Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Apache Web Security Linux systems     - Linux FTP setting file description (Server)

- Python function arguments * args and ** kwargs usage (Programming)

- Linux system security Comments (Linux)

- Linux --- manual release system cache (Linux)

- Zend Studio PHP syntax color scheme to export (Linux)

- Redis logging system (Database)

- CentOS 6.5 using Virtualenv under development environment to build Python3 (Linux)

- MongoDB version 3.2 WiredTiger storage engine performance tests (Database)

- CentOS / Linux restart active NIC connection paths / network configure error Error Resolution (Linux)

- Use window.name + iframe cross-domain access to data Detailed (Programming)

- CentOS 6.5 three ways to configure the IP address (Linux)

- Linux operation and maintenance engineers face questions Intermediate (Linux)

- Linux initialization init systems - Systemd (Linux)

- How to install and configure the KVM and Open vSwitch on Linux distributions (Linux)

- Ubuntu installation module Python rq (Linux)

- RabbitMQ tutorial examples: the Hello RabbitMQ World Java realization (Linux)

- Linux, MySQL root privilege escalation another method (Linux)

- Can not remember how to solve the problem under Ubuntu brightness setting (Linux)

- Bootstrap 3.3.5 release download, Web front-end UI framework (Linux)

- Ubuntu 15.04 installation MATE 1.10 (Linux)

  Apache Web Security Linux systems
  Add Date : 2018-11-21      
  Linux is widely used and rapid development has benefited from the rapid development of the Internet. For Internet applications on a wide range of Web services, Linux is outstanding. Currently on the Internet is difficult to say how many sites using Linux systems, but many sites are using Apache server will undoubtedly occupy a significant market share.

How to provide protection for the site to prevent unauthorized users to sign it? Typically authentication methods can be used. Authentication is an effective means to prevent unauthorized users from using the resource, but also an effective way to manage registered users. Now many websites use resources to manage user authentication, access to the user will be strictly limited. Traditional authentication method is by checking the user's login name, password, and to decide whether to allow users to use the resources, but this authentication method in some cases not very effective action. Particularly in the Apache server Linux platform, you can use Linux methods to achieve password authentication and protection.

Linux, the most common method is to use .htaccess password-protected file, directory that is configured to implement password protection, which is also one of the functions of .htaccess files. This method allows unauthorized visitors can not enter restricted areas .htaccess file set. In general, the use of JavaScript technology to set password is too simple, it is easy to be cracked, resulting in insecurity. Directory using .htaccess file protection more effective and safer than the use of other programs (Java / HTML / ASP / CGI). More importantly, the use of .htaccess fashion set, no programming can be achieved, the specific operation is relatively easy.

Here's to introduce and demonstrate Linux + Apache under password protection method, the full realization of the site is protected.

What is the .htaccess file

.htaccess file is a settings file on the Apache server. It is a text file, you can use any text editor to write. .htaccess files provide a method to change the configuration for the directory, that is by placing files (.htaccess file) containing one or more instructions in a particular document directory, and to act in this directory and all subdirectories. Filename (eg index.html) .htaccess features include password settings page, set the file when an error occurs, change the home page is prohibited to read the file name, file redirects, MIME plus category, is prohibited under the directory file column Wait.

When you need to change the configuration for the directory server, and the server system does not have root privileges, you should use .htaccess files. If the server administrator frequently unwilling to modify the configuration, you can allow users to make changes to the configuration file .htaccess, especially ISP offers multiple user sites on a single machine, but the user may want to change their case configuration, generally open part .htaccess functionality for users to set their own.

Note, .htaccess is a complete file name, not a ***. Htaccess or another format (of course there are other administrators to set its name, but it is generally used in .htaccess). Also, upload .htaccess file, you must use ASCII mode and use the chmod command to change the permissions: 644 (RW_R__R__). Every place .htaccess directory and its subdirectories will be .htaccess affected. For example, in / abc / directory placed a .htaccess file, so all files / abc / and / abc / def / within it will be affected, but it is not /index.html impact, which is important of.

To implement password protection

1. Establish .htpasswd file

 First create a file in the directory you want to set access control (eg htdocs), the file name can set their own server are generally set to .htpasswd, the file can not be read by the HTTP. .htpasswd file Each line represents a user, the user name and encrypted password with a colon: separated.

2..htaccess file for protection

 .htaccess File contents are as follows:

authtype basic

authuserfile /usr/home/***/htdocs/.abcname1

authgroupfile /usr/home/***/htdocs/.abcname2

authname information

< Limit get post>

require valid-user

< / Limit>

Wherein the second and third rows can be changed in the *** individual FTP login. .abcname1 and .abcname2 can be any file name, such as .htpasswd, .htpass, but can not be .htaccess. Upload the .htaccess to password protect directories to be (eg htdocs) in.

