Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Linux, Apache Web site security settings     - How to build Mono 3.4.0 / 3.4.1 on Windows (Linux)

- Ubuntu 14.04 users how to install VLC 2.2.0 (Linux)

- Fedora 22 how to play rmvb mp4 mkv video files (Linux)

- Ubuntu under VirtualBox virtual machine serial port settings (Linux)

- ASM required disk format process in Solaris platforms (Linux)

- Linux common network tools: hping Advanced Host Scan (Linux)

- Oracle Data Pump Example (Database)

- Five useful commands to manage file types and system time in linux (Linux)

- Docker study notes (Server)

- Dell R710 server disk recovery database one case (record) (Server)

- Dom4j change XML coding (Programming)

- When a software RAID data recovery and reconstruction of how failure (Linux)

- Linux basic introductory tutorial ---- regex basis (Linux)

- Java implementation heap sort (large root heap) (Programming)

- CentOS 6.4 under PXE + Kickstart unattended operating system installation (Programming)

- Linux formatted partition error Could not stat / dev / sda No such file or directory Solution (Linux)

- [JavaScript] catch (ex) statements of ex (Programming)

- Log4cplus logging facility configuration, installation, testing (Linux)

- Pydev installed and configured on the Eclipse (Linux)

- Learning Linux coding style (Programming)

 
         
  Linux, Apache Web site security settings
     
  Add Date : 2017-01-08      
         
         
         
