First, user authentication
User authentication is one of the most important technologies in network security, it is the first line of defense to protect network system resources. User authentication controls all logins and checks the legality of access users, with the goal of only allowing legitimate users to access the resources of the network system with legitimate privileges. When a user accesses any file in the enabled user authentication directory for the first time, the browser displays a dialog box asking for the correct login username and password to confirm the user's identity. If it is a legitimate user, the content of the file being accessed is displayed. When each file in the directory is accessed thereafter, the browser automatically sends out the user name and password, no more typing, until the browser is closed. The user authentication function acts as a barrier that restricts unauthorized users from illegally accessing some private content. The following is a practical example of how to enable the user authentication feature in Apache.
Suppose you have a virtual directory named MySecret whose physical path is/usr/local/mysecret, and now you need to enable user authentication for it, allowing only users named Linden and Tom to access it.
1. Create a password file
To implement the user authentication function, first set up a file to save the user name and password. Apache's own HTPASSWD command provides the ability to create and update text files that store user names and passwords. It is important to note that this file must be placed in a location that cannot be accessed by the network to avoid being downloaded. This example places the password file in the/etc/httpd/directory, and the file name is mysecretpwd. Use the following command to create a password file.
The command executes as shown in result 7-9, and the htpasswd command prompts for the Linden user to enter the password.
650) this.width=650; "src=" http://images.51cto.com/files/uploadimg/20081113/123640520.jpg "alt=" 123640520.jpg "/ >
The-c option means that the file is re-written, regardless of whether the password file already exists, and the original content is deleted. So when you add a 2nd user-to-password file, you don't need to use the-C option.
2. Establish a virtual directory and configure user authentication
Add the following statement to the Apache master configuration file httpd.conf to establish the virtual directory and configure user authentication.
Alias/mysecret "/usr/local/mysecret" <directory "/usr/local/mysecret" >authtype BasicAuthName "This is a private Directory. Please Login: "Authuserfile/etc/httpd/mysecretpwdrequire user Linden Tom</directory>
(1) Setting the authentication type
The AuthType option defines the type of authentication that is applied to the user, most commonly the basic provided by Mod_auth.
(2) Setting the content of the certification field
AuthName "This is a private directory. Please Login: "
The AuthName option defines the domain content when the Web browser displays the Enter User/Password dialog box.
(3) Set the path of the password file
The AuthUserFile option defines the path to the password file, which is the password file created with the htpasswd.
(4) Set the user allowed to access
Require User Linden Tom
The Require user option defines which user access is allowed, separated by a space between the users.
3. Test user authentication
The steps to test user authentication are as follows.
Restart the Web service using the command "/etc/init.d/httpd restart" in the server.
This virtual directory is accessed in the client's Web browser, and the Web browser pops up a dialog box that enters the username and password, as shown in 7-10.
650) this.width=650; "src=" http://images.51cto.com/files/uploadimg/20081113/123940669.jpg "alt=" 123940669.jpg "/ >
Enter the correct user name and password to access the directory, as shown in 7-11.
650) this.width=650; "src=" http://images.51cto.com/files/uploadimg/20081113/124111923.jpg "alt=" 124111923.jpg "/ >
If the user name and password are incorrect, a "401 Authorization Required" error message appears, as shown in 7-12.
650) this.width=650; "src=" http://images.51cto.com/files/uploadimg/20081113/124132298.jpg "alt=" 124132298.jpg "/ >
When testing user authentication, it is best to establish a file named Index.html in the virtual directory, otherwise, after entering the correct username and password, the "403 Forbidden" error message appears because the virtual directory has neither the default document set nor the directory browsing allowed.
Second, the configuration of the CGI operating environment
CGI is the abbreviation for the Universal Gateway Interface Common Gateway Interface, which is used to connect Web pages and Web server application interfaces. As we all know, the function of HTML language is rather poor, it is difficult to complete such operations as accessing the database, but the actual situation is that the database must be manipulated first (such as the file Retrieval system), and then the results of the visit are displayed dynamically on the Web page. The need to use HTML is not possible, so the CGI is born. CGI is an executable program that runs on a Web server and is invoked by a hyperlink on a Web page, and the results of that program are processed and displayed on the client's Web browser. CGI program can be used to deal with Web page processing, database query, send e-mail and other work. CGI makes a Web page no longer static, but interactive. The CGI program of the Web server requires a user call to execute, and here is a workflow between a Web browser, a Web server, and a CGI program.
