• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 343
  • Last Modified:

How do you secure a web directory

I want to secure a given folder and all its contents under a vroot.  How do I do this in the most efficient and easiest manner?  I've read the apache guide but its still unclear to this linux newbie.

thanks!
0
daveko
Asked:
daveko
  • 4
1 Solution
 
tfabianCommented:
you need a .htaccess file with appropriate rules to block those who you don't want from coming into the directory..


eg.

Denying User Access

Add the following to the .htaccess file:

<Limit GET>
order allow,deny
deny from 128.23.45.
deny from 207.158.255.213
allow from all
</Limit>

This is an example of a .htaccess file that will block access to your site to anyone who is coming from any IP address beginning with 128.23.45 and from the specific IP address 207.158.255.213 . By specifying only part of an IP address, and ending the partial IP address with a period, all sub-addresses coming from the specified IP address block will be blocked. You must use the IP addresses to block access, use of domain names is not supported.
 



you could flip the allow and deny commands to narrow who you're letting in..
0
 
davekoAuthor Commented:
great.  i already understood that part of it.  how do I get a certain group of users to only have access to that folder rather than by ip?  that's where I'm cloudy.
0
 
fmismettiCommented:
You will need a .htaccess like:

AuthName "Name of the Resource"
AuthType Basic
AuthUserFile   /usr/local/etc/httpd/users
require user username1 username2 username3

Also, you will need to use the htpasswd program to create the file /usr/local/etc/httpd/users. Also, configuration file access.conf needs to have the directive "AllowOverride AuthConfig".

If you need more information, look in:

http://www.apacheweek.com/features/userauth

There you have more details about what I wrote above and other, like using groups and so.

Also, I had some problems using authentication in Apache 1.2, in special using groups under Slackware. If possible, try to use the latest Apache version, 1.3.

Hope it helps.
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
davekoAuthor Commented:
in my access.conf file, I've added the following:

<Directory /home/httpd/html/test>
AllowOverride AuthConfig
</Directory>

then in my .htaccess file in that directory, I have

AuthName ByPassword
AuthType Basic
AuthUserFile /home/httpd/.htusers
AuthGroupFile /dev/null

require user test1

still doesn't work.  what am I doing wrong?  I've tried "require valid-user" and it still won't challenge me.
0
 
davekoAuthor Commented:
in my access.conf file, I've added the following:

<Directory /home/httpd/html/test>
AllowOverride AuthConfig
</Directory>

then in my .htaccess file in that directory, I have

AuthName ByPassword
AuthType Basic
AuthUserFile /home/httpd/.htusers
AuthGroupFile /dev/null

require user test1

still doesn't work.  what am I doing wrong?  I've tried "require valid-user" and it still won't challenge me.
0
 
davekoAuthor Commented:
It actually did work!  my remote shutdown command was hung and so the server was in a bizaare state.  I've rebooted it on location and its working beautifully!  Thanks a lot!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now