Protects Apache websites in Linux

Source: Internet
Author: User
Tags ftp login
Protect the Linux Apache website-Linux Enterprise Application-Linux server application information. The following is a detailed description. How can we protect websites from illegal user login? Generally, you can use the identity authentication method. Identity Authentication is an effective way to prevent unauthorized users from using resources and an effective way to manage registered users. Currently, many websites use identity authentication to manage user resources and impose strict restrictions on user access permissions. The traditional identity authentication method checks the user's registration name and password to determine whether to allow the user to use resources. However, this authentication method is not very effective in some cases. Especially on the Linux platform, the Apache server can use the Linux method to implement password verification and protection.

The wide application and rapid development of Linux have benefited from the rapid development of the Internet. Linux is outstanding for Web services that are widely used on the Internet. It is hard to tell how many websites on the Internet are using the Linux system, but the use of Apache servers in many websites undoubtedly occupies a huge market share.

How can we protect websites from illegal user login? Generally, you can use the identity authentication method. Identity Authentication is an effective way to prevent unauthorized users from using resources and an effective way to manage registered users. Currently, many websites use identity authentication to manage user resources and impose strict restrictions on user access permissions. The traditional identity authentication method checks the user's registration name and password to determine whether to allow the user to use resources. However, this authentication method is not very effective in some cases. Especially on the Linux platform, the Apache server can use the Linux method to implement password verification and protection.

In Linux, the most common password protection method is to use the. htaccess file, that is, the directory configuration, to implement password protection, which is also one of the features of the. htaccess file. This method prevents unauthorized viewers from entering the restricted area set by the. htaccess file. Generally, it is too simple to use javascript to set passwords, which can be easily cracked, resulting in insecurity. Using. htaccess files to protect directories is more effective and secure than using other programs (Java/HTML/ASP/CGI. More importantly, you can set it using. htaccess without programming. The specific operation is easier.

The following describes and demonstrates how to implement password protection in Linux + Apache to fully implement website protection.

What Is A. htaccess file?

The. htaccess file is a configuration file on the Apache server. It is a text file that can be written in any text editor .. The htaccess file provides a method for changing the configuration of directories, that is, by placing a file containing one or more commands in a specific document directory (. to apply to this directory and all its subdirectories .. The htaccessfunction is used to set the web page password. When an error occurs, the current file name (such as index.html) of the first page is changed, the file name cannot be read, the file is redirected, the MIME category is added, and the files under the column directory are prohibited.

When you need to change the server configuration for the directory without the root permission for the server system, you should use the. htaccess file. If the server administrator is unwilling to modify the configuration frequently, the user can pass. the htaccess file is used to modify the configuration by itself, especially when the ISP provides multiple user sites on one machine, and you want to change the configuration by yourself, the part is usually open. the htaccess function is set for the user.

Note that. htaccess is a complete file name, not ***. htaccess or other format (of course, some administrators set it to another name, but generally use. htaccess ). In addition, when uploading a. htaccess file, you must use asc ii mode and use the chmod command to change the permission to 644 (rw_r1_r __). Each directory and sub-directory containing. htaccess will be affected by. htaccess. For example,. htaccess file, so all the files in/abc/AND/abc/def/will be affected by it, but/index.html will not be affected, this is very important.

Implement password protection

1. Create a. htpasswd File
First, create a file under the directory (such as htdocs) where you want to set access control. You can set the file name on your own. Generally, the server will set it to. htpasswd, which cannot be read by HTTP .. Each row in the htpasswd file represents a user. The user's name and encrypted password are separated by colons.

2. implement protection for htaccess files
The content of the. htaccess file is as follows: authtype basic
Authuserfile/usr/home/***/htdocs/. abcname1
Authgroupfile/usr/home/***/htdocs/. abcname2
Authname information

Require valid-user




The *** in the second and third rows can be changed to the personal FTP login name .. Abcname1 and. abcname2 can be arbitrary file names, such as. htpasswd and. htpass, But not. htaccess. Upload. htaccess to the directory for password protection (such as htdocs.

The "require" at the end of the. htaccess file tells the server which users can access the file. Require valid-user indicates that any one of. htpasswd can enter. You can also specify a person or several persons on the list to use require user username or require user username1 username2 username3. You can also specify a group of users through using require group groupname.

3. Add new licensed users
Go to the htdocs directory and enter the following command in the command line status to generate the. abcname1 file. Echo>. abcname1
/Var/www/bin/htpasswd. abcname1 abc



Abc indicates the username to be added. After you enter this command, the system will prompt you to enter this user password, so that this user name takes effect. If you want to add more users later, you can change the user name when running the second line of command. If this user name exists, a prompt is displayed to change the password.

4. Create a group for access
You can set up a text file named. htgroup with the following content: groupname1: username1 username2 username3
Groupname2: username1 username3 username4



Add "AuthGroupFile/absolute/path/. htgroup" to. htaccess ". After all files are uploaded in ASC Ⅱ mode, all files in this directory will be protected.

Set error files

If you want to open another HTML file without the prompt "cannot find webpage" when you cannot find the file, the method is also very simple. Write a new page, open. htaccess in a text editor, and add Errordocument. nbsp404 404.html at the end of the file. Here, 404.html is the name of the error file, that is, the displayed page; 404 is the error code. The common error code and the cause of the error are as follows: 401 Authorization failed, that is, the password is incorrect.
403 Access denied Access error: the file cannot be read.
404 File not found cannot find the File.
500 Internal Server Error
An internal server error may be caused by a problem on the Web server or a program error.



Prohibit reading files

If you store some content, such as passwords, in a file, you only need to know the corresponding location of the file. This is too insecure. In fact, this problem can be solved without changing other settings or moving the file to other places. You only need to add the following lines to the. htaccess file:
Order allow, deny
Deny from all




If the system is installed with Versions later than Apache 1.3, filesmatch of regular expression is supported.
Order allow, deny
Deny from all




Files and filesmatch indicate that they only take effect for certain files that meet the requirements. "Order deny, allow" indicates that deny is checked first, and then permission is obtained ). If the order of them is reversed, "order allow, deny" indicates that the permit is obtained first, and then the forbidden is obtained. "Deny from all" indicates that all IP addresses are not allowed. Relatively, "allow from all" indicates that all are allowed. You can set order allow and deny as follows:
Allow from all
Deny from 111.222



Deny from 111.222 is to prohibit all IP addresses starting with 111.222 (for example, 111.222.0.1 ). In addition to setting the IP address, you can also set it to hostname (for example, ***. com ). "Files" and "Filesmatch" are widely used. You can not only set deny, but also set passwords for individual Files, such:
Request user 123


Require user abc




Using the. htaccess file also has some problems, such as performance. If you use. for an htaccess file, Apache needs to search for the file in each directory. It must also be found in all more advanced directories. In addition, Apache also needs to read each request for a page. htaccess file. Therefore, the use of. htaccess files may result in performance degradation.

For example, for a page request in/usr/hq/htdocs, Apache must find the following file:/. htaccess
/Usr/. htaccess
/Usr/hq/. htaccess
/Usr/hq/htdocs/. htaccess
In general, it is more convenient and secure to use. htaccess to protect websites. Because it is not like using a program to implement password protection, it is possible to obtain the password through speculation. Password protection using the. htaccess file is generally difficult to crack. In view of the advantages and disadvantages of the. htaccess method, you can choose the appropriate method based on the specific situation to ensure the security of the website.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.