasswd-C Password File Name User Name

In the preceding example, the user password file is stored in the/etc/secure. User File. Therefore, perform the following operations:

Htpasswd-C/etc/secure. User sword

The program will prompt you to enter the user's password twice, and then the user's password file has been created and added to the sword user.

To add a new user to the password file, follow the command format below:

User Name of the htpasswd Password File

In this way, after the httpd is restarted, a dialog box pops up when the web directory is started. You must enter the user name and password.

4. How to reduce the impact of access control on Apache Performance

Frequent access control may have a great impact on Apache performance. How can this impact be reduced? One of the simplest and most effective methods is to reduce the number of. htaccess files, which prevents Apache from performing authorization checks on each request according to the content of the. htaccess file. It not only searches for the. htaccess file in the current directory, but also searches for the. htaccess file in the parent directory of the current directory.