Hello everyone, I am Internet old xin, this is my 22nd day to participate in the more wen Challenge, the activity details: more Wen Challenge
preface
Article we discussed the virtual host, we can through the IP or IP + port number or domain name to access a web site, but we do not want other people to access some websites and men have permission to access, such as in the company’s Intranet site, we only allow people access, associated with the project at this time we will use the access control.
When you click on a connection, the browser pops up an authentication dialog asking for your account number and password. If you don’t have one, you can’t continue browsing. This is actually the WWW server user authorization and access control in play
Today we are going to talk about Apache authentication, authorization and access control.
IP access control
When Apache accesses directory permissions, you often see the following configuration:
<Directory "/www">
Order Allow,Deny
</Directory>
Copy the code
And. Htaccess are also common tags
What does this mean? Let’s explain:
Directory control statements start with <Directory Directory name >; To end. By default,all directories are denied: Order allow,deny All directories are denied by default: Order deny,allow AllowOverride None: overwriting from the root directory to subdirectories is not allowed. That is, access from the root directory to subdirectories is denied by default. To view a subdirectory under the root directory, you must enable the access permission of the subdirectory first. Order allow, deny: indicates the Order of access control. The match is allowed and then denied. Allow from all: allows access from any address. Allow from 172.18.49.0/24 Deny from 172.18.49.102
For user authentication and authorization, let’s look at the following table:
User authentication and authorization
The main parameters
parameter | role |
---|---|
Authtype | Basic Indicates the Basic authentication provided by Apache |
Authname | The authentication name is the prompt for the dialog box that prompts you to enter your password |
Authuserfile | Is the file that stores the authentication user |
require user | The user name allows access to one or more specified users. If there are other users in the authentication file, access is still not allowed |
require valid-user | All users in the authentication file can access it |
require group | The group name is granted to a group, rarely used |
The configuration file takes effect in the following order:
1. Use the last Order Order Deny,Allow Deny from all Allow from example.org This domain name can be accessed by 2.
Order Allow,Deny Order deny,allow deny from all
Note: In apache 2.2, access control is based on the client’s host name, IP address, and other characteristics in the client’s request, depending on the version. Use Order, Allow, Deny, and Satisfy directives to do this. In later versions of Apache2.4, access control is implemented using the new module mod_authz_host, and other authorization checks are done in the same way. The old access control statements should be replaced by new authorization mechanisms
Configuration case
A. Create an access user and its password
[root@gaosh-1 ~]# userAdd gaosh # create a user
[root@gaosh-1 ~]# htpasswd -c /etc/httpd/webpasswd gaosh
New password:
Re-type new password:
Adding password for user gaosh
[root@gaosh-1 ~]# cat /etc/httpd/webpasswd
gaosh:rHBrfxVHhn4F6
[root@gaosh-1 ~]#
Copy the code
Note: Use the -c argument only when first used
B. Modify the configuration file
[root@gaosh-1 ~]# vim /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.1.22:80>
DocumentRoot /var/www/html/zmgaosh22
ServerName www.zmgaosh22.com
<Directory /var/www/html/zmgaosh22>
AuthType Basic
AuthName Password
AuthUserFile /etc/httpd/webpasswd
require user gaosh
</Directory>
</VirtualHost>
Copy the code
C. Restart the service
[root@gaosh-1 ~]# service httpd restart
D. test
Test by typing the url into a browser
conclusion
Can you see that when we log in the website, we have to enter the user name and password to access, have you learned?