Configure Apache Webserver Part-2

Configure Apache Webserver Part-2

by -
1 1246

How To Protect Web Page Directories With Passwords

You can password protect content in both the main and subdirectories of your DocumentRoot fairly easily. I know people who allow normal access to their regular Web pages, but require passwords for directories. This example shows how to password protect the /var/www/abc.local/data directory.

Step 1:  Use Apache’s htpasswd password utility to create username/password combinations independent of your system login password for Web page access. You have to specify the location of the password file, and if it doesn’t yet exist, you have to include a -c, or create, switch on the command line. I recommend placing the file in your /etc/httpd/conf directory, away from the DocumentRoot tree where Web users could possibly view it. Here is an example for a first user named peter and a second named paul:

# htpasswd -c /etc/httpd/conf/.htpasswd  vikas      <– use option -c  to create first user only

New password:
Re-type new password:
Adding password for user vikas

# htpasswd  /etc/httpd/conf/.htpasswd  vivek    <– here no -c is used

New password:
Re-type new password:
Adding password for user vivek

Step 2: Make the .htpasswd file readable by all users.

# chmod 644 /etc/httpd/conf/.htpasswd

Step 3:  Create a .htaccess file in the directory to which you want password control with these entries.

# mkdir /var/www/abc.local/data/
# vi /var/www/abc.local/data/.htaccess

AuthUserFile /etc/httpd/conf/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic
require user vikas

Note: Remember this password protects the directory and all its sub directories.

 

AuthName: Change “Secure Area” to any name that you like. This name will be displayed when the browser prompts for a password. If, for example, that area is to be accessible only to members of your site, you can name it “EnterPassword” or the like.

 

AuthUserFile tells Apache to use the .htpasswd file. The require user statement tells Apache that only user vikas in the .htpasswd file should have access. If you want all .htpasswd users to have access, replace this line with require valid-user.

AuthType Basic instructs Apache to accept basic unencrypted passwords from the remote users’ Web browser.

Step 4:  Set the correct file protections on your new .htaccess file in the directory /var/www/abc.local/data/

# vi  /var/www/abc.local/data/index.html

——————————————————————————-

<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Test Page for AUTHENTICATION TEST on Directory 
</div>
</body>
</html>

——————————————————————————–

# chmod 644  /var/www/abc.local/data/.htaccess

Step 5:  Make sure your /etc/httpd/conf/http.conf file has an AllowOverride statement in a <Directory> directive for any directory in the tree above /var/www/abc.local/data/. In this example below, all directories below /var/www/abc.local/data/ require password authorization.

<Directory /var/www/abc.local/data/*>
AllowOverride AuthConfig
</Directory>

——————————————

<VirtualHost *:80>
ServerAdmin webmaster@abc.local
DocumentRoot /var/www/abc.local
ServerName abc.local
ErrorLog logs/abc.local-error_log
CustomLog logs/abc.local.-access_log common
<Directory /var/www/abc.local/data/*>
AllowOverride AuthConfig
</Directory>
</VirtualHost>
—————————————————–

Step 6: Restart Apache.

# service httpd restart

 How can user publish their websites in their home directory ?

Configure public_html folder in user home directory, for that better to create a web structure in /etc/skel folder, so that whenever we create user, this directory will automatically created in in the home directory of user.

# mkdir /etc/skel/public_html

Edit httpd.conf, change directive UserDir public_html just under the default UserDir disable , when it’s enabled, it allows users to browse and access the public_html directory within their home folder

comment  UserDir disable   and  uncomment UserDir public_html  in httpd conf to enable user to upload their website into  public_html folder of their home directory.

<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
#UserDir disable

#
# To enable requests to /~user/ to serve the user’s public_html
# directory, remove the “UserDir disable” line above, and uncomment
# the following line instead:
#
UserDir public_html

</IfModule>

Now anyone will have access to web pages that a user puts in his ~/public_html directory. This option can be useful if you want each user to share files over the Web

Create  normal user

# useradd webuser
# passwd webuser
Changing password for user webuser.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

# cd /home/webuser
#ls
[root@mail1 webuser]# ls
public_html      <— public_html folder comes automatically because we made this in /etc/skel  before.

go to home folder now and make a file index.html in the public_html folder

#vi /home/webuser/public_html/index.html

<html>
<header> <title> my page </title> </header>
<body> <h1> page from homedir </h1> </body>
</html>

#chmod 701 /home/webuser/
#chmod -R 705 /home/webuser/*

# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

 

Open Browser and type url httpd://192.168.1.254/~webuser  should be viewed like this

webuser

 

 

Similarly you can do for another users.

 

 

 


 

How to Secure virtual host ( https + SSL)

Configure a secure virtual host with self signed certificate. Make a directory to host our secure site,

Now we need to host a site linuxgateway.in in secure way . follow steps to deploy
Step 1.  Configure DNS for linuxgateway.in

#nslookup linuxgateway.in
Server:         192.168.1.254
Address:        192.168.1.254#53
Name:   linuxgateway.in
Address: 192.168.1.254

Step 2:  configure apache for secure site

# mkdir /home/linuxgateway

# yum install mod_ssl

# vi /etc/httpd/conf.d/ssl.conf

Listen 443

then > change

<VirtualHost _default_:443>    <—change this
# General setup for the virtual host, inherited from global configuration
#DocumentRoot “/var/www/html”   <—change this
#ServerName www.example.com:443 <—change this

to>

<VirtualHost *:443>

# General setup for the virtual host, inherited from global configuration
DocumentRoot “/home/linuxgateway”
ServerName linuxgateway.in:443

now generate certificates >

# cd /etc/pki/tls/certs

# genkey linuxgateway.in

genkey1 genkey2 genkey3 genkey4 genkey5 genkey6 genkey7

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


 

You now need to submit your CSR and documentation to your certificate authority. Submitting your CSR may involve pasting it into an online web form, or mailing it to a specific address. In either case, you should include the BEGIN and END lines.

-----BEGIN CERTIFICATE REQUEST-----
MIIBGTCBxAIBADBfMQswCQYDVQQGEwJJTjENMAsGA1UECBMEa3ZpdDEQMA4GA1UE
BxMHQmhpa2FqaTEVMBMGA1UEChMMTGludXhnYXRld2F5MRgwFgYDVQQDEw9saW51
eGdhdGV3YXkuaW4wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA4neY/GSUOmHlVrn9
ZYrWoxx2