Web Access Control

Source: Internet
Author: User



First confirm that the HTTPD service is installed and that it will function properly.

[[email protected] ~]# NETSTAT-UTPLN |grep httpdtcp 0 0::: +:::* LISTEN 7334/HTTPD [[email protected] ~]#


Restrict IP address access to specified Web pages, such as our Administration page, so that everyone can see, will disclose information


1: Restrict the way the IP controls Web Access permissions:

(1) Modify the httpd master configuration file/usr/local/httpd/conf/httpd.conf. I am compiling the installation, the specific location also depends on the personal installation location.

The contents of the configuration file will vary depending on the installation method yum or compile, the number of rows configured is different, note

428 <directory "/usr/local/awstats/wwwroot" > # #限制资源的路径429 Options None 430 allowoverride None431 Or Der Allow,deny # #先允许后拒绝, default deny 432 allow from 192.168.100.10 # #白名单, write here IP address or network segment allows access to restricted resources 433 </Directory>

(2) Restart service:

[Email protected] ~]#/etc/init.d/httpd restarthttpd is restart ok! [Email protected] ~]#

(3) Access verification:

First Test on the Vmnet1 NIC with IP address 192.168.100.10:

Test 192.168.100.150/index.html access to normal 650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M02/9E/88/ Wkiol1ms6zhcy-5qaabjdb5bscw352.png "style=" Float:none; "title=" 1.png "alt=" wkiol1ms6zhcy-5qaabjdb5bscw352.png "/ >

Test Log Analysis Platform: access to normal

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M00/9E/88/wKioL1mS6ZHTDWTvAAGUNCVBd04054.png "style=" float : none; "title=" 2.png "alt=" Wkiol1ms6zhtdwtvaaguncvbd04054.png "/>

Switch the VMNET1 network card to any IP address other than 192.168.100.10 test: I tune into 192.168.100.200

First Access 192.168.100.150/index.html access OK

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M02/9E/9A/wKiom1mS6n-S8eB9AABFFQabRGw647.png "style=" float : none; "title=" 3.png "alt=" Wkiom1ms6n-s8eb9aabffqabrgw647.png "/>


Access 192.168.100.150/aws.html Log Analysis system found no access

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/9E/88/wKioL1mS6n_ygsnbAABk1bepRQU038.png "style=" float : none; "title=" 4.png "alt=" Wkiol1ms6n_ygsnbaabk1beprqu038.png "/>


This is to limit the way IP, limit our sensitive resources are not accessed, thereby improving security performance. We can also improve security through user account password authentication method.


2: Control of authentication Mode permission:

(1) Create the authenticated user and password:

HTPASSWD is the tool that comes with the Apache service when it is installed, generating authenticated user and password information

The

         format is: htpasswd-c build location   Authenticated Users   # #第一次生成带 -c is not required

When the consciousness of the formatted input is added again

[[email protected] ~]# htpasswd-c/usr/local/httpd/conf/htpasswd Admin # #生成认证的用户New Password: # #填写密码Re-type new pas Sword: # #确认密码Adding password for user admin[[email protected] ~]# htpasswd/usr/local/httpd/conf/htpasswd User # #再添加时候 , no need to add-C new password:re-type new password:adding password for user user[[email protected] ~]# Cat/usr/local/httpd/con F/HTPASSWD admin:diyknerqxv0rwuser:yfy65he3syne2# #将生成的认证信息 added to the group. This group has access to restricted pages [[email protected] ~]# vi/usr/local/httpd/conf/htgroups[[email protected] ~]# cat/usr/local/httpd/ Conf/htgroupsadministrator:admin

(2) Modify the configuration file:

Modify HTTPD's master profile to support authentication files for verification

 vi /usr/local/httpd/conf/httpd.conf    428 <Directory  "/usr/local/ Awstats/wwwroot ">    429     Options None     430     AllowOverride None    431      Order allow,deny    432     Allow  from 192.168.100.10    433     authtype basic     434     AuthName  "Log analysis system"     # #登录时提示的信息     435     AuthBasicProvider file     # #指定认证用户文件     436     authuserfile /usr/ local/httpd/conf/htpasswd    #认证用户文件位置     437      Authgroupfile /usr/local/httpd/conf/htgroups  # #认证用户组     438     require group  administrator       # #认证组的名字     439 </ Directory>


(3) Restart service:

[Email protected] ~]#/etc/init.d/httpd restarthttpd is restart ok!

(4) Test:


The IP address of the current test machine is 192.168.100.200

Access 192.168.100.150/index.html Normal access


650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M01/9E/9A/wKiom1mS8djAzjZ_AABKs-XK1pk170.png "style=" float : none; "title=" 11.png "alt=" Wkiom1ms8djazjz_aabks-xk1pk170.png "/>

Access 192.168.100.150/aws.html is inaccessible because we have previously set a policy that restricts IP.

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M01/9E/88/wKioL1mS8diDl0bsAABgd2xCm3o759.png "style=" float : none; "title=" 22.png "alt=" Wkiol1ms8didl0bsaabgd2xcm3o759.png "/>

Now switch the IP address of the test host to 192.168.100.10

Visit 192.168.100.150/index.html


Access to normal

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M00/9E/89/wKioL1mS8qWQrQkKAABKs-XK1pk897.png "style=" float : none; "title=" 11.png "alt=" Wkiol1ms8qwqrqkkaabks-xk1pk897.png "/>

Visit 192.168.100.150/aws.html

Need to verify:

Enter the authentication user and password:


650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M01/9E/9A/wKiom1mS8qaxBTFcAACglUfLgMA020.png "style=" float : none; "title=" 33.png "alt=" Wkiom1ms8qaxbtfcaacgluflgma020.png "/>

Arrival Log Analysis Interface Access normal

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M02/9E/89/wKioL1mS8yjhLJPmAAG36skmma0584.png "title=" Ss.png "alt=" Wkiol1ms8yjhljpmaag36skmma0584.png "/>




This article is from the "longing for Technology small white" blog, please make sure to keep this source http://lesliecheung.blog.51cto.com/12622169/1956566

Web Access Control

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.