The apache allows us to set the authentication for the specific domains so that only the authorized users are able to see the content. This can particularly be helpful in case you have not launched your domain to the public or it is in development phase. In such an scenario you want to restrict only the domain to be accessible to your development team. This can be achieved using the Apache Authentication.
There are two files you required for setting up the Apache Authentication i.e. .htaccess and .htpasswd
The .htaccess file is a simple text file placed in the directory on which the apache authentication needs to be set up. The rules and configuration directives in the .htaccess file will be enforced on whatever directory it is in and all sub-directories as well. In order to password protect content, there are a few directives we must become familiar with. One of these directives in the .htaccess file ( the AuthUserFile directive ) tells the Apache web server where to look to find the username/password pairs.
The .htpasswd file is the second part of the affair. The .htpasswd file is also a simple text file. Instead of directives, the .htpasswd file contains username/password pairs. The password will be stored in encrypted form and the username will be in plaintext.
So .htaccess is the file where you will define the condition for the authentication, whenever the request will come to webserver the AuthUserFile directive tell apache where to look for the authentication details and .htpasswd is the actual file which stores your username and password in encrypted form.
Granting User access to the Apache server
1. Login to the requested server
2. Navigate to the following directory /var/www/<>
3. Locate the requested user in the /var/www/<>/.htpasswd.user file
user will be present in the file, if already exist
4. If user is not present in the file, use the below command to add.
/usr/local/apache2/bin/htpasswd /var/www/<>/.htpasswd.user
5. The above command will create the user Ҡin the /var/www/<>/.htpasswd.user file.
6. Verify the entry in the htpasswd.user file
In the .htaccess files you need to enter the below parameters.
This would restrict the users and would require a user to authenticate using the credentials to view the webpage.
You can further optimize this by setting up the passwordless access to the user within your organization , so if the user is trying to access this within your organization network he would direct access to the webpage or domain without the need to authenticating i.e. it would make it passwordless when access from the organization network.
You can add following parameters either to .htaccess file or to apache configuration file,
Restart the apache gracefully .There are two files you required for setting up the Apache Authentication i.e. .htaccess and .htpasswd
The .htaccess file is a simple text file placed in the directory on which the apache authentication needs to be set up. The rules and configuration directives in the .htaccess file will be enforced on whatever directory it is in and all sub-directories as well. In order to password protect content, there are a few directives we must become familiar with. One of these directives in the .htaccess file ( the AuthUserFile directive ) tells the Apache web server where to look to find the username/password pairs.
The .htpasswd file is the second part of the affair. The .htpasswd file is also a simple text file. Instead of directives, the .htpasswd file contains username/password pairs. The password will be stored in encrypted form and the username will be in plaintext.
So .htaccess is the file where you will define the condition for the authentication, whenever the request will come to webserver the AuthUserFile directive tell apache where to look for the authentication details and .htpasswd is the actual file which stores your username and password in encrypted form.
Granting User access to the Apache server
1. Login to the requested server
2. Navigate to the following directory /var/www/<
3. Locate the requested user in the /var/www/<
user will be present in the file, if already exist
4. If user is not present in the file, use the below command to add.
/usr/local/apache2/bin/htpasswd /var/www/<
5. The above command will create the user “
6. Verify the entry in the htpasswd.user file
In the .htaccess files you need to enter the below parameters.
AuthType Basic AuthName "Restricted Access"
AuthUserFile /var/www/webroot/.passwd
Require user;
This would restrict the users and would require a user to authenticate using the credentials to view the webpage.
You can further optimize this by setting up the passwordless access to the user within your organization , so if the user is trying to access this within your organization network he would direct access to the webpage or domain without the need to authenticating i.e. it would make it passwordless when access from the organization network.
You can add following parameters either to .htaccess file or to apache configuration file,
AllowOverride All Order Deny,Allow
Deny from all
Allow from 62.209.198.0/24
Allow from 62.209.195.0/24
Allow from 68.76.88.0/24
Allow from 218.176.96.0/24
Allow from 208.211.16.0/24
Allow from 127.0.0.1
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /var/www/webroot/.passwd
Require user username
Satisfy Any
Note: When you are adding the users to the same file don't use the "c" option. it should be used only the first time when you are creating the .passwd file .
If you use -c option , it will rewrite and truncate the passwd file which is created earlier. There are chances user will be present in the file, if it already exist .
0 comments:
Post a Comment