Solved

How do you secure a web directory

Posted on 1998-11-09
6
285 Views
Last Modified: 2010-03-18
I want to secure a given folder and all its contents under a vroot.  How do I do this in the most efficient and easiest manner?  I've read the apache guide but its still unclear to this linux newbie.

thanks!
0
Comment
Question by:daveko
  • 4
6 Comments
 
LVL 5

Expert Comment

by:tfabian
Comment Utility
you need a .htaccess file with appropriate rules to block those who you don't want from coming into the directory..


eg.

Denying User Access

Add the following to the .htaccess file:

<Limit GET>
order allow,deny
deny from 128.23.45.
deny from 207.158.255.213
allow from all
</Limit>

This is an example of a .htaccess file that will block access to your site to anyone who is coming from any IP address beginning with 128.23.45 and from the specific IP address 207.158.255.213 . By specifying only part of an IP address, and ending the partial IP address with a period, all sub-addresses coming from the specified IP address block will be blocked. You must use the IP addresses to block access, use of domain names is not supported.
 



you could flip the allow and deny commands to narrow who you're letting in..
0
 
LVL 1

Author Comment

by:daveko
Comment Utility
great.  i already understood that part of it.  how do I get a certain group of users to only have access to that folder rather than by ip?  that's where I'm cloudy.
0
 
LVL 1

Accepted Solution

by:
fmismetti earned 50 total points
Comment Utility
You will need a .htaccess like:

AuthName "Name of the Resource"
AuthType Basic
AuthUserFile   /usr/local/etc/httpd/users
require user username1 username2 username3

Also, you will need to use the htpasswd program to create the file /usr/local/etc/httpd/users. Also, configuration file access.conf needs to have the directive "AllowOverride AuthConfig".

If you need more information, look in:

http://www.apacheweek.com/features/userauth

There you have more details about what I wrote above and other, like using groups and so.

Also, I had some problems using authentication in Apache 1.2, in special using groups under Slackware. If possible, try to use the latest Apache version, 1.3.

Hope it helps.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 1

Author Comment

by:daveko
Comment Utility
in my access.conf file, I've added the following:

<Directory /home/httpd/html/test>
AllowOverride AuthConfig
</Directory>

then in my .htaccess file in that directory, I have

AuthName ByPassword
AuthType Basic
AuthUserFile /home/httpd/.htusers
AuthGroupFile /dev/null

require user test1

still doesn't work.  what am I doing wrong?  I've tried "require valid-user" and it still won't challenge me.
0
 
LVL 1

Author Comment

by:daveko
Comment Utility
in my access.conf file, I've added the following:

<Directory /home/httpd/html/test>
AllowOverride AuthConfig
</Directory>

then in my .htaccess file in that directory, I have

AuthName ByPassword
AuthType Basic
AuthUserFile /home/httpd/.htusers
AuthGroupFile /dev/null

require user test1

still doesn't work.  what am I doing wrong?  I've tried "require valid-user" and it still won't challenge me.
0
 
LVL 1

Author Comment

by:daveko
Comment Utility
It actually did work!  my remote shutdown command was hung and so the server was in a bizaare state.  I've rebooted it on location and its working beautifully!  Thanks a lot!!
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now