Linux | Cloud | DevOps | Scripting

Breaking

Thursday, 19 May 2016

Secure WebServer

Password-Protected Directory With .htaccess:

In our previous Chapter WebServer we learnt how to create a webserver and how to access multiple websites on a single IP. Now we will know how to make a site password protected.

Suppose a site is running with Virtualhost:
<VirtualHost *:80>
ServerAdmin root@example.com
DocumentRoot /var/www/pox
ServerName pox.com
ServerAlias www.pox.com
ErrorLog /var/log/pox/example.com-error_log
CustomLog /var/log/pox/example.com-access_log common
</VirtualHost>

Now, we want to access this site only by specific users “user5” and “user6”. For this use following links:

1 Create an .htaccess File in the directory you want to password protect:
# vim /var/www/pox/.htacces
AuthUserFile /var/www/pox/.htpasswd
AuthName "Authorization Required"
AuthType Basic
require valid-user

NOTE: If we want to password protect just a single file in a folder, add the following lines also to the .htaccess file:
<Files "mypage.html">
    Require valid-user
</Files>

2 Create .htpasswd file and add users, whom we want to allow to login
# htpasswd -c /var/www/pox/.htpasswd user5

<<This will allow user user5 to access the directory /var/www/pox.
-c is used only when we are creating a new file. After the first time, we will omit the -c flag. To allow other users to access …pox directory we should use –m flag. >>

# htpasswd -m /var/www/pox/.htpasswd user6

3 Finally we add following lines to configuration file:
# vim /etc/httpd/conf.d/pox.conf
<Directory /var/www/pox>
AllowOverride All
</Directory>

4 Restart service of Webserver
# service httpd restart
# chkconfig httpd on

5 Access your site:
# links www.pox.com


Provide username and password to access http://www.pox.com


No comments:

Post a Comment

Pages