Web Hosting How-Tos

  Home arrow Web Hosting How-Tos arrow Page 3 - Configuring Apache – Intermediate
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
  >>> SIGN UP!  
  Lost Password? 

Configuring Apache – Intermediate
By: Michael Swanson
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 24

    Table of Contents:
  • Configuring Apache – Intermediate
  • Modules
  • Authentication
  • Authorization

  • Rate this Article: Poor Best 
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article




    Configuring Apache – Intermediate - Authentication

    (Page 3 of 4 )

    One of the many tasks you will be faced with as an administrator is preventing access to certain files for certain users. This is the process of authentication, making sure that the correct files only get viewed by those people who should be allowed to view them. This is a particularly difficult task for a Web server, since Apache by default will serve everything in its “DocumentRoot” structure publicly. This means you must specifically define when and where you want Apache to apply an authentication scheme. 

    Another complicating factor in this set up is the fact that Apache offers many different ways of applying and defining this authentication scheme. Also, some browsers only support certain ways of authenticating, so you must keep that in mind as well when deciding on a certain scheme for authentication. The two main different types of authentication are called Basic and Digest authentication.

    Basic authentication has been around for a long time, and is supported by almost all browsers. This ubiquity is its main advantage. However, it has several disadvantages. First of all, from a security standpoint, Basic authentication sends passwords over the Internet in plain-text, like any other HTTP traffic, so any hacker listening to a user’s or server’s line has a very easy time of sniffing passwords. Also, because Basic authentication is very simplistic, it is often difficult for administrators to get the authentication scheme set up in the way that they want it.

    Digest authentication is the other option. Digest authentication's main drawback is that it is less widely supported than Basic. However, Digest does not send username and password information over the Internet in plain-text.  It uses a form of public key encryption to make it more difficult to break.

    Now that we’ve discussed the different forms of authentication, let’s talk about how to implement them on Apache.  First, we’ll talk about creating the files necessary to implement both of these schemes.  Both Basic and Digest authentication store username and password information in simple flat files that sit in the server file system. To create these files, you must use one of two programs provided with Apache. For Basic, the program is called “htpasswd” and for Digest, it is called “htdigest.” These programs take as input that destination for the password file, a username and a password, and then add the correct information to that file. For exact usage of both of these utilities, see the Apache documentation.

    To configure Apache to use Basic authentication for a certain directory, you would do something like the following:

     <Directory /web/home/private>
      AuthName “MyPrivateStuff”
    AuthType Basic
    AuthUserFile /web/htpasswd
      Require valid-user

    The “AuthName” directive determines what will be displayed to the client by the browser when it asks for a password. The “AuthType” directive tells Apache to use Basic authentication, “AuthUserFile” tells Apache where to find the corresponding “htpasswd” file for this directory and “Require valid-user” makes sure that Apache will not serve this file to anyone who is not an authenticated user. 

    More Web Hosting How-Tos Articles
    More By Michael Swanson


    - Phishing Scams: An Overview and How to Detec...
    - Tips for Safe Downloading Online
    - How To Avoid Spam
    - How to Get Into Ethical Hacking
    - How to Prevent Drive-by Downloads
    - Facebook Timeline Tips and Tricks
    - How to Keep Up with Facebook`s Changes
    - Wi-Fi Network Security Tips
    - Tips for Safe Online Holiday Shopping
    - Facebook Privacy: Keeping Up with the Const...
    - Tips for Facebook Privacy
    - How to Cover Your Tracks on the Web
    - SSH Keys for FileZilla and Putty in Cpanel
    - How to Create a Filezilla FTP User
    - How to Install FileZilla Server

    Developer Shed Affiliates


    © 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap