Questions in apache 2.0 confiuration

Hi there,, i installed Apache 2.0 (enabled SSL) and i did two virtual hosts with different names,

by editing httpd.conf file

1. I want to configure my web server so that each virtual host records its access log to a separate file. and each log entry must contain the Common Log Format and the User-Agent and Referer fields. Additionally, the log should only record the IP address of the web client, not the hostname?

i want to configure my web server for the following security measures:

2. how to to create an admin group for authentication i.e the admin directory of the my server name is protected with basic authentication and only members of this group may be permitted to access the admin.

3. In private directory in my server name, i want to be accessible only through the secure server (HTTP over SSL). and also how to hosts only on a local computer network.

4. how to create another group (called logger) for authentication and configure my web server such that the logs directory of the my virtual host is accessible only for members of logger and admin group (using basic authentication) or for anyone who access from within the local computer network.

5. In the admin directory of the my virtual host, how can be protected except that it is protected with digest instead of basic authentication.

kindly i need answers to those questions in nice steps (please i don't want any links for explanation)
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hatim1985Author Commented:
please ,,, is the question clear or not? please urgent help....

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Steve BinkCommented:
I understand you just want a simple hold-my-hand set of instructions, but I believe in helping people to help themselves.  To do that, you will need to read and learn.  That is also pronounced RTFM.

1) Apache Log Files:  Specifically, access log:

2) Authentication and Authorization:

3) You can enforce SSL with mod_rewrite (rewrite all your http host's traffic to your https host), but you need to examine using SSL anywhere authentication is being done.  Realistically, there's no reason to not make your site entirely SSL.  Without it, your authentication will be done in plain-text over the wire.  Apache will only pick up on IPs you tell it to use, so if you do not want connections from outside your local LAN, do not configure a vhost capable of fielding requests from your public IPs.  For forcing SSL, see, specifically the HTTPS condition.

4) This is not something you do through the web service.  Your web server logs should not be accessible online, so using HTTP authentication is not a question.  If you want to secure your logs, make sure a) they are not within your server's document root, and b) only authorized users have access to the directory in which they are stored.

5) See the link for (2).

Hatim1985Author Commented:

Thanks routinet,,
im a bit confused in the Authentication and Authorization
here is the admin directory code as u can see bellow, i set user name and password for the admin  
and i just need to set members of admin to be permitted to access the admin directory.
could u plz see my code here

<Directory "~/www/admin">
     AuthType Basic
     AuthName "admin"
     AuthUserFile ~/apache/passwd
   #AuthGroupFile ~/apache/?
     Require group admin
     ErrorDocument 401 unauthorized.html

could someone plz help me in the comment line  
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

Steve BinkCommented:
The group file is a simple text file.  You can find an example of the format here:

For example, if I want my group "bestestbuds" to contain the users friend1, friend2, and friend3, then my group file would contain:

bestestbuds: friend1 friend2 friend3

This is a supplement to the AuthUserFile, and merely serves to group those users.

Otherwise, it looks like you everything else in place, assuming your passwd file is what you want it to be.  Remember that you can manage it easily with the htpasswd command-line utility.
Hatim1985Author Commented:

u mean that create a file in apache directory and put this line
bestestbuds: friend1 friend2 friend3 as an example?
Steve BinkCommented:
Correct.  You can put it any directory, preferably outside of your document root.  The same directory as the passwd file is fine.
Hatim1985Author Commented:

thank you routinet
i also need to know how to let the private directory of my virtual host to be accessible only through the secure server (HTTP over SSL) and only to hosts on the local network?

here is my code inside my virtual host in ssl.conf

<Directory  ~/www/admin/private >
   Order Deny,Allow
   Deny from all
   Allow from local network
   Satisfy any
   ErrorDocument 403  /error.html

when i access from the local network to the private directory it gave me the error.html page!!
it should display the page inside the private directory  
can someone help me in this stage
Steve BinkCommented:
That depends on how the public gets to your server.

If the server responds directly to the public IP (i.e., it is not behind a NAT), you should just be able to put the subnet mask for the private IP in your Allow directive.  For example, if your private addressing is on 192.168.*, you use this:

Order Deny,Allow
Deny from all
Allow from

If the public traffic is NAT'd to the server's private IP, you should allow specific IPs on your private network, since your router's private face will also show a private IP.  With "Order Deny,Allow", the trick will be to have your allowed systems match the Allow directive without your router/firewall matching it too.

Also, remember that "Satisfy Any" means traffic that matches the Allow *or* the Require directives will be allowed through.  
Hatim1985Author Commented:
was great
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.