Servers Securing Your Web Pages with Apache Page 7

Securing Your Web Pages with Apache Page 7




Different URLs within a realm can be protected in different ways,
with different sets of credentials being valid for different locations.
However, since the realm is the key the client uses to remember
which credentials to send, being egregious about using multiple
sets of credentials within the same realm tends to annoy users
when they have to re-authenticate repeatedly for what looks like
(and in fact is) the same realm. It’s generally a good idea to
have a one-to-one relationship between realms and sets of
authorised credentials.

But how do you turn on access control in the first place?
Just as you apply any other Apache directive: by having the
directives appear in the appropriate scope. For example:

  
    
        AuthName Finance
        AuthType Basic
        AuthUserFile /usr/local/web/apache/auth/.htpasswd-finance
        Require valid-user
    

This will protect the finance subdirectory and all
files and subdirectories in it any below it. Other directories,
such as products, remain unaffected.

containers are all very well, but what
if you want to protect only a single file? Or perhaps a document
that isn't mapped to the filesystem, like the output from
mod_status? The answer remains the same: use the
appropriate scoping directives (such as
and ) to apply the security measures
to the items you want protected.

Inheritance

Like almost all other Apache configuration details, the security
directives that apply to a particular document or directoy may be
inherited from the parent, or possibly even further up the tree.
This means that at each level you need only supply those directives that
are different. The following two fragments are equivalent:

    
        AuthName "Finance Department"
        AuthType Basic
        AuthUserFile /usr/local/web/apache/auth/.htpasswd-finance
        Require valid-user
    
        AuthName "Finance Department"
        AuthType Basic
        AuthUserFile /usr/local/web/apache/auth/.htpasswd-finance
        Require user susan bob
    
        AuthName "Finance Department"
        AuthType Basic
        AuthUserFile /usr/local/web/apache/auth/.htpasswd-finance
        Require valid-user
    

    
        Require user susan bob
    

The second fragment takes advantage of the inheritance of the
values from the parent directory, and simply restricts the access
list to only Bob and Susan.

It's generally not a good idea to make too many assumptions when
dealing with security matters, so even though inheritance can seem
to make your life easier by not requiring you to duplicate
directives all over the place, this might be an illusion. Just
wait until you see how complicated your life becomes when all the
inherited values become compromised because of a single mistake
at a higher level.

A related subject involves determining which of possibly several
access control modules has the Final Say on whether access is
granted or not. This is covered in a
later section.

Requiring a Specific Username

Latest Posts

Compare HP’s iLo & Dell’s iDRAC Server Management Tools

Most servers shipped from the major manufacturers today come with some type of out-of-band management tool or baseboard management controller (BMC). Two of the...

Get-MsolUser PowerShell Attributes & Properties

This article has been updated for 2020. Please note that WAAD was retired in 2018, but the cmdlets listed in this article are still...

Microsoft Azure PowerShell Scripts and Commands

Using PowerShell scripts and commands for quickly executing tasks in Windows operating systems offers a number of benefits over traditional scripting languages, such as...

Microsoft Hyper V Review

Microsoft Hyper-V: The Bottom line Microsoft Hyper-V lagged behind VMware's virtualization tool, one of the most popular tools in the space, when it was first...

Best Cloud Based Services & Companies

Any company that’s delayed introducing cloud-based software into their infrastructure needs to consider leveraging these new technologies to reap all the benefits cloud computing...

Related Stories