security&passwd
-------
Create a password file with htpasswd
creating a .htpasswd file for user1.
#htpasswd -c /etc/httpd/.htpasswd user1
Note: Only use -c the first time you create the file. Do not use -c when you add a user in the future.
Let's create another user named user2:
# htpasswd /etc/httpd/.htpasswd user2
After creating user2, you can see the username and the encrypted password for each record:
cat /etc/httpd/.htpasswd
The output will look something like this:
user1:$apr1$0r/2zNGG$jopiWY3DEJd2FvZxTnugJ/
user2:$apr1$07FYIyjx$7Zy1qcBd.B8cKqu0wN/MH1
Now, you need to allow the apache user to read the .htpasswd file.
# chown apache:apache /etc/httpd/.htpasswd
# chmod 0660 /etc/httpd/.htpasswd
----------------------------------
Alias /web "/var/www/html/secret/"
ServerAdmin root@server.worldcm.net
ServerName worldcm.net
DocumentRoot /var/www/html/secret
ErrorLog logs/error_log
<Directory "/var/www/html/secret">
AuthType Basic
AuthName "Secret Files"
AuthUserFile /etc/httpd/.htpasswd
Require user
</Directory>
</VirtualHost>
-------------------------------------------
NO Security
#vim /etc/httpd/conf.d/postfixadmin.conf
<Directory /var/www/html/postfixadmin/>
Order Deny,Allow
# IP address you permit to access
Allow from all
</Directory>
Alias /postfixadmin /usr/share/postfixadmin Alias /PostFixAdmin /usr/share/postfixadmin Alias /PostfixAdmin /usr/share/postfixadmin
-------------------------------------------------
OR Directory "/usr/share/postfixadmin" Order Allow,Deny Allow from all Directory Alias /postfixadmin /usr/share/postfixadmin Alias /PostFixAdmin /usr/share/postfixadmin Alias /PostfixAdmin /usr/share/postfixadmin
------------------------------------------------
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
--------
[root@mail ~]# vi /etc/httpd/conf.d/awstats.conf
<Directory "/usr/share/awstats/wwwroot">
Options None
AllowOverride None
Order allow,deny
allow from 127.0.0.1 10.0.0.0/24# IP address you permit to access
</Directory>
-----------
Alias /awstats/icon/ /var/www/awstats/icon/ ScriptAlias /awstats/ /var/www/awstats/ <Directory "/var/www/awstats/"> DirectoryIndex awstats.pl Options ExecCGI order deny,allow deny from all allow from 127.0.0.1 allow from 192.168.1.0/24 </Directory> #Alias /css/ /var/www/awstats/css/ #Alias /js/ /var/www/awstats/js/
[root@server ~]# vi /etc/httpd/conf/httpd.conf
<Directory "/usr/local/awstats/cgi-bin">
Order allow,deny
Allow from all
</Directory>
# This is to force authentication when trying to access /awstats
<Location /awstats>
AuthType Basic
AuthName "AWStats Admin Access Required"
AuthUserFile /etc/httpd/conf.d/awstats.passwd
require valid-user
</Location>
7] Set username and password for awstat link.
[root@server ~]# htpasswd -c /etc/httpd/conf.d/awstats.passwd admin
8] Restart the httpd.
############################################################################################
# vim /etc/httpd/conf.d/munin.conf
Alias /munin /var/www/html/munin <Directory /var/www/html/munin> Options FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> <directory /var/www/html/munin> AuthUserFile /etc/munin/munin-htpasswd AuthName "Munin" AuthType Basic require valid-user ExpiresActive On ExpiresDefault M310 </directory> ScriptAlias /munin-cgi/munin-cgi-graph /var/www/cgi-bin/munin-cgi-graph
Create munin htpasswd file using following command
# htpasswd -cm /etc/munin/munin-htpasswd muninadmin New password:
#####################################################################
Http Password protection
# cd /var/www/html/websvn
Adding authentication you can add this configuration
# vi /etc/httpd/conf.d/websvn.conf
Alias /svn /var/www/html/websvn
<Directory /var/www/html/websvn>
DirectoryIndex index.php
Options FollowSymLinks
Order allow,deny
Allow from all
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /var/www/html/websvn/passwd
Require valid-user
</Directory>
Adding users to authentication file
# htpasswd -cm /var/www/html/websvn/passwd u1
New password:
Re-type new password:
Adding password for user u1
## Create u12 ##
htpasswd -m /var/www/html/websvn/passwd u2
New password:
Re-type new password:
Adding password for user u2
htpasswd -c /var/www/html/websvn/passwd u2
#################################################################
Setup Apache
We are going to add the following lines to our Apache configuration to serve WebSVN.
