Hardware Reference
In-Depth Information
You now have access to two virtual sites that can be prepared accordingly, with modules and software that
you'll discover later. But even with this basic level of configuration, you can explicitly deny users from known bad
IP addresses by adding whitespace-separated dotted quads on the deny line, instead of the phrase none . Or, more
preferably, you allow only from those addresses you know to be safe, such as work, school, or family homes using
the same format. The latter is more complex because home users are often assigned a dynamic IP address by their
ISP, especially those relatives with dial-up connections. Consequently, you generally need to protect the site using a
separate username and password.
Secure Server
With the Web being a naturally open protocol and the home machine being a traditional secure environment,
providing a way for secure access to your home and its data is a must. You can provide this with basic authorization
that places specific files called .htaccess in each directory. These are read by the web server to govern access that
does the following:
u
Makes it easy to add and change user access rights
u
Can be changed on a per-directory basis, without needing to be root
u
Requires no rebooting between changes
One downside of this method, over changing the configuration files directly, is that these files are read on every
access, making the service slower. In the case of a private web server, this is unlikely to be noticeable, however. More
important, the username and password are sent across the wire in plain text when connecting, despite being present
in an encrypted form on disk. Furthermore, they are stored (and are accessible) as plain text from any script running
from inside this area. Consequently, it is recommended only for web servers that are inaccessible from outside your
home network.
To enable basic authentication, you need two things: a password file and an access file. The password file is
traditionally called .htpasswd and exists on the filesystem in a location that is accessible to Apache (that is, the
www-data user) but not the files that Apache serves (not those underneath /var/www ). You create the file and your first
user like this:
htpasswd -c /etc/apache2/.htpasswd steev
You are then prompted for a password that is encrypted and added to the file. This password is for accessing the
web site only. It need not match the password for the user, if they share a name, and in fact you can allow users to
access the web site who don't have a Linux account at all.
You must then indicate which directories are to be protected by including an .htaccess file, as shown here,
inside them:
AuthType Basic
AuthUserFile "/etc/apache2/.htpasswd"
AuthName "Enter your username and password."
require valid-user
You would generally protect the entire directory in this way, with any per-user control happening through code
such as this:
if ($_SERVER['PHP_AUTH_USER'] == "steev") {
// allow this
}
Search WWH ::




Custom Search