|
||
|
|
|
Setup for Apache Web Server
Introduction
- Modifying Apache httpd.conf file.
- Creating a password file
- Creating a group file
- Creating .htaccess
The Apache Web Server provides password protection of directories in the DocumentRoot (e.g. httdocs). It is recommended that password protect be applied to the q-Status/Admin/ directory as administation functions allow creation of baseline data, golden parmeters, group server classsifications and updates for serial numbers.
Establishing authentication protection for a directory requires:
The following describes a "Basic" method to set up such an authentication.
Modifying the Apache Server Configuration File
Edit the /etc/apache/httpd.conf configuration file. Scan the file for the string pattern ".htaccess". This will locate a description of .htaccess control options. Below the description is a parameter "AllowOverride". The value of this parameter should be set to "All":
httpd.conf
From
# This controls which options the .htaccess files in # directories can override. It can also be "All", or any # combination of "Options", "FileInfo", # "AuthConfig", and "Limit" # AllowOverride NoneTo
# This controls which options the .htaccess files in # directories can override. It can also be "All", or any # combination of "Options", "FileInfo", # "AuthConfig", and "Limit" # AllowOverride AllNote: The "AllowOverride" parameter also appears in a couple of other places in the "httpd.conf" file but is surrounded by the constructs
<Directory> ---- </Directory>Edit "AllowOverride" which is not surrounded by such a constructs as this is the global parameter.
Restart the Apache Web Server
Using the apachectl command to restart the Apache web server for the changes to take place.
Creating an Authorization Directory
To establish a password authentication directory, three files must be create:
- password file
- group file
- .htaccess file.
The names of the group file and the password file are user defined in the .htaccess file, but the .htaccess must always be called .htaccess. This file is placed in the directory that will be password protected. The location of the password and group files should be above the hierarchy of the htdocs directory for security reasons. A suggestion is to create a new directory called "auth" (for authentication) under /etc/apache directory where the password and group files will be located.
Creating the Password and Group File
Creating a new password file using the /usr/apache/bin/htpasswd command in the new auth directory.
For example, we will assign a general user called "admin" with the password "admin1". We will also define the names of the password and group files to be restricted.pwd and restricted.grp.
The new restricted.pwd file should look like this:
The structure of the group file consists of a group name followed by an assigned user name separated by a colon (:). As an example we will define a group called system. In the auth/ directory we create a file restricted.grp that looks like this:
Creating the .htaccess file
The .htaccess defines the location of the password and group file and must be located in the directory that is to be authenticated. The following authentication parameters are defined in the .htaccess file:
|
Parameter |
Description |
AuthType |
should be "Basic" |
AuthName |
defines a string that is displayed in the login screen |
AuthUserFile |
defines the location of the password file |
AuthGroupFile |
defines the location of group file |
require |
should be "valid-usr" or "valid-group" |
In the example, the .htaccess file should look like this:
After this file is created, test the restricted directory by calling it from your web browser. For our example, you will see the following prompt screen.
Note: A text string "My Company[for login info contact webmaster@myweb]" in the login was defined by the AuthName parameter from the .htaccess file.
The required parameter can ask for group instead of user. But the .htaccess file must define the location of both the authentication password and group file.