Configuring Apache – Intermediate - Authorization
(Page 4 of 4 )
Another way to block access to certain parts of the server is through the process of authorization. This uses other variables besides username and password to allow or deny access to certain Web resources. There are three directives involved in this, and they can be used in any <Location> <File> <Directory> or <VirtualHost> block.
First, we will look at the “Allow” and “Deny” directives. These both take the same sort of arguments which can loosely be defined as some sort of network name or IP address. These let you define whether a directory will be allowed or denied based on what network source a request is originating from. Also, you can use the “All” argument to mean every possible network address. For example, the directive “Allow from 10.0.1” would allow access to a certain resource to any client originating at some address within the “10.0.1” subnet. The third directive is the “Order” directive, which determines, not surprisingly, in what order the “Allow” and “Deny” directives will be evaluated.
Basically, this determines whether clients will be allowed by default or denied by default. Using the directive “Order deny,allow” would default to “Allow” for any clients not specifically denied and “Order allow,deny” would default to “Deny” for those not defined. An example of using this strategy to protect access to a specific directory follows:
<Directory /www/private>
Order deny,allow
Deny from all
Allow from 10.0.1
</Directory>
This would deny any requests except those coming from some IP address within the “10.0.1” subnet.
Conclusion
This article has shown some of the intermediate level configuration tasks on an Apache server. It has dealt with using virtual hosts to serve multiple domains on a single Web server, adding a simple module to Apache to increase its functionality and using authentication and authorization to control access to certain Web resources. These tasks can significantly increase the usefulness and capabilities of your Apache server, as well as give the administrator more power and control over what information gets accessed by different computers.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
