Weblog entry #10 for blackm
See all weblog entries made by blackm.
#10
add security to http auth using mod_access
Posted by blackm on Thu 24 Nov 2005 at 22:46
Marco asked if it's possible to setup apache to restrict host access and use http auth. I never had such a setup, so I gave it a try.
First I created a directory that uses http auth
The directory need some options to be turned of:
Now go back to /var/www/test and create the file .htaccess
First I created a directory that uses http auth
cd /var/www mkdir test cd test htpasswd -c htp blackmNote: always put your password files outside your webroot!
The directory need some options to be turned of:
< Directory /var/www/test >
AllowOverride AuthConfig Limit
< /Directory >Put this in your apache configuration and reload it. AuthConfig make http auth working in .htaccess and Limit is for the mod_access directiveNow go back to /var/www/test and create the file .htaccess
Order Allow,Deny Allow from [your hostname or ip] [an other one] AuthType Basic AuthName "Restricted Area" AuthUserFile /var/www/test/htp Require valid-userIt is important that the mod_access directive are before the http auth ones. By doing this way, only hosts (your hosts) are allowed to enter username and password. This should prevent your accounts from being cracked using brut force attacks.
Comments on this Entry
I think it's better to use htdigest over htpasswd. More security over network.You can also use mod_auth_pam module. It's good to maintain single password database. Check http://pam.sourceforge.net/mod_auth_pam/
Cheers,
Hardik Dalwadi.
Cheers,
Hardik Dalwadi.
[ Parent | Reply to this comment ]
Hi Hardik,
yes, mod_auth_pam can also be used and it is better to administrate. Some time ago I also used mod_auth_mysql to auth against a mysql database. The combination of mod_auth_pam and the pam module pam_mysql would also be possible (I used this for smtp auth in postfix / sasl).
You can do a lot things with pam, I maybe write an article on the thing's I've done so far (or at least a blog storry).
bye, Martin
--
browse ManPages online!
yes, mod_auth_pam can also be used and it is better to administrate. Some time ago I also used mod_auth_mysql to auth against a mysql database. The combination of mod_auth_pam and the pam module pam_mysql would also be possible (I used this for smtp auth in postfix / sasl).
You can do a lot things with pam, I maybe write an article on the thing's I've done so far (or at least a blog storry).
bye, Martin
--
browse ManPages online!
[ Parent | Reply to this comment ]