Wiki

User Tools

Site Tools

Trace:
apache:authentication:basic_authentication

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
apache:authentication:basic_authentication [2023/07/17 08:45] peterapache:authentication:basic_authentication [2023/07/17 08:54] (current) peter
Line 7: Line 7:
 ===== Configure Apache to allow .htaccess authentication. ===== ===== Configure Apache to allow .htaccess authentication. =====
  
-By default Apache does not allow the use of .htaccess files.  You will need to set up Apache to allow .htaccess based authentication.+By default Apache does not allow the use of .htaccess files.
  
-You can do this by editing the Apache config file:+  * Apache will need to be configured to allow **.htaccess** based authentication. 
 + 
 +Editing the Apache config file:
  
 <code bash> <code bash>
Line 15: Line 17:
 </code> </code>
  
-Find the section that begins with **<Directory "/var/www/html">**.  Change the line from **AllowOverride none** to **AllowOverride AuthConfig**.+Find the section that begins with **<Directory "/var/www/html">**. 
 + 
 +Change the line from **AllowOverride none** to **AllowOverride AuthConfig**.
  
 <file apache /etc/httpd/conf/httpd.conf> <file apache /etc/httpd/conf/httpd.conf>
Line 23: Line 27:
 Save and close the file. Save and close the file.
  
 +----
  
 ===== Create a password file with htpasswd ===== ===== Create a password file with htpasswd =====
  
-The **htpasswd** command is used to create and update the files used to store usernames and password for basic authentication of Apache users.  We will create a hidden file .htpasswd in the /etc/httpd/ configuration directory.+The **htpasswd** command is used to create and update the files used to store usernames and password for basic authentication of Apache users.
  
-Let's begin by creating a .htpasswd file for user1.+  * A hidden file **.htpasswd** will need to be created in the /etc/httpd/ configuration directory. 
 + 
 +For example, create a .htpasswd file for user1.
  
 <code bash> <code bash>
Line 34: Line 41:
 </code> </code>
  
-You will be asked to supply and confirm a password for user1.+This will prompt to supply and confirm a password for user1.
  
 <WRAP warning> <WRAP warning>
-**WARNING**: Only use **-c** the first time you create the file.  Do not use **-c** when you add a user in the future.+**WARNING**: Only use **-c** the first time the file is created. 
 + 
 +  Do not use **-c** when another user is added in the future. 
 </WRAP> </WRAP>
  
-Let's create another user named user2:+---- 
 + 
 +Create another user named user2:
  
 <code bash> <code bash>
-sudo htpasswd  /etc/httpd/.htpasswd user2+sudo htpasswd /etc/httpd/.htpasswd user2
 </code> </code>
  
-After creating user2, you can see the username and the encrypted password for each record:+---- 
 + 
 +===== Display the username and encrypted password for each user =====
  
 <code bash> <code bash>
Line 52: Line 66:
 </code> </code>
  
-The output will look something like this:+returns:
  
 <code> <code>
Line 59: Line 73:
 </code> </code>
  
-Now, you need to allow the apache user to read the .htpasswd file.+---- 
 + 
 +===== Allow Apache to read the .htpasswd file =====
  
 <code bash> <code bash>
Line 66: Line 82:
 </code> </code>
  
 +----
  
 ===== Configure Apache password authentication ===== ===== Configure Apache password authentication =====
  
-Now you need to create a .htaccess file in the web directory you wish to restrict.+Create **.htaccess** file in the web directory which is to be restricted.
  
-For this example, we will create the .htaccess file in the /var/www/html/ directory to restrict the entire document root.+For example, create the .htaccess file in the /var/www/html/ directory to restrict the entire document root.
  
 <code bash> <code bash>
Line 92: Line 109:
 </code> </code>
  
 +----
  
 ===== Testing password authentication ===== ===== Testing password authentication =====
  
-After everything has been set up, it's time to test your Apache server.+Try to access the restricted content in a web browser by visiting the URL or static IP address.
  
-From your desktop computer, try to access your restricted content in a web browser by visiting your URL or static IP address.+This will prompt for a username and password to access the website.
  
-You will be prompted with a username and password to access the website.+<WRAP info> 
 +**NOTE:**  If the correct credentials are entered, the site will be accessible.
  
-If you enter the correct credentials, you will be allowed to access the content.+  * If the wrong credentials or enteredor **Cancel** is pressed, this should show the **Unauthorized** error page.
  
-If you enter the wrong credentials or hit "Cancel" you will see the "Unauthorized" error page: +  * Password protection should be combined with SSL, so that the credentials are not sent to the server in plain text. 
- +
-Your website is now secure with password authentication.  Remember that password protection should be combined with SSL, so that your credentials are not sent to the server in plain text. +
  
 +</WRAP>
  
 +----
  
 ===== References ===== ===== References =====
  
 http://www.webtrafficexchange.com/how-create-htpasswd-file-encrypted-password http://www.webtrafficexchange.com/how-create-htpasswd-file-encrypted-password
apache/authentication/basic_authentication.1689583547.txt.gz · Last modified: 2023/07/17 08:45 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki