|Apache Awk Bash C cftp daemontools DHCP djbdns DNS Emacs Email ezmlm Fetchmail find GDB Hardware HTML HTTP Intro ISDN less Make Math mc mirrordir MySQL Peripherals Perl PHP3 pppd qmail Regexps Shell System Tables test To do Typical ucspi-tcp Versions Index TCP/IP slides|
To require authorization to enter a directory under Apache, first make sure that the given directory (or its parent) has the entryAllowOverride All
in /etc/apache/httpd.conf. Then, add to the directory that should require authorization a file .htaccess with the following contents:deny from all
AuthName "Restricted resource"
Then, create a password file (/etc/apache/authorizations above) for the exampleuser with the password examplepw with the following command:/usr/local/apache/bin/htpasswd -b -c /etc/apache/authorizations exampleuser examplepw
To add further users to the authorization file, use/usr/local/apache/bin/htpasswd -b /etc/apache/authorizations moreuser differentpw
On both the above commands, the -b and password parameters may be omitted, and the program will prompt for the password.
The AuthName in .htaccess is the prompt sent by the server to the browser when to identify the area requiring authorization. Multiple authorization files may exist.
Remember to restart Apache to enable the above configuration.
Apache supports both IP based and name based virtual hosting. The name based approach is compatible with most modern browsers, and works quite well.
Example: assume that our Apache server is at 192.168.1.1, and that we want it to respond to www.alfa.com and www.beta.com, both of which map to the given IP. Further assume that we want www.alfa.com to correspond to the /var/www/alfa directory, and www.beta.com to the /var/www/beta directory. Then, add the following to /etc/apache/httpd.conf (note that all of this is case sensitive):NameVirtualHost 192.168.1.1
To allow checking the Apache status with a browser, add the following /etc/apache/access.conf:ExtendedStatus On
deny from all
allow from 127.0.0.1
This enables access from the host where Apache resides. To enable other accesses, see the allow formats in the following table. Note that the inverted reasoning applies to the deny directive. Also note that the above example specifies that first "all" is denied access, and then the "127.0.0.1" is allowed.
Example Meaning allow from all Allows access from anywhere allow from .example.com Allows access from any computer whose address resolves to a host within the example.com domain allow from master.example.com Allows access from the master.example.com host allow from 192.168.1.5 Allows access from the host at 192.168.1.5 allow from 192.168.1. Allows access from any host with IP starting with 192.168.1. allow from 192.168.1.0/255.255.255.0 Allows access from any host with the given subnet
To resolve the IPs in the Apache logs, use the command logresolve
apache related links
|Last update: Wed, 2 Nov 2005 10:16:21 GMT||top|