.htaccess final document "require" to tell the server which users can enter. require valid-user means that as long as the .htpasswd any one can enter. You can also specify a list of someone or a few people can use or require user username require user username1 username2 username3. You can also specify a group of people can use require group groupname.

3. Add a new user license

 Into the htdocs directory, at the command line, enter the following command to generate .abcname1 file.

echo> .abcname1

/ Var / www / bin / htpasswd .abcname1 abc

abc pledged to increase the user name. After you enter this command, the system prompts the user password, the user name so that it goes into effect. After changing a user name to increase again as when the user runs the second command line. If the user name exists, you are prompted to change the password.

4. Set up a group to allow access

 Setting method is to create a group named .htgroup text file, as follows:

groupname1: username1 username2 username3

groupname2: username1 username3 username4

Plus "AuthGroupFile /absolute/path/.htgroup" in .htaccess. In ASCII mode upload all the files, all files in the directory will be protected.

Setting error file

If you do not want a "page not found" page when prompted to find the file, but open another HTML file, the method is very simple. First, write a new page, and open .htaccess with a text editor, add the final file: ErrorDocument 404 404.html. Here, 404.html error is the name of the file that the displayed page; 404 is the error code. General common cause of the error and error codes represent the following:

401 Authorization failed authorization fails, the password is wrong.

403 Access denied access error, can not read the file.

404 File not found File not found.

500 Internal Server Error

Internal server error, the Web server itself may be the problem, it may be a program written in error.

Prohibition to read the file

If something such as a password, stored in a file, then people need to know the corresponding location of the file, you can glance, this is too unsafe. In fact, you can not change other settings, do not move the file to other places can solve this problem, simply add the following lines to the .htaccess file:

< Files filename.ext>
order allow, deny
deny from all
< / Files>

If the system is installed Apache 1.3 or later, but also support regular expression of filesmatch.

< Filesmatch "\ .tmp">
order allow, deny
deny from all
< / Filesmatch>

files and filesmatch represent only apply to meet the requirements of some files. "Order deny, allow" represents first identify prohibited (deny), and then go to licensed (allow). If they are out of order "order allow, deny" it means first find out permission, forbidden to look after. "Deny from all" indicates that all IP addresses are not licensed. In contrast, "allow from all" represents all allowed. It can be set up:

order allow, deny
allow from all
deny from 111.222

deny from 111.222 to 111.222 refers banned all beginning IP address (eg In addition to setting the IP address, you can also set hostname (eg: *** com.). "Files" and "Filesmatch" uses a lot, not only can set deny, individual files can also set a password, such as:

< Files 123>
require user 123
< / Files>
< Files abc>
require user abc
< / Files>

Use .htaccess files are also some problems, such as performance. If you use .htaccess files, Apache will look in every directory in the file, you must find it in all higher-level directories, in addition, every time a page is requested, are also required to read the .htaccess file. Thus, permitting .htaccess files causes a performance decrease.

For example, / usr / hq / htdocs requested pages, Apache must look for the following files:


Overall, through .htaccess to protect the site more convenient and secure. Because it is not the use of procedures to implement password protection, it is possible to obtain the password by guessing method. Use .htaccess file to implement password protection is generally very difficult to break. In view of the advantages and disadvantages of .htaccess way, the reader can select the appropriate method to ensure the safety of the site depending on the situation.
- Verify the character set on MyCAT (Database)
- Enable Intel Rapid Start in GNU / Linux (Linux)
- MySQL to manage multiple instances of method (Database)
- Laravel 4 Expansion Pack (Server)
- RedHat Performance Tuning (Server)
- Use libpq under Ubuntu 14.04 (Linux)
- Python implementation restart the router (Programming)
- iptables using summary (Linux)
- CentOS 7.0 Close firewall is enabled by default iptables firewall (Linux)
- Linux file permissions chmod chown (Linux)
- IBM Data Studio to create objects using ---- double quotes / sensitive issues and the table / column renaming (Database)
- Ubuntu under Spark development environment to build (Server)
- Linux crontab command format example (Linux)
- Solve ORA-01012: not logged on (Database)
- SSH automatic disconnection problem solving (Linux)
- SSH keys using login and password to log prohibited practice (Linux)
- extundelete: the Linux-based open source data recovery tools (Linux)
- Detailed Linux network security policies and protection measures (Linux)
- Linux md5sum verify file integrity (Linux)
- C data types is how it is supported by most computer systems (Programming)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.