There are two sets of Perl modules available for managing your password
files and group files with Perl.
The first one, which is probably the recommended one, is the
HTTPD-User-Manage package, which you can obtain from CPAN (http://www.cpan.org/modules/by-module/HTTPD/),
allows you to manage a variety of authentication files on a variety of web
servers. It is extremely full-featured and lets you do all the sorts of things
that you expect to be able to do. These modules were written by Lincoln Stein
and Doug MacEachern.
The other set of modules I really only mention as shameless self-promotion.
Apache::Htpasswd, by Kevin Meltzer, and
Apache::Htgroup, by me, provide a simpler interface to managing
password and group files specifically for Apache. These modules are also
available on CPAN.
Authentication by username and password is only part of the story.
Frequently you want to let people in based on something other than who they
are. Something such as where they are coming from.
The allow and deny directives let you allow and
deny access based on the host name, or host address, of the machine requesting
a document. The directive goes hand-in-hand with these is the
order directive, which tells Apache in which order to apply the
filters.
The usage of these directives is:
allow from addresswhere address is an IP address (or a partial IP address) or a fully
qualified domain name (or a partial domain name).For example, if you have someone spamming your message board, and you want
to keep them out, you could do the following:deny from 205.252.46.165Visitors coming from that address will not be able to see the content behind
this directive. If, instead, you have a machine name, rather than an IP
address, you can use that:deny from dc.numbersusa.comAnd, if you'd like to block access from an entire domain, you can specify
just part of an address or domain name:deny from 192.101.205 deny from cyberthugs.com deny from keUsing
orderwill let you be sure that you are actually
restricting things to the group that you want to let in, by combining a
denyand anallowdirective:order deny,allow deny from all allow from dev.rcbowen.comListing just the
allowdirective would not do what you want,
because it will let folks from that host in, in addition to letting everyone
in. What you want is to let only those folks in.More Information
You should also read the documentation for
mod_auth(http://www.apache.org/docs/mod/mod_auth.html),
which contains some more information about how this all works. And the FAQ on
the Apache site has some good stuff about authentication, starting at
http://www.apache.org/docs/misc/FAQ.html#dnsauth.Next Week
Next week, I'll talk about
mod_auth_dbmand
mod_auth_mysql, which are two ways to authenticate against a
database, rather than against a text-file password list. This is much faster.
Rich Bowen is a ServerWatch contributor.
ServerWatch is a top resource on servers. Explore the latest news, reviews and guides for server administrators now.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
