Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How do you secure a web directory

Posted on 1998-11-09
6
Medium Priority
?
341 Views
Last Modified: 2010-03-18
I want to secure a given folder and all its contents under a vroot.  How do I do this in the most efficient and easiest manner?  I've read the apache guide but its still unclear to this linux newbie.

thanks!
0
Comment
Question by:daveko
  • 4
6 Comments
 
LVL 5

Expert Comment

by:tfabian
ID: 1587629
you need a .htaccess file with appropriate rules to block those who you don't want from coming into the directory..


eg.

Denying User Access

Add the following to the .htaccess file:

<Limit GET>
order allow,deny
deny from 128.23.45.
deny from 207.158.255.213
allow from all
</Limit>

This is an example of a .htaccess file that will block access to your site to anyone who is coming from any IP address beginning with 128.23.45 and from the specific IP address 207.158.255.213 . By specifying only part of an IP address, and ending the partial IP address with a period, all sub-addresses coming from the specified IP address block will be blocked. You must use the IP addresses to block access, use of domain names is not supported.
 



you could flip the allow and deny commands to narrow who you're letting in..
0
 
LVL 1

Author Comment

by:daveko
ID: 1587630
great.  i already understood that part of it.  how do I get a certain group of users to only have access to that folder rather than by ip?  that's where I'm cloudy.
0
 
LVL 1

Accepted Solution

by:
fmismetti earned 200 total points
ID: 1587631
You will need a .htaccess like:

AuthName "Name of the Resource"
AuthType Basic
AuthUserFile   /usr/local/etc/httpd/users
require user username1 username2 username3

Also, you will need to use the htpasswd program to create the file /usr/local/etc/httpd/users. Also, configuration file access.conf needs to have the directive "AllowOverride AuthConfig".

If you need more information, look in:

http://www.apacheweek.com/features/userauth

There you have more details about what I wrote above and other, like using groups and so.

Also, I had some problems using authentication in Apache 1.2, in special using groups under Slackware. If possible, try to use the latest Apache version, 1.3.

Hope it helps.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 1

Author Comment

by:daveko
ID: 1587632
in my access.conf file, I've added the following:

<Directory /home/httpd/html/test>
AllowOverride AuthConfig
</Directory>

then in my .htaccess file in that directory, I have

AuthName ByPassword
AuthType Basic
AuthUserFile /home/httpd/.htusers
AuthGroupFile /dev/null

require user test1

still doesn't work.  what am I doing wrong?  I've tried "require valid-user" and it still won't challenge me.
0
 
LVL 1

Author Comment

by:daveko
ID: 1587633
in my access.conf file, I've added the following:

<Directory /home/httpd/html/test>
AllowOverride AuthConfig
</Directory>

then in my .htaccess file in that directory, I have

AuthName ByPassword
AuthType Basic
AuthUserFile /home/httpd/.htusers
AuthGroupFile /dev/null

require user test1

still doesn't work.  what am I doing wrong?  I've tried "require valid-user" and it still won't challenge me.
0
 
LVL 1

Author Comment

by:daveko
ID: 1587634
It actually did work!  my remote shutdown command was hung and so the server was in a bizaare state.  I've rebooted it on location and its working beautifully!  Thanks a lot!!
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question