security&passwd

-------

Create a password file with htpasswd

creating a .htpasswd file for user1.

#htpasswd -c /etc/httpd/.htpasswd user1

Note: Only use -c the first time you create the file. Do not use -c when you add a user in the future.

Let's create another user named user2:

# htpasswd /etc/httpd/.htpasswd user2

After creating user2, you can see the username and the encrypted password for each record:

cat /etc/httpd/.htpasswd

The output will look something like this:

user1:$apr1$0r/2zNGG$jopiWY3DEJd2FvZxTnugJ/

user2:$apr1$07FYIyjx$7Zy1qcBd.B8cKqu0wN/MH1

Now, you need to allow the apache user to read the .htpasswd file.

# chown apache:apache /etc/httpd/.htpasswd

# chmod 0660 /etc/httpd/.htpasswd

----------------------------------

Alias /web "/var/www/html/secret/"

ServerAdmin root@server.worldcm.net

ServerName worldcm.net

DocumentRoot /var/www/html/secret

ErrorLog logs/error_log

<Directory "/var/www/html/secret">

AuthType Basic

AuthName "Secret Files"

AuthUserFile /etc/httpd/.htpasswd

Require user

</Directory>

</VirtualHost>

-------------------------------------------

NO Security

#vim /etc/httpd/conf.d/postfixadmin.conf

<Directory /var/www/html/postfixadmin/>

   Order Deny,Allow

   # IP address you permit to access

   Allow from all

</Directory>

 Alias /postfixadmin /usr/share/postfixadmin Alias /PostFixAdmin /usr/share/postfixadmin Alias /PostfixAdmin /usr/share/postfixadmin

                        -------------------------------------------------

                          OR  Directory "/usr/share/postfixadmin" Order Allow,Deny Allow from all Directory  Alias /postfixadmin /usr/share/postfixadmin Alias /PostFixAdmin /usr/share/postfixadmin Alias /PostfixAdmin /usr/share/postfixadmin

------------------------------------------------

<Directory /var/www/>

    Options Indexes FollowSymLinks

    AllowOverride All

    Require all granted

</Directory>

--------

[root@mail ~]# vi /etc/httpd/conf.d/awstats.conf

<Directory "/usr/share/awstats/wwwroot">

    Options None

    AllowOverride None

    Order allow,deny

    allow from 127.0.0.1 10.0.0.0/24# IP address you permit to access

</Directory>

-----------

Alias /awstats/icon/ /var/www/awstats/icon/ ScriptAlias /awstats/ /var/www/awstats/ <Directory "/var/www/awstats/">     DirectoryIndex awstats.pl     Options ExecCGI     order deny,allow     deny from all     allow from 127.0.0.1     allow from 192.168.1.0/24 </Directory>  #Alias /css/ /var/www/awstats/css/ #Alias /js/ /var/www/awstats/js/

[root@server ~]# vi /etc/httpd/conf/httpd.conf

<Directory "/usr/local/awstats/cgi-bin">

  Order allow,deny

  Allow from all

</Directory>

# This is to force authentication when trying to access /awstats

<Location /awstats>

AuthType Basic

AuthName "AWStats Admin Access Required"

AuthUserFile /etc/httpd/conf.d/awstats.passwd

require valid-user

</Location>

7] Set username and password for awstat link.

[root@server ~]# htpasswd -c  /etc/httpd/conf.d/awstats.passwd admin

8] Restart the httpd.

############################################################################################

# vim /etc/httpd/conf.d/munin.conf

Alias /munin /var/www/html/munin <Directory /var/www/html/munin>     Options FollowSymLinks     AllowOverride None     Order allow,deny     Allow from all </Directory>  <directory /var/www/html/munin> AuthUserFile /etc/munin/munin-htpasswd AuthName "Munin" AuthType Basic require valid-user  ExpiresActive On ExpiresDefault M310 </directory> ScriptAlias /munin-cgi/munin-cgi-graph /var/www/cgi-bin/munin-cgi-graph

Create munin htpasswd file using following command

# htpasswd -cm /etc/munin/munin-htpasswd muninadmin New password:

#####################################################################

Http Password protection

# cd /var/www/html/websvn

Adding authentication you can add this configuration

# vi /etc/httpd/conf.d/websvn.conf

Alias /svn /var/www/html/websvn

<Directory /var/www/html/websvn>

                DirectoryIndex index.php

                Options FollowSymLinks

                Order allow,deny

                Allow from all

                AuthType Basic

                AuthName "Subversion repository"

                 AuthUserFile /var/www/html/websvn/passwd

                Require valid-user

</Directory>

 Adding users to authentication file

# htpasswd -cm /var/www/html/websvn/passwd u1

New password:

Re-type new password:

Adding password for user u1

## Create u12 ##

htpasswd -m /var/www/html/websvn/passwd u2

New password:

Re-type new password:

Adding password for user u2

htpasswd -c /var/www/html/websvn/passwd u2

#################################################################

Setup Apache

We are going to add the following lines to our Apache configuration to serve WebSVN.