  How to provide protection for the site to prevent unauthorized users to sign it? Typically authentication methods can be used. Authentication is an effective means to prevent unauthorized users from using the resource, but also an effective way to manage registered users. Now many websites use resources to manage user authentication, access to the user will be strictly limited. Traditional authentication method is by checking the user's login name, password, and to decide whether to allow users to use the resources, but this authentication method in some cases not very effective action. Particularly in the Apache server Linux platform, you can use Linux methods to achieve password authentication and protection.
Linux is widely used and rapid development has benefited from the rapid development of the Internet. For Internet applications on a wide range of Web services, Linux is outstanding. Currently on the Internet is difficult to say how many sites using Linux systems, but many sites are using Apache server will undoubtedly occupy a significant market share.
How to provide protection for the site to prevent unauthorized users to sign it? Typically authentication methods can be used. Authentication is an effective means to prevent unauthorized users from using the resource, but also an effective way to manage registered users. Now many websites use resources to manage user authentication, access to the user will be strictly limited. Traditional authentication method is by checking the user's login name, password, and to decide whether to allow users to use the resources, but this authentication method in some cases not very effective action. Particularly in the Apache server Linux platform, you can use Linux methods to achieve password authentication and protection.
Linux, the most common method is to use .htaccess password-protected file, directory that is configured to implement password protection, which is also one of the functions of .htaccess files. This method allows unauthorized visitors can not enter restricted areas .htaccess file set. In general, the use of javascript technology to set password is too simple, it is easy to be cracked, resulting in insecurity. Directory using .htaccess file protection more effective and safer than the use of other programs (Java / HTML / ASP / CGI). More importantly, the use of .htaccess fashion set, no programming can be achieved, the specific operation is relatively easy.
Here's to introduce and demonstrate Linux + Apache under password protection method, the full realization of the site is protected.
What is the .htaccess file
.htaccess file is a settings file on the Apache server. It is a text file, you can use any text editor to write. .htaccess files provide a method to change the configuration for the directory, that is by placing files (.htaccess file) containing one or more instructions in a particular document directory, and to act in this directory and all subdirectories. Filename (eg index.html) .htaccess features include password settings page, set the file when an error occurs, change the home page is prohibited to read the file name, file redirects, MIME plus category, is prohibited under the directory file column Wait.
When you need to change the configuration for the directory server, and the server system does not have root privileges, you should use .htaccess files. If the server administrator frequently unwilling to modify the configuration, you can allow users to make changes to the configuration file .htaccess, especially ISP offers multiple user sites on a single machine, but the user may want to change their case configuration, generally open part .htaccess functionality for users to set their own.
Note, .htaccess is a complete file name, not a ***. Htaccess or another format (of course there are other administrators to set its name, but it is generally used in .htaccess). Also, upload .htaccess file, you must use ASC II mode and use the chmod command to change the permissions: 644 (RW_R__R__). Every place .htaccess directory and its subdirectories will be .htaccess affected. For example, in / abc / directory placed a .htaccess file, so all files / abc / and / abc / def / within it will be affected, but it is not /index.html impact, which is important of.
To implement password protection
1. Establish .htpasswd file
First create a file in the directory you want to set access control (eg htdocs), the file name can set their own server are generally set to .htpasswd, the file can not be read by the HTTP. .htpasswd file Each line represents a user, the user name and encrypted password with a colon: separated.
2..htaccess file for protection
.htaccess File contents are as follows: authtype basic
authuserfile /usr/home/***/htdocs/.abcname1
authgroupfile /usr/home/***/htdocs/.abcname2
authname information
require valid-user
Wherein the second and third rows can be changed in the *** individual FTP login. .abcname1 and .abcname2 can be any file name, such as .htpasswd, .htpass, but can not be .htaccess. Upload the .htaccess to password protect directories to be (eg htdocs) in.
.htaccess final document "require" to tell the server which users can enter. require valid-user means that as long as the .htpasswd any one can enter. You can also specify a list of someone or a few people can use or require user username require user username1 username2 username3. You can also specify a group of people can use require group groupname.
3. Add a new user license
Into the htdocs directory, at the command line, enter the following command to generate .abcname1 file. echo> .abcname1
/ Var / www / bin / htpasswd .abcname1 abc
abc pledged to increase the user name. After you enter this command, the system prompts the user password, the user name so that it goes into effect. After changing a user name to increase again as when the user runs the second command line. If the user name exists, you are prompted to change the password.
4. Set up a group to allow access
Setting method is to create a group named .htgroup text file, as follows: groupname1: username1 username2 username3
groupname2: username1 username3 username4
Plus "AuthGroupFile /absolute/path/.htgroup" in .htaccess. In ASCII mode upload all the files, all files in the directory will be protected.
Setting error file
If you do not want a "page not found" page when prompted to find the file, but open another HTML file, the method is very simple. First, write a new page, and open .htaccess with a text editor, add the final document: Errordocument.nbsp404 404.html. Here, 404.html error is the name of the file that the displayed page; 404 is the error code. General common cause of the error and error codes represent the following: 401 Authorization failed authorization fails, the password is wrong.
403 Access denied access error, can not read the file.
404 File not found File not found.
500 Internal Server Error
Internal server error, the Web server itself may be the problem, it may be a program written in error.
Prohibition to read the file
If something such as a password, stored in a file, then people need to know the corresponding location of the file, you can glance, this is too unsafe. In fact, can not change other settings, you do not move files to other places can solve this problem, simply add the following lines to the .htaccess file:
order allow, deny
deny from all
If the system is installed Apache 1.3 or later, but also support regular expression of filesmatch.
order allow, deny
deny from all
files and filesmatch represent only apply to meet the requirements of some files. "Order deny, allow" represents first identify prohibited (deny), and then go to licensed (allow). If they reverse the order of "order allow, deny" it means first find out permission, forbidden to look after. "Deny from all" indicates that all IP addresses are not licensed. In contrast, "allow from all" represents all allowed. It can be set up: order allow, deny
allow from all
deny from 111.222
deny from 111.222 to 111.222 refers banned all beginning IP address (eg 111.222.0.1). In addition to setting the IP address, you can also set hostname (eg: *** com.). "Files" and "Filesmatch" uses a lot, not only can set deny, individual files can also set a password, such as:
require user 123
require user abc
Use .htaccess files are also some problems, such as performance. If you use .htaccess files, Apache will look in every directory in the file, you must find it in all higher-level directories, in addition, every time a page is requested, are also required to read the .htaccess file. Thus, permitting .htaccess files causes a performance decrease.
For example, / request usr / hq / htdocs of pages, Apache must look for the following files: /.htaccess
/usr/.htaccess
/usr/hq/.htaccess
/usr/hq/htdocs/.htaccess
Overall, through .htaccess to protect the site more convenient and secure. Because it is not the use of procedures to implement password protection, it is possible to obtain the password by guessing method. Use .htaccess file to implement password protection is generally very difficult to break. In view of the advantages and disadvantages of .htaccess way, the reader can select the appropriate method to ensure the safety of the site depending on the situation.
     
         
         
         
  More:      
 
- Java coding conventions (Programming)
- CentOS modify yum update source (Linux)
- How to write a new Git protocol (Linux)
- Impact test noatime Linux file access time (Linux)
- Ubuntu terminal command - see the port occupied and off (Linux)
- Ubuntu development Nodejs (Linux)
- Git 2.5 increase in the working tree, triangle improved workflow performance (Linux)
- Linux garbled file delete method (Linux)
- ORA-04091 and Compound Trigger (Oracle 11g) (Database)
- How to Install lightweight Budgie desktop on Ubuntu 14.04 (v8) (Linux)
- Python implementation Bursa transition model (Programming)
- TWiki LDAP error appears the problem is solved (Linux)
- Linux with Windows Explorer as a security system (Linux)
- Linux firewall settings instance (Linux)
- Linux beginners should know 12 commands (Linux)
- Linux, Google Test (GTest) test environment to build step (Linux)
- Terminal Linux command prints - echo (Linux)
- Linux System Getting Started Learning: Linux in the last command (Linux)
- Linux Fundamentals of the memory management mechanism (Linux)
- Preview function to confirm the stop resource Oracle 12c new feature crsctl (Database)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.