Technology and troubleshooting.

Friday, January 29, 2016

How To Configure Private Directories in Apache webserver

How To Configure Private Directories in Apache webserver

In this tutorial I am going to show you how to protect your site from others(Unauthorized users).

By default Apache will serve content out to anyone that requests it which essentially makes it public. We can add some additional simple configuration to create a private directory that can only be accessed based on source IP address, or with a username and password combination, or even based on user group membership.

This is handled by default via mod_authz_core which is installed with Apache by default, this module is used to configure authorization so that we can only allow authenticated users to be allowed access to certain parts of the web site.

Note: In this example we are working with Apache/2.2.15 in CentOS 6.7, some steps may vary depending on your version of Apache and specific Linux distribution.

Creating a User Account

In our example we will be creating a user and password that can access the /squidanalyzer/ directory of our website. First lets create the user that will have access, this can be done with the htpasswd command as shown below.

[ ~]# htpasswd -c /etc/httpd/htpasswd 6an71t
New password:
Re-type new password:
Adding password for user 6an71t
Here we are using -c to create the /etc/httpd/htpasswd file which is the file that will contain our username and password for the user named ‘test’. The -c flag should only be used the first time that you are creating the file, otherwise if you use this again it will overwrite all previous contents with a new file.
Once you enter a password twice for the account the file will have been created, we can view the contents as shown below.

[ ~]# cat /etc/httpd/htpasswd
Here we can see that the user ‘6an71t’ exists along with the encrypted password. By default this file will be readable by all users, so you may want to change that – Apache will need to be able to read it however.

Apache Configuration

Below is some example configuration that you can place into /etc/httpd/conf/httpd.conf

[ ~]# vi /etc/httpd/conf/httpd.conf 

Alias /squidreport /var/www/squidanalyzer

<Directory "/var/www/squidanalyzer">

    Options Indexes MultiViews FollowSymLinks

    AllowOverride None

    Order allow,deny

    Allow from all

    AuthType Basic

    AuthName "Your Banner Here"

    AuthUserFile /etc/httpd/htpasswd

    Require valid-user


After saving the changes to the file you can test that the syntax is correct with ‘apachectl configtest’. Once these modifications have been applied, Apache must be reloaded to actually apply them as shown below.

[ ~]# apachectl configtest

Syntax OK

Apache reload

 [ ~]#service httpd reload


Authentication form - 6an71t

I hope you  this information is useful for you. Please forgive any typos or incomplete sentences.