# vi /etc/httpd/conf.d/websvn.conf
Alias /websvn "/var/www/html/websvn"
<Directory "/var/www/html/websvn">
Options -Indexes MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Restart apache for the changes to take affect.
# service httpd restart
# vi /var/www/html/websvn/.htaccess
Add the following lines to it:
AuthName "Websvn Login"
AuthType Basic
AuthUserFile /var/www/html/websvn/.htpasswd
Require valid-user
Then create some users for access to it. If you have already followed the tutorial on Install and Configure SVN,
then you could just specify the path to the passwd file there and skip the next two steps.
# htpasswd -c /var/www/html/websvn/.htpasswd u1
New password:
Re-type new password:
Adding password for user u1
Add some users to it:
# htpasswd /home/www/websvn/.htpasswd u2
After setting up the .htaccess file, your users will be prompted by simple username/password dialog
that they will have to fill out in order to view the contents of the repository.
--------------------------------------------------------------------------------------------------------------------------
http://www.cyberciti.biz/faq/howto-setup-apache-password-protect-directory-with-htaccess-file/
sure Apache is configured to use .htaccess file
You need to have AllowOverride AuthConfig directive in httpd.conf file in order for these directives to have any effect. Look for DocumentRoot Directory entry. In this example, our DocumentRoot directory is set to /var/www. Therefore, my entry in httpd.conf looks like as follows:
<Directory /var/www> Options Indexes Includes FollowSymLinks MultiViews AllowOverride AuthConfig Order allow,deny Allow from all </Directory>
Save the file and restart Apache
If you are using Red Hat /Fedora Linux:
# service httpd restart
If you are using Debian Linux:
# /etc/init.d/apache-perl restart
Step # 2: Create a password file with htpasswd
htpasswd command is used to create and update the flat-files (text file) used to store usernames and password for basic authentication of Apache users. General syntax:
htpasswd -c password-file username
Where,
-c : Create the password-file. If password-file already exists, it is rewritten and truncated.
username : The username to create or update in password-file. If username does not exist in this file, an entry is added. If it does exist, the password is changed.
Create directory outside apache document root, so that only Apache can access password file. The password-file should be placed somewhere not accessible from the web. This is so that people cannot download the password file:
# mkdir -p /home/secure/
Add new user called vivek
# htpasswd -c /home/secure/apasswords vivek
Make sure /home/secure/apasswords file is readable by Apache web server. If Apache cannot read your password file, it will not authenticate you. You need to setup a correct permission using chown command. Usually apache use www-data user. Use the following command to find out Apache username. If you are using Debian Linux use pache2.conf, type the following command:
# grep -e '^User' /etc/apache2/apache2.conf
Output:
www-data
Now allow apache user www-data to read our password file:
# chown www-data:www-data /home/secure/apasswords
# chmod 0660 /home/secure/apasswords
If you are using RedHat and Fedora core, type the following commands :
# grep -e '^User' /etc/httpd/conf/httpd.conf
Output:
apache
Now allow apache user apache to read our password file:
# chown apache:apache /home/secure/apasswords
# chmod 0660 /home/secure/apasswords
Now our user vivek is added but you need to configure the Apache web server to request a password and tell the server which users are allowed access. Let us assume you have directory called /var/www/docs and you would like to protect it with a password.
Create a directory /var/www/docs if it does not exist:
# mkdir -p /var/www/docs
Create .htaccess file using text editor:
# cd /var/www/docs
# vi .htaccess
Add following text:
AuthType Basic AuthName "Restricted Access" AuthUserFile /home/secure/apasswords Require user vivek
Save file and exit to shell prompt.
Step # 3: Test your configuration
Fire your browser type url http://yourdomain.com/docs/ or http://localhost/docs/ or http://ip-address/docs
When prompted for username and password please supply username vivek and password. You can add following lines to any file <Diretory> entry in httpd.conf file:
AuthType Basic AuthName "Restricted Access" AuthUserFile /home/secure/apasswords Require user vivek
To change or setup new user use htpasswd command again.
Troubleshooting
If password is not accepted or if you want to troubleshoot authentication related problems, open and see apache access.log/error.log files:
Fedora/CentOS/RHEL Linux log file location:
# tail -f /var/log/httpd/access_log
# tail -f /var/log/httpd/error_log
Ubuntu/Debian Linux Apache 2 log file location:
# tail -f /var/log/apache2/access.log
# tail -f /var/log/apache2/error.log
See also:
------------