Hello everyone, I am Internet old xin, this is my 22nd day to participate in the more wen Challenge, the activity details: more Wen Challenge

preface

Article we discussed the virtual host, we can through the IP or IP + port number or domain name to access a web site, but we do not want other people to access some websites and men have permission to access, such as in the company’s Intranet site, we only allow people access, associated with the project at this time we will use the access control.

When you click on a connection, the browser pops up an authentication dialog asking for your account number and password. If you don’t have one, you can’t continue browsing. This is actually the WWW server user authorization and access control in play

Today we are going to talk about Apache authentication, authorization and access control.

IP access control

When Apache accesses directory permissions, you often see the following configuration:

<Directory "/www">
    Order Allow,Deny
</Directory>
Copy the code

And. Htaccess are also common tags

What does this mean? Let’s explain:

Directory control statements start with <Directory Directory name >; To end. By default,all directories are denied: Order allow,deny All directories are denied by default: Order deny,allow AllowOverride None: overwriting from the root directory to subdirectories is not allowed. That is, access from the root directory to subdirectories is denied by default. To view a subdirectory under the root directory, you must enable the access permission of the subdirectory first. Order allow, deny: indicates the Order of access control. The match is allowed and then denied. Allow from all: allows access from any address. Allow from 172.18.49.0/24 Deny from 172.18.49.102

For user authentication and authorization, let’s look at the following table:

User authentication and authorization

The main parameters
parameter role
Authtype Basic Indicates the Basic authentication provided by Apache
Authname The authentication name is the prompt for the dialog box that prompts you to enter your password
Authuserfile Is the file that stores the authentication user
require user The user name allows access to one or more specified users. If there are other users in the authentication file, access is still not allowed
require valid-user All users in the authentication file can access it
require group The group name is granted to a group, rarely used

The configuration file takes effect in the following order:

1. Use the last Order Order Deny,Allow Deny from all Allow from example.org This domain name can be accessed by 2.

Order Allow,Deny Order deny,allow deny from all
“>

Note: In apache 2.2, access control is based on the client’s host name, IP address, and other characteristics in the client’s request, depending on the version. Use Order, Allow, Deny, and Satisfy directives to do this. In later versions of Apache2.4, access control is implemented using the new module mod_authz_host, and other authorization checks are done in the same way. The old access control statements should be replaced by new authorization mechanisms

Configuration case
A. Create an access user and its password
[root@gaosh-1 ~]# userAdd gaosh # create a user
[root@gaosh-1 ~]# htpasswd -c /etc/httpd/webpasswd gaosh
New password: 
Re-type new password: 
Adding password for user gaosh
[root@gaosh-1 ~]# cat /etc/httpd/webpasswd 
gaosh:rHBrfxVHhn4F6
[root@gaosh-1 ~]# 

Copy the code

Note: Use the -c argument only when first used

B. Modify the configuration file

[root@gaosh-1 ~]# vim /etc/httpd/conf/httpd.conf

<VirtualHost 192.168.1.22:80>
    DocumentRoot /var/www/html/zmgaosh22
    ServerName www.zmgaosh22.com
    <Directory /var/www/html/zmgaosh22>
    AuthType Basic
    AuthName Password
    AuthUserFile /etc/httpd/webpasswd
    require user gaosh
  </Directory>

</VirtualHost>
Copy the code
C. Restart the service

[root@gaosh-1 ~]# service httpd restart

D. test

Test by typing the url into a browser

conclusion

Can you see that when we log in the website, we have to enter the user name and password to access, have you learned?