In this document I hereby explain how to restrict access to a specified Directory in Apache.
My infrastructure is
FC9
Apache 2.2.6
For this example let’s say I want to protect a directory called private. Although your files may be in other locations, my files are located here:
Directory to protect: /var/www/htdocs/private
httpd.conf: /etc/apache/conf/httpd.conf
The very first thing to do is create an .htaccess file with following details right in the Directory
[root@server ] touch /var/www/htdocs/private/.htaccess[root@server ] vi /var/www/htdocs/private/.htaccess
AuthType Basic
AuthUserFile /var/www/conf/.htpasswd
AuthName RestrictedArea
require valid-user
satisfy any
Here the .htpasswd file is storing the user name and password of authenticated users. You can specify this file any where in the directory.
Change its ownership and permissions
Change its ownership and permissions
[root@server ]chown apache.apache /var/www/conf/.htpasswd
[root@server ]chmod 644 /var/www/conf/.htpasswd
Next lets add this following content in the httpd.conf file. Put the following content in the Directory Tag
[root@server]vi /etc/httpd/conf/httpd.conf
deny from all
Options ExecCGI
AllowOverride AuthConfig
Order deny,allow
Save and Exit
Now Lets add some users in the .htpasswd files
[root@server]htpasswd –bc /var/www/conf/.htpasswd admin passwd
OK,Now lets restart the Apache
[root@server]apachectl -k graceful
Check the Web server ports are listening.
[root@server]netstat -ntlp
If the 80 port is listening go to your favourite web browser and type the address. It will ask for user name and password to check in.Other wise you will get an internal server error. You may miss something. Check with your server logs.
No comments:
Post a Comment