How do you secure a web directory

I want to secure a given folder and all its contents under a vroot.  How do I do this in the most efficient and easiest manner?  I've read the apache guide but its still unclear to this linux newbie.

thanks!
LVL 1
davekoAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
fmismettiConnect With a Mentor Commented:
You will need a .htaccess like:

AuthName "Name of the Resource"
AuthType Basic
AuthUserFile   /usr/local/etc/httpd/users
require user username1 username2 username3

Also, you will need to use the htpasswd program to create the file /usr/local/etc/httpd/users. Also, configuration file access.conf needs to have the directive "AllowOverride AuthConfig".

If you need more information, look in:

http://www.apacheweek.com/features/userauth

There you have more details about what I wrote above and other, like using groups and so.

Also, I had some problems using authentication in Apache 1.2, in special using groups under Slackware. If possible, try to use the latest Apache version, 1.3.

Hope it helps.
0
 
tfabianCommented:
you need a .htaccess file with appropriate rules to block those who you don't want from coming into the directory..


eg.

Denying User Access

Add the following to the .htaccess file:

<Limit GET>
order allow,deny
deny from 128.23.45.
deny from 207.158.255.213
allow from all
</Limit>

This is an example of a .htaccess file that will block access to your site to anyone who is coming from any IP address beginning with 128.23.45 and from the specific IP address 207.158.255.213 . By specifying only part of an IP address, and ending the partial IP address with a period, all sub-addresses coming from the specified IP address block will be blocked. You must use the IP addresses to block access, use of domain names is not supported.
 



you could flip the allow and deny commands to narrow who you're letting in..
0
 
davekoAuthor Commented:
great.  i already understood that part of it.  how do I get a certain group of users to only have access to that folder rather than by ip?  that's where I'm cloudy.
0
Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

 
davekoAuthor Commented:
in my access.conf file, I've added the following:

<Directory /home/httpd/html/test>
AllowOverride AuthConfig
</Directory>

then in my .htaccess file in that directory, I have

AuthName ByPassword
AuthType Basic
AuthUserFile /home/httpd/.htusers
AuthGroupFile /dev/null

require user test1

still doesn't work.  what am I doing wrong?  I've tried "require valid-user" and it still won't challenge me.
0
 
davekoAuthor Commented:
in my access.conf file, I've added the following:

<Directory /home/httpd/html/test>
AllowOverride AuthConfig
</Directory>

then in my .htaccess file in that directory, I have

AuthName ByPassword
AuthType Basic
AuthUserFile /home/httpd/.htusers
AuthGroupFile /dev/null

require user test1

still doesn't work.  what am I doing wrong?  I've tried "require valid-user" and it still won't challenge me.
0
 
davekoAuthor Commented:
It actually did work!  my remote shutdown command was hung and so the server was in a bizaare state.  I've rebooted it on location and its working beautifully!  Thanks a lot!!
0
All Courses

From novice to tech pro — start learning today.