Use Apache to build Web sites (ii) Client access control

Source: Internet
Author: User
Tags root directory

To better control access to site resources, I can add access authorizations for specific site directories. We can control the user's access by restricting both the client's address and the user's access rights, respectively. So let's explain each of these two control methods, both of which apply to the directory area <directory directory location >......</Directory> scope in the httpd.conf configuration file.

Client Address Restrictions

The configuration item Order,deny From,allow from to restrict client access based on the host name or IP address of the client. When you use an order configuration item, you can set it to "Allow,deny" or "Deny,allow" to determine the sequence in which the host applies the Allow and deny policies.

Allow,deny: Deny first, and reject all client addresses that are not explicitly allowed by default.

Deny,allow: Allow, by default, all client addresses that are not explicitly rejected.

When using allow and deny configuration items, you need to set up the client address to form a complete restriction policy in the form of an IP address, network address, host name, domain name, and any address using the name "all".

The following sets the root directory of the Web site for all people to access.

[Root@localhost/] #vim/usr/local/httpd/conf/httpd.conf

.../omitted part of the content

<directory "/usr/local/httpd/htdocs" >

.../omit part of the content

Order Allow,deny//reject after first permission

Allow from all//Allow all addresses

</Directory>

.../omitted part of the content

We can also reject an IP address or a network segment, which is set as follows:

[Root@localhost/] #vim/usr/local/httpd/conf/httpd.conf

.../omit part of the content

<directory '/usr/local/httpd/htdocs ' >

.../omit part of the content

Order Deny,allow//Reject First and allow

Deny from 192.168.1.1 192.168.3.0/24//Reject 192.168.1.1 and 192.168.3.0 network segments

</Directory>

.../omit part of the content

User Authorization Restrictions

The HTTPD server supports the use of Digest authentication and Basic authentication in two ways. Using Digest authentication requires adding the "--enable-auth-digest" option before compiling httpd, but not all browsers support Digest authentication, while Basic authentication is the basic function of httpd service and does not require special options, so this explains the basic authentication methods.

User-based access control contains authentication and authorization two processes,

Authentication: The process of identifying a user's identity.

Authorization: The process of allowing a specific user to access a specific directory area.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.