Security Configuration and maintenance of Apache WEB Server (II)

AuthName "member Zone"
AuthType "Basic"
AuthUserFile "/var/tmp/xxx. pw" -----> put the password out of the website
Require valid-user to the apache/bin directory and create the password file

%./Htpasswd-c/var/tmp/xxx. pw username1 -----> the parameter "-c" must be used for the first File Creation"

%./Htpasswd/var/tmp/xxx. pw username2

In this way, the contents in the directory can be protected and valid users can be used for access.

Note: The modules attached to Apache are used. You can also add the following to httpd. conf:

Options indexes followsymlinks
Allowoverride authconfig
Order allow, deny
Allow from all

(4) Apache server access control

We need to look at the third file in the three configuration files, namely the access. conf file, which contains instructions to control which users are allowed to access the Apache directory. Set deny from all as the initialization command, and then use the allow from command to open the access permission.

<Directory/usr/local/http/docs/private>
<Limit>
Order deny, allow
Deny from all
Allow from safechina.net
</Limit>
</Directory>

Allows access from a domain, IP address, or IP address segment.

(5) password protection for Apache servers

We then use the. htaccess file to grant the access permission of a directory to a user. The system administrator needs to use the AccessFileName command in the httpd. conf or srm. conf file to open the access control of the directory. For example:

AuthName PrivateFiles
AuthType Basic
AuthUserFile/path/to/httpd/users
Require Phoenix

# Htpasswd-c/path/to/httpd/users Phoenix

　　4. Set the WEB and file servers of the Apache server

We store WEB server files on the Apache server for user access, and set the/home/ftp/pub directory as the file storage area. Use http://download.xxxx.com/pub/to prepare the file. Set apache reverse proxy technology on the firewall for access by the firewall proxy. [Page]

(1) Apache server settings

The default configuration is used for the apache server. The main directory is/home/httpd/html, the host domain name is Phoenix.XXXX.com, And the alias is in www.XXXX.com. The definition of setting srm. conf and adding an alias is as follows:
Alias/pub/home/ftp/pub/

The definition of changing the default application type is as follows:
 
DefaultType application/octet-stream

Add a definition in/etc/httpd/conf/access. conf.

Options Indexes
AllowOverride AuthConfig
Order allow, deny
Allow from all

Note: Options indexesallows you to list directories and files without finding the index.html file. AllowOverride AuthConfig allows you to perform basic user name and password verification. In this case, put. htaccess in the/home/ftp/pub directory. The content is as follows:

[Root @ shopu pub] # more. htaccess
AuthName Branch Office Public Software Download Area
AuthType Basic
AuthUserFile/etc/. usrpasswd
Require valid-user

Use # htpasswd-c/etc/. usrpasswd user1 to create different external usernames and passwords that allow access to file services in/pub.

(2) Configure reverse proxy technology on the firewall.
 
Add NameVirtualHost xxx. xxx to/etc/httpd/conf/httpd. conf.
# Xxx. xxx -----> is the permanent IP address of the firewall on the Internet.
Servername www.XXXX.com
Errorlog/var/log/httpd/error_log
Transferlog/var/log/httpd/access_log
Rewriteengine on
Proxyrequests off
Usecanonicalname off
Rewriterule ^/(. *) $ http://xxx.xxx.xx.x/#1 IP address of the Apache server.

Servername http://download.XXXX.com/pub/
Errorlog/var/log/httpd/download/error_log
Transferlog/var/log/httpd/download/access_log
Rewriteengine on
Proxyrequests off
Usecanonicalname off
Rewriterule ^/(. *) $ http://xxx.xxx.xx.x/1121 the IP address of the Apache server.

Set the DNS on the firewall so that both download.XXXX.com and www.XXXX.com point to the firewall's external network address xxx. Visit the home page with a http://www.XXXX.com and use the Download Area of the public file http://download.xxxx.com/pub.

Note: you also need to create the directory/var/log/httpd/download/on the apache server host; otherwise, an error will occur. In addition, you can set the/home/httpd/html/index.html attribute on the firewall host to 750 to block access, this is the http://www.XXXX.com that prevents external users from accessing the Apache server on the firewall.

Summary: Apache Server is a very good and awesome Server. As long as you correctly configure and maintain the Apache Server, you will feel the benefits of Apache Server.