Apache Awk Bash C cftp daemontools DHCP djbdns DNS Emacs Email ezmlm Fetchmail find GDB Hardware HTML HTTP Intro ISDN less Make Math mc mirrordir MySQL Peripherals Perl PHP3 pppd qmail Regexps Shell System Tables test To do Typical ucspi-tcp Versions Index TCP/IP slides

Authorization

To require authorization to enter a directory under Apache, first make sure that the given directory (or its parent) has the entry

AllowOverride All

in /etc/apache/httpd.conf. Then, add to the directory that should require authorization a file .htaccess with the following contents:

deny from all
AuthType Basic
AuthName "Restricted resource"
AuthUserFile /etc/apache/authorizations
require valid-user
satisfy any

Then, create a password file (/etc/apache/authorizations above) for the exampleuser with the password examplepw with the following command:

/usr/local/apache/bin/htpasswd -b -c /etc/apache/authorizations exampleuser examplepw

To add further users to the authorization file, use

/usr/local/apache/bin/htpasswd -b /etc/apache/authorizations moreuser differentpw

On both the above commands, the -b and password parameters may be omitted, and the program will prompt for the password.

The AuthName in .htaccess is the prompt sent by the server to the browser when to identify the area requiring authorization. Multiple authorization files may exist.

Remember to restart Apache to enable the above configuration.


Virtual hosts

Apache supports both IP based and name based virtual hosting. The name based approach is compatible with most modern browsers, and works quite well.

Example: assume that our Apache server is at 192.168.1.1, and that we want it to respond to www.alfa.com and www.beta.com, both of which map to the given IP. Further assume that we want www.alfa.com to correspond to the /var/www/alfa directory, and www.beta.com to the /var/www/beta directory. Then, add the following to /etc/apache/httpd.conf (note that all of this is case sensitive):

NameVirtualHost 192.168.1.1

<VirtualHost 192.168.1.1>
  ServerName www.alfa.com
  DocumentRoot /var/www/alfa
</VirtualHost>

<VirtualHost 192.168.1.1>
  ServerName www.beta.com
  DocumentRoot /var/www/beta
</VirtualHost>

Status

To allow checking the Apache status with a browser, add the following /etc/apache/access.conf:

ExtendedStatus On

<Location /server-status>
  SetHandler server-status
  order deny,allow
  deny from all
  allow from 127.0.0.1
</Location>

This enables access from the host where Apache resides. To enable other accesses, see the allow formats in the following table. Note that the inverted reasoning applies to the deny directive. Also note that the above example specifies that first "all" is denied access, and then the "127.0.0.1" is allowed.

Example Meaning
allow from all Allows access from anywhere
allow from .example.com Allows access from any computer whose address resolves to a host within the example.com domain
allow from master.example.com Allows access from the master.example.com host
allow from 192.168.1.5 Allows access from the host at 192.168.1.5
allow from 192.168.1. Allows access from any host with IP starting with 192.168.1.
allow from 192.168.1.0/255.255.255.0 Allows access from any host with the given subnet

Logs

To resolve the IPs in the Apache logs, use the command logresolve

apache related links

Last update: Wed, 2 Nov 2005 10:16:21 GMT