In this tutorial you will learn about Apache password authentication on Ubuntu Server. You will learn how to install apache2-utils and how to use htpasswd command. Also, you will learn how to place restrictions to both the virtual host config file and .htaccess files using the following configuration section containers: Directory, Files, Location and LocationMatch.
Code used during this tutorial:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 |
# Apache Password authentication on Ubuntu Server sudo apt-get update # Utility programs for webservers sudo apt-get install apache2-utils # Manage user files for basic authentication # -c Create the passwdfile. If passwdfile already exists, it is rewritten and truncated # Use -c option first time when creating passwdfile sudo htpasswd -c /etc/apache2/.htpasswd liviu.balan sudo htpasswd -c /etc/apache2/.htpasswd liviu cat /etc/apache2/.htpasswd sudo htpasswd /etc/apache2/.htpasswd liviu.balan cat /etc/apache2/.htpasswd # Configuration Section Containers: Filesystem and Webspace # Backup virtual host conf sudo cp /etc/apache2/sites-available/wp.liviubalan.com.conf /etc/apache2/sites-available/wp.liviubalan.com.conf-bak # Edit virtual host conf sudo vi /etc/apache2/sites-available/wp.liviubalan.com.conf # Restrict the entire document root # Enclose a group of directives that apply only to the named file-system directory, sub-directories, # and their contents <Directory "/var/www/wp.liviubalan.com"> # Type of user authentication AuthType Basic # Authorization realm for use in HTTP authentication AuthName "Restricted Content" # Sets the name of a text file containing the list of users and passwords for authentication AuthUserFile /etc/apache2/.htpasswd # Tests whether an authenticated user is authorized by an authorization provider # All valid users can access the resource Require valid-user # Only the named users can access the resource #Require user liviu # Clients in the specified IP address ranges can access the resource #Require ip 192.168.56.1 </Directory> # Combine directory directive # Allow access to "wp-includes" dir <Directory "/var/www/wp.liviubalan.com/wp-includes"> AuthType None # Access is allowed unconditionally Require all granted </Directory> # Contains directives that apply to matched filenames <Files "editor-style.css"> AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/apache2/.htpasswd Require valid-user </Files> # Applies the enclosed directives only to matching URLs # Apply directives to content that lives outside the filesystem <Location "/admin"> AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/apache2/.htpasswd Require valid-user </Location> # Applies the enclosed directives only to regular-expression matching URLs <LocationMatch "/feed$"> AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/apache2/.htpasswd Require valid-user </LocationMatch> # Restart Apache sudo service apache2 restart # Browser http://wp.liviubalan.com/ http://wp.liviubalan.com/admin http://wp.liviubalan.com/wp-admin http://wp.liviubalan.com/wp-includes http://wp.liviubalan.com/wp-content/themes/twentythirteen/css/editor-style.css # Path not found on the filesystem http://wp.liviubalan.com/admin http://wp.liviubalan.com/admin/ http://wp.liviubalan.com/admin/path # The order of merging is: # 1. <Directory> # 2. <DirectoryMatch> # 3. <Files> and <FilesMatch> done simultaneously # 4. <Location> and <LocationMatch> done simultaneously # Configuring Access Control with .htaccess Files # Types of directives that are allowed in .htaccess files # None: .htaccess files are completely ignored # All: any directive which has the .htaccess Context is allowed in .htaccess files # Apply to all virtual hosts sudo vi /etc/apache2/apache2.conf <Directory /var/www/> Options Indexes FollowSymLinks #AllowOverride None AllowOverride All Require all granted </Directory> # Apply to current virtual host sudo vi /etc/apache2/sites-available/wp.liviubalan.com.conf <Directory "/var/www/wp.liviubalan.com/"> AllowOverride All </Directory> vi /var/www/wp.liviubalan.com/.htaccess <Files "editor-style.css"> AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/apache2/.htpasswd Require valid-user </Files> # Directive Context # <Directory> Directive Context: server config, virtual host # <DirectoryMatch> Directive Context: server config, virtual host # <Files> Directive Context: server config, virtual host, directory, .htaccess # <FilesMatch> Directive Context: server config, virtual host, directory, .htaccess # <Location> Directive Context: server config, virtual host # <LocationMatch> Directive Context: server config, virtual host # When using .htaccess files Apache has to re-read these files on every request that involves the # directory, which can impact performance # Man page man htpasswd # Useful links https://www.liviubalan.com/set-up-apache-virtual-hosts-on-ubuntu-server https://www.liviubalan.com/apache-virtual-host-explained https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-14-04 http://httpd.apache.org/docs/current/mod/core.html#directory https://httpd.apache.org/docs/2.4/mod/mod_authn_core.html#authtype https://httpd.apache.org/docs/2.4/mod/mod_authn_core.html#authname https://httpd.apache.org/docs/2.4/mod/mod_authn_file.html#authuserfile https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require http://httpd.apache.org/docs/current/mod/core.html#files http://httpd.apache.org/docs/current/mod/core.html#location http://httpd.apache.org/docs/current/mod/core.html#locationmatch http://tecadmin.net/how-to-secure-specific-url-in-apache/ http://httpd.apache.org/docs/current/sections.html |
Useful links:
https://www.liviubalan.com/set-up-apache-virtual-hosts-on-ubuntu-server
https://www.liviubalan.com/apache-virtual-host-explained
https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-14-04
http://httpd.apache.org/docs/current/mod/core.html#directory
https://httpd.apache.org/docs/2.4/mod/mod_authn_core.html#authtype
https://httpd.apache.org/docs/2.4/mod/mod_authn_core.html#authname
https://httpd.apache.org/docs/2.4/mod/mod_authn_file.html#authuserfile
https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require
http://httpd.apache.org/docs/current/mod/core.html#files
http://httpd.apache.org/docs/current/mod/core.html#location
http://httpd.apache.org/docs/current/mod/core.html#locationmatch
http://tecadmin.net/how-to-secure-specific-url-in-apache/
http://httpd.apache.org/docs/current/sections.html