Apache是目前流行的Web服务器,可运行在linux、Unix、Windows等操作系统下,它可以很好地解决“用户名+密码”的认证问题。Apache用户认证所需要的用户名和密码有两种不同的存贮方式:一种是文本文件;另一种是MSQL、 Oracle、MySQL等数据库。下面以Linux的Apache为例,就这两种存贮方式,同时能对Windows的 Apache用户认证作简要的说明。下面我们来介绍下通过文本认证而实现的方式。
建立用户的认证授权需要三个步骤:
1、建立用户库
2、配置服务器的保护域
3、告诉服务器哪些用户拥有资源的访问权限
废话不多少举例最清楚拉!~假如某一目录下的文件如/home/ftp/pub需要做到用户认证
创建认证用户
<ccid_code>@htpasswd –c /*/.password xuanfei</ccid_code> |
创建认证组
<ccid_code>@vi /*/.groupxuanfei-group:xuanfei xuanfei1</ccid_code> |
基本的Apache用户认证方法:
在httpd.conf中加入下面的行
<ccid_code>options indexes followsymlinksallowoverride authconfigorder allow,denyallow from all</ccid_code> |
或者加到 /etc/httpd/conf.d/ 新建个文件名为.conf结尾的配置文件
<ccid_code>〈Directory /home/ftp/pub>Options IndexesAllowOverride AuthConfigorder allow,denyallow from all〈/Directory></ccid_code> |
用在目录/home/ftp/pub下放文件.htaccess,内容如下:
<ccid_code>authname "shared files"authtype basicauthuserfile /*/.passwordrequire valid-user#require group xuanfei-group //接收组所以用户#requirre user xuanfei //接收xuanfei单个用户</ccid_code> |
用随Apache来的程序htpasswd 生成文件/etc/.passwd,每行一个用户名:密码
只要能提供正确的用户名和密码对,就允许登录访问,这是针对任何地址来的
请求都要求提供用户名和密码认证。
针对部分网段或地址要求认证。
若公司LAN所在网段为10.45.63.0/24,且有一防火墙专线接入Internet,
内部网卡的地址为10.45.63.1/32,则现在希望所有通过拨本地633通过
防火墙上的apache反向代理向LAN上的另一WWW服务器访问时需要认证,而本地
LAN上的用户不需认证。可以在httpd.conf中放入:
<ccid_code>〈Directory /home/ftp/pub>Options Indexes FollowSymLinksAllowOverride AuthConfigorder deny,allowdeny from 10.45.63.1〈/Directory></ccid_code> |
且在/home/ftp/pub/.htaccess中放入:
<ccid_code>AuthName "shared files"AuthType BasicAuthUserFile /etc/.passwdrequire valid-usersatisfy any</ccid_code> |
对同一目录及其下的子目录有不同的权限,仅某些人可以存取一目录下的子目录。
如有一目录/home/ftp/pub/host,有三个用户user1,user2,user3都需要用户名
和密码进入/home/ftp/pub,但仅user1,user2能进入/home/ftp/pub/host.则
放下面的行到httpd.conf
<ccid_code>〈Directory /home/ftp/pub>Options IndexesAllowOverride AuthConfigorder allow,denyallow from all〈/Directory>〈Directory /home/ftp/pub/host>Options IndexesAllowOverride AuthConfigorder allow,denyallow from all〈/Directory></ccid_code> |
且看/home/ftp/pub/.htaccess为:
AuthName "shared files"
AuthType Basic
AuthUserFile /etc/.passwd
require valid-user
且看/home/ftp/pub/host/.htaccess
AuthName "shared files"
AuthType Basic
AuthUserFile /etc/.passwd
AuthGroupFile /etc/.hostgroup
require group manager
且文件/etc/.passwd内容为:
user1:passwd1
user2:passwd2
user3:passwd3
且文件/etc/.hostgroup内容为:
manager: user1 user2
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
Atom editor mac version download
The most popular open source editor
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