(1) The user accesses the CGI program through a Web browser.
(2) The Web server receives the user request and gives it to the CGI program for processing.
(3) CGI programs perform operations based on input data, including querying the database, calculating values, or invoking other programs in the system.
(4) The CGI program produces output that some kind of Web server can understand.
(5) The Web server receives the output from the CGI program and passes it back to the Web browser.
Installation of the Perl language interpreter
CGI can be written in any language, as long as the language has standard input, output, and environment variables, such as Perl, C, C + +, and Java. Among them, Perl is easy to compile debugging, portability is very strong, can be said in many CGI programming language is the best, the most easy to get started language. Perl has almost become a standard or a substitute for CGI. Whenever people refer to CGI, they inevitably think of Perl. Perl is an acronym for Practical Extraction and Reporting language practical extracts and reporting languages, and its number of users has been exploding since its debut in early 1987. Perl is not developed by a company that has been aggressively promoted, as in Java, which is developed by its own strengths. Beginning with a high-level language that was originally written as a portable tool in a cross-platform environment, Perl has been widely considered to be a powerful tool for industry. Perl is particularly well-suited for system administration and web programming. Perl has actually been bundled with all Linux (including Unix) as a standard component, and today's Perl language has been ported to a variety of operating platforms beyond Linux.
By default, the Red Hat Enterprise Linux Installer installs the Perl language interpreter on the system, and readers can use the following command to check if the system has a Perl interpreter installed or to see what version has been installed.
The command executes as shown in result 7-17, which means that the Perl interpreter is installed, and its version is 5.8.8-10.
650) this.width=650; "src=" http://images.51cto.com/files/uploadimg/20081113/125618448.jpg "alt=" 125618448.jpg "/ >
If the system does not have a Perl interpreter installed, put the red Hat Enterprise Linux 5 1 installation disk in the CD-ROM drive, After loading the optical drive, locate the RPM installation package file perl-5.8.8-10.i386.rpm of the Perl interpreter in the disk's server directory and install the Perl interpreter using the command below.
Configuration of the httpd.conf file
1. Set directory permissions to hold CGI files
Setting the directory permissions for the CGI file tells Apache which directories to allow CGI programs to run under. For example, the CGI file that the home directory needs to execute, you should add a "execcgi" option in the options directive for the home Directory permission setting, as shown in 7-18.
650) this.width=650; "src=" http://book.51cto.com/files/uploadimg/20081113/1304180.jpg "alt=" 1304180.jpg "/>
2. Indicate the file type of the CGI program
Locate the "#AddHandler cgi-script. CGI" statement and delete the preceding "#", which tells Apache that the file with the ". CGI" extension is a CGI program. If you want to run a file with the extension. pl at the same time, you can add "PL" After the statement, as shown in 7-19.
650) this.width=650; "src=" http://book.51cto.com/files/uploadimg/20081113/1304181.jpg "alt=" 1304181.jpg "/>
Test the CGI runtime environment
The steps to test the CGI run environment are as follows.
Create a file named test.cgi in the directory where the CGI file is stored (such as/var/www/html/), and the contents of the file are as follows.
#!/usr/bin/perlprint "content-type:text/html\n\n";p rint "Hello world!\n";
Execute the command "chmod +x/var/www/html/test.cgi" to add the run permissions for the test.cgi file.
The client's browser accesses the IP address of the Http://Linux server/test.cgi, and if the "Hello world!" shown in 7-20 appears, the CGI runtime environment is configured successfully.
650) this.width=650; "src=" http://images.51cto.com/files/uploadimg/20081113/130740479.jpg "alt=" 130740479.jpg "/ >
This article comes from the "Ricky's blog" blog, please be sure to keep this source http://57388.blog.51cto.com/47388/1553668
Linux-user authentication for Web server configuration, installation of Perl language interpreter