Basic Authentication – Apache (httpd)
Many times we need to quickly show some of our work to our superiors and get feedback but do not want to make our work public. I am talking here in terms of web ki duniya (online-world) where we generally share our things on line using portals and websites. Many times you want to release certain things for only limited number of users so that they can first experience it and give their feedback.
For these purposes we require some basic security on server which probably we do not want to build around the main application (website etc.) If you are running your application on apache or if apache is front ending all your requests you can easily implement the basic authentication for all your resources on your server.
While using this type of security the username/password will be asked to the user of website for accessing the private resource. We generally use this for letting limited number of people get the software release and test it before we launch it in public.
Following are the settings you will require to achieve this:
1. Generate username & passwords
# htpasswd -c /etc/users testuser New password: ********** Re-type new password: ********** Adding password for user testuser # htpasswd /etc/users testuser1 New password: ********** Re-type new password: ********** Adding password for user testuser1
htpasswd -c is used to create the file, which is not required while creating second user.
2. Secure your password file (optional) : This is an optional step if somebody wants to secure the password file, permissions can be changed on file so that only selected people can have read and write access to password file. chmod command can be used to do this.
3. Configure Apache: Add following in apache configuration file:
<Location "/path_to_private/resource"> AuthUserFile /etc/users AuthName "This is a private resource" AuthGroupFile /dev/null AuthType Basic Require valid-user </Location>
4. Restart Apache : After changes in configuration file, Restart the apache server to take it to effect.
If now you want to access the resource using web page, you will be asked for credentials to access the resource like following
For better understanding check http://httpd.apache.org/docs/1.3/howto/auth.html.
Most Commented Posts
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
No comments yet.
Leave a comment