O'Reilly logo

Building Secure Servers with Linux by Michael D. Bauer

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Special Topics

The following discussions involve not only CGI script security, but also Apache and Linux configuration and administration.

Authentication

Your web site may have some restricted content, such as premium pages for registered customers or administrative functions for web site maintainers. Use authentication to establish the identity of the visitor.

Basic authentication

The simplest authentication method in Apache is basic authentication . This requires a password file on the web server and a require directive in a config file:

<Location /auth_demo_dir>
AuthName "My Authorization"
AuthType Basic
# Note: Keep the password files in their own directory
AuthUserFile /usr/local/apache/auth_dir/auth_demo_password "
Order deny, allow
Require valid-user
</Location>

I suggest storing password files in their own directories, outside the document root. You may use subdirectories to segregate files by user or virtual host. This is more manageable than .htaccess files all over the site, and it keeps Apache running faster.

You can specify any matching user, a list of users, or a list of groups:

require valid-user
require user user1 
                  user2 ...
require group group1 group2 ...

Where are the names and passwords stored? The simplest, specified by AuthUserFile in the example, is a flat text file on the server. To create the password file initially, type the following:

htpasswd -c /usr/local/apache/auth_dir/auth_demo_password

To add entries to the password file:

htpasswd /usr/local/apache/auth_dir/auth_demo_password ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required