Linux is widely used and rapid development has benefited from the rapid development of the Internet. For Internet applications on a wide range of Web services, Linux is outstanding. Currently on the Internet is difficult to say how many sites using Linux systems, but many sites are using Apache server will undoubtedly occupy a significant market share.
How to provide protection for the site to prevent unauthorized users to sign it? Typically authentication methods can be used. Authentication is an effective means to prevent unauthorized users from using the resource, but also an effective way to manage registered users. Now many websites use resources to manage user authentication, access to the user will be strictly limited. Traditional authentication method is by checking the user's login name, password, and to decide whether to allow users to use the resources, but this authentication method in some cases not very effective action. Particularly in the Apache server Linux platform, you can use Linux methods to achieve password authentication and protection.
Here's to introduce and demonstrate Linux + Apache under password protection method, the full realization of the site is protected.
What is the .htaccess file
.htaccess file is a settings file on the Apache server. It is a text file, you can use any text editor to write. .htaccess files provide a method to change the configuration for the directory, that is by placing files (.htaccess file) containing one or more instructions in a particular document directory, and to act in this directory and all subdirectories. Filename (eg index.html) .htaccess features include password settings page, set the file when an error occurs, change the home page is prohibited to read the file name, file redirects, MIME plus category, is prohibited under the directory file column Wait.
When you need to change the configuration for the directory server, and the server system does not have root privileges, you should use .htaccess files. If the server administrator frequently unwilling to modify the configuration, you can allow users to make changes to the configuration file .htaccess, especially ISP offers multiple user sites on a single machine, but the user may want to change their case configuration, generally open part .htaccess functionality for users to set their own.
Note, .htaccess is a complete file name, not a ***. Htaccess or another format (of course there are other administrators to set its name, but it is generally used in .htaccess). Also, upload .htaccess file, you must use ASCII mode and use the chmod command to change the permissions: 644 (RW_R__R__). Every place .htaccess directory and its subdirectories will be .htaccess affected. For example, in / abc / directory placed a .htaccess file, so all files / abc / and / abc / def / within it will be affected, but it is not /index.html impact, which is important of.
To implement password protection
1. Establish .htpasswd file
First create a file in the directory you want to set access control (eg htdocs), the file name can set their own server are generally set to .htpasswd, the file can not be read by the HTTP. .htpasswd file Each line represents a user, the user name and encrypted password with a colon: separated.
2..htaccess file for protection
.htaccess File contents are as follows:
< Limit get post>
< / Limit>
Wherein the second and third rows can be changed in the *** individual FTP login. .abcname1 and .abcname2 can be any file name, such as .htpasswd, .htpass, but can not be .htaccess. Upload the .htaccess to password protect directories to be (eg htdocs) in.
.htaccess final document "require" to tell the server which users can enter. require valid-user means that as long as the .htpasswd any one can enter. You can also specify a list of someone or a few people can use or require user username require user username1 username2 username3. You can also specify a group of people can use require group groupname.
3. Add a new user license
Into the htdocs directory, at the command line, enter the following command to generate .abcname1 file.
/ Var / www / bin / htpasswd .abcname1 abc
abc pledged to increase the user name. After you enter this command, the system prompts the user password, the user name so that it goes into effect. After changing a user name to increase again as when the user runs the second command line. If the user name exists, you are prompted to change the password.
4. Set up a group to allow access
Setting method is to create a group named .htgroup text file, as follows:
groupname1: username1 username2 username3
groupname2: username1 username3 username4
Plus "AuthGroupFile /absolute/path/.htgroup" in .htaccess. In ASCII mode upload all the files, all files in the directory will be protected.
Setting error file
If you do not want a "page not found" page when prompted to find the file, but open another HTML file, the method is very simple. First, write a new page, and open .htaccess with a text editor, add the final file: ErrorDocument 404 404.html. Here, 404.html error is the name of the file that the displayed page; 404 is the error code. General common cause of the error and error codes represent the following:
401 Authorization failed authorization fails, the password is wrong.
403 Access denied access error, can not read the file.
404 File not found File not found.
500 Internal Server Error
Internal server error, the Web server itself may be the problem, it may be a program written in error.
Prohibition to read the file
If something such as a password, stored in a file, then people need to know the corresponding location of the file, you can glance, this is too unsafe. In fact, you can not change other settings, do not move the file to other places can solve this problem, simply add the following lines to the .htaccess file:
< Files filename.ext>
order allow, deny
deny from all
< / Files>
If the system is installed Apache 1.3 or later, but also support regular expression of filesmatch.
< Filesmatch "\ .tmp">
order allow, deny
deny from all
< / Filesmatch>
files and filesmatch represent only apply to meet the requirements of some files. "Order deny, allow" represents first identify prohibited (deny), and then go to licensed (allow). If they are out of order "order allow, deny" it means first find out permission, forbidden to look after. "Deny from all" indicates that all IP addresses are not licensed. In contrast, "allow from all" represents all allowed. It can be set up:
order allow, deny
allow from all
deny from 111.222
deny from 111.222 to 111.222 refers banned all beginning IP address (eg 188.8.131.52). In addition to setting the IP address, you can also set hostname (eg: *** com.). "Files" and "Filesmatch" uses a lot, not only can set deny, individual files can also set a password, such as:
< Files 123>
require user 123
< / Files>
< Files abc>
require user abc
< / Files>
Use .htaccess files are also some problems, such as performance. If you use .htaccess files, Apache will look in every directory in the file, you must find it in all higher-level directories, in addition, every time a page is requested, are also required to read the .htaccess file. Thus, permitting .htaccess files causes a performance decrease.
For example, / usr / hq / htdocs requested pages, Apache must look for the following files:
Overall, through .htaccess to protect the site more convenient and secure. Because it is not the use of procedures to implement password protection, it is possible to obtain the password by guessing method. Use .htaccess file to implement password protection is generally very difficult to break. In view of the advantages and disadvantages of .htaccess way, the reader can select the appropriate method to ensure the safety of the site depending on the situation.