# vi /etc/httpd/conf.d/websvn.conf

Alias /websvn "/var/www/html/websvn"

<Directory "/var/www/html/websvn">

    Options -Indexes MultiViews

    AllowOverride All

    Order allow,deny

    Allow from all

</Directory>

Restart apache for the changes to take affect.

# service httpd restart

# vi /var/www/html/websvn/.htaccess

Add the following lines to it:

AuthName "Websvn Login"

AuthType Basic

AuthUserFile /var/www/html/websvn/.htpasswd

Require valid-user

Then create some users for access to it. If you have already followed the tutorial on Install and Configure SVN,

then you could just specify the path to the passwd file there and skip the next two steps.

# htpasswd -c /var/www/html/websvn/.htpasswd u1

New password:

Re-type new password:

Adding password for user u1

Add some users to it:

# htpasswd /home/www/websvn/.htpasswd u2

After setting up the .htaccess file, your users will be prompted by simple username/password dialog

that they will have to fill out in order to view the contents of the repository.

--------------------------------------------------------------------------------------------------------------------------

http://www.cyberciti.biz/faq/howto-setup-apache-password-protect-directory-with-htaccess-file/

sure Apache is configured to use .htaccess file

You need to have AllowOverride AuthConfig directive in httpd.conf file in order for these directives to have any effect. Look for DocumentRoot Directory entry. In this example, our DocumentRoot directory is set to /var/www. Therefore, my entry in httpd.conf looks like as follows:

<Directory /var/www> Options Indexes Includes FollowSymLinks MultiViews AllowOverride AuthConfig Order allow,deny Allow from all </Directory>

Save the file and restart Apache

If you are using Red Hat /Fedora Linux:

# service httpd restart

If you are using Debian Linux:

# /etc/init.d/apache-perl restart

Step # 2: Create a password file with htpasswd

htpasswd command is used to create and update the flat-files (text file) used to store usernames and password for basic authentication of Apache users. General syntax:

htpasswd -c password-file username

Where,

• • -c : Create the password-file. If password-file already exists, it is rewritten and truncated.

  • username : The username to create or update in password-file. If username does not exist in this file, an entry is added. If it does exist, the password is changed.

Create directory outside apache document root, so that only Apache can access password file. The password-file should be placed somewhere not accessible from the web. This is so that people cannot download the password file:

# mkdir -p /home/secure/

Add new user called vivek

# htpasswd -c /home/secure/apasswords vivek

Make sure /home/secure/apasswords file is readable by Apache web server. If Apache cannot read your password file, it will not authenticate you. You need to setup a correct permission using chown command. Usually apache use www-data user. Use the following command to find out Apache username. If you are using Debian Linux use pache2.conf, type the following command:

# grep -e '^User' /etc/apache2/apache2.conf

Output:

www-data

Now allow apache user www-data to read our password file:

# chown www-data:www-data /home/secure/apasswords

# chmod 0660 /home/secure/apasswords

If you are using RedHat and Fedora core, type the following commands :

# grep -e '^User' /etc/httpd/conf/httpd.conf

Output:

apache

Now allow apache user apache to read our password file:

# chown apache:apache /home/secure/apasswords

# chmod 0660 /home/secure/apasswords

Now our user vivek is added but you need to configure the Apache web server to request a password and tell the server which users are allowed access. Let us assume you have directory called /var/www/docs and you would like to protect it with a password.

Create a directory /var/www/docs if it does not exist:

# mkdir -p /var/www/docs

Create .htaccess file using text editor:

# cd /var/www/docs

# vi .htaccess

Add following text:

AuthType Basic AuthName "Restricted Access" AuthUserFile /home/secure/apasswords Require user vivek

Save file and exit to shell prompt.

Step # 3: Test your configuration

Fire your browser type url http://yourdomain.com/docs/ or http://localhost/docs/ or http://ip-address/docs

When prompted for username and password please supply username vivek and password. You can add following lines to any file <Diretory> entry in httpd.conf file:

AuthType Basic AuthName "Restricted Access" AuthUserFile /home/secure/apasswords Require user vivek

To change or setup new user use htpasswd command again.

Troubleshooting

If password is not accepted or if you want to troubleshoot authentication related problems, open and see apache access.log/error.log files:

Fedora/CentOS/RHEL Linux log file location:

# tail -f /var/log/httpd/access_log

# tail -f /var/log/httpd/error_log

Ubuntu/Debian Linux Apache 2 log file location:

# tail -f /var/log/apache2/access.log

# tail -f /var/log/apache2/error.log

See also:

• Apache Tutorial: .htaccess files

------------