Solved

How do you secure a web directory

Posted on 1998-11-09
6
320 Views
Last Modified: 2010-03-18
I want to secure a given folder and all its contents under a vroot.  How do I do this in the most efficient and easiest manner?  I've read the apache guide but its still unclear to this linux newbie.

thanks!
0
Comment
Question by:daveko
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 
LVL 5

Expert Comment

by:tfabian
ID: 1587629
you need a .htaccess file with appropriate rules to block those who you don't want from coming into the directory..


eg.

Denying User Access

Add the following to the .htaccess file:

<Limit GET>
order allow,deny
deny from 128.23.45.
deny from 207.158.255.213
allow from all
</Limit>

This is an example of a .htaccess file that will block access to your site to anyone who is coming from any IP address beginning with 128.23.45 and from the specific IP address 207.158.255.213 . By specifying only part of an IP address, and ending the partial IP address with a period, all sub-addresses coming from the specified IP address block will be blocked. You must use the IP addresses to block access, use of domain names is not supported.
 



you could flip the allow and deny commands to narrow who you're letting in..
0
 
LVL 1

Author Comment

by:daveko
ID: 1587630
great.  i already understood that part of it.  how do I get a certain group of users to only have access to that folder rather than by ip?  that's where I'm cloudy.
0
 
LVL 1

Accepted Solution

by:
fmismetti earned 50 total points
ID: 1587631
You will need a .htaccess like:

AuthName "Name of the Resource"
AuthType Basic
AuthUserFile   /usr/local/etc/httpd/users
require user username1 username2 username3

Also, you will need to use the htpasswd program to create the file /usr/local/etc/httpd/users. Also, configuration file access.conf needs to have the directive "AllowOverride AuthConfig".

If you need more information, look in:

http://www.apacheweek.com/features/userauth

There you have more details about what I wrote above and other, like using groups and so.

Also, I had some problems using authentication in Apache 1.2, in special using groups under Slackware. If possible, try to use the latest Apache version, 1.3.

Hope it helps.
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 
LVL 1

Author Comment

by:daveko
ID: 1587632
in my access.conf file, I've added the following:

<Directory /home/httpd/html/test>
AllowOverride AuthConfig
</Directory>

then in my .htaccess file in that directory, I have

AuthName ByPassword
AuthType Basic
AuthUserFile /home/httpd/.htusers
AuthGroupFile /dev/null

require user test1

still doesn't work.  what am I doing wrong?  I've tried "require valid-user" and it still won't challenge me.
0
 
LVL 1

Author Comment

by:daveko
ID: 1587633
in my access.conf file, I've added the following:

<Directory /home/httpd/html/test>
AllowOverride AuthConfig
</Directory>

then in my .htaccess file in that directory, I have

AuthName ByPassword
AuthType Basic
AuthUserFile /home/httpd/.htusers
AuthGroupFile /dev/null

require user test1

still doesn't work.  what am I doing wrong?  I've tried "require valid-user" and it still won't challenge me.
0
 
LVL 1

Author Comment

by:daveko
ID: 1587634
It actually did work!  my remote shutdown command was hung and so the server was in a bizaare state.  I've rebooted it on location and its working beautifully!  Thanks a lot!!
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question