• VMware

    Learn about VMware virtualization for its products like vsphere ESX and ESXi, vCenter Server, VMware View, VMware P2V and many more

  • Linux

    Step by step configuration tutorials for many of the Linux services like DNS, DHCP, FTP, Samba4 etc including many tips and tricks in Red Hat Linux.

  • Database

    Learn installation and configuration of databases like Oracle, My SQL, Postgresql, etc including many other related tutorials in Linux.

  • Life always offers you a second chance ... Its called tomorrow !!!

    Friday, February 14, 2014

    How to secure Apache web server in Linux using password (.htaccess)

    Here I have provided simple steps to configure your webpage with login authentication. So that you can prevent unauthorized access to your pages on the website.

    I have used Red Hat 6 machine for these commands so kindly check the same if planning to user other distribution of Linux.

    These are the required attributes which has to be placed and used properly inside the main apache configuration file.

    This option will disable the access to read .htaccess file
    AllowOverride None
    This option with enable the access to read .htaccess file
    AllowOverride AuthConfig
    This will signify the authentication file for required user
    AuthUserfile /location/of/file
    AuthGroupFile /location/of/group

    This will give an output name which you want to be visible on the login prompt screen
    AuthName "Restricted Area"
    NOTE: Create a new .htaccess file inside the directory where you want the authentication. In our case it is inside /var/www.

    Create a authentication file inside the directory you want to protect.
    # htpasswd  /var/www/.htaccess  username
    # htpasswd  /var/www/.htaccess  deepak
    New password:
    Re-type new password:
    Adding password for user deepak

    Give appropriate permission to prevent anauthorized access
    # chmod 700 /var/www/.htaccess
    Add these lines at the end of the config file for apache
    # vi /etc/httpd/conf/httpd.conf
    <Directory /var/www/html>
    AllowOverride AuthConfig
    Order allow,deny
    AuthType Basic
    AuthName "Login Message on the prompt screen"
    AuthUserFile /var/www/.htaccess
    Require user deepak
    Allow from all
    </Directory>

    Restart the services
    # service httpd restart
    Now try to access your page on the browser, you will be prompted for login authentication
    http://192.168.0.138



    Please follow the below links for more tutorials

    Configure Red Hat Cluster using VMware, Quorum Disk, GFS2, Openfiler
    How to register Red Hat Linux with RHN (Red Hat Network )
    Red hat Enterprise Linux 5.5 Installation Guide (Screenshots)
    15 tips to enhance security of your Linux machine
    Why is Linux more secure than windows and any other OS
    What is the difference between "su" and "su -" in Linux?
    What is swappiness and how do we change its value?
    How to log iptables messages in different log file
    What are the s and k scripts in the etc rcx.d directories
    How to check all the currently running services in Linux
    How to auto start service after reboot in Linux
    What is virtual memory, paging and swap space?


    0 comments:

    Post a Comment