authentication

Home

Restrict Access to a Specific URL

Sat, 01/05/2010 - 19:31 — horuskol

Using the or directives to restrict access to specific areas of a website only works if there is actually a physical file or directory. But as more and more site frameworks are using rewritten URLs, the chances of a URL mapping to a physical file or directory are getting pretty slim.

So, what can you do in these circumstances?

Well, something like this:

Satisfy any
 
Order allow,deny
 
SetEnvIf Request_URI "^/admin" admin
Deny from env=admin
 
AuthUserFile /var/www/your-website/.htpasswd
AuthType Basic
AuthName "Authentication Required"

Restrict Access to a Directory Within Your Website

Sat, 01/05/2010 - 19:00 — horuskol

If you want to restrict access to a specific directory, such as an administration section, you have a couple of options. First, you can drop a .htaccess file into the directory which you want to restrict and set it up like this:

AuthUserFile /var/www/your-website/.htpasswd
AuthType Basic
AuthName "Authentication Required"
 
Require valid-user

Allowing Trusted Connections and Require Passwords from Others

Sat, 01/05/2010 - 18:39 — horuskol

This should be fairly useful - it sets up a trusted connection (always allow access to people on a specific network) and requires authentication for anyone else outside of that network.

Satisfy any
 
Order deny,allow
Deny from all
 
Allow from 192.168.1
 
AuthUserFile /var/www/your-website/.htpasswd
AuthType Basic
AuthName "Authentication Required"
 
Require valid-user

Satisfy Directive

Require a Username/Password for your Website (Basic Authentication)

Sat, 01/05/2010 - 18:17 — horuskol

If you want to lockdown your website, but do not need a full user access solution built in PHP or ASP, etc, you can make use of a variety of authentication options with Apache.

This example uses the basic authentication methods available to the core of Apache httpd:

AuthUserFile /var/www/your-website/.htpasswd
AuthType Basic
AuthName "Authentication Required"
Require valid-user

.htpasswd file

Knowledge Builder: Restrict Access and Secure Your Website with Apache

Sat, 01/05/2010 - 17:14 — horuskol

For most applications, there really isn't all that much to Apache configuration beyond setting up the virtual host and document root.

But Apache has a lot more to offer, and this set of articles will show how to set up some security on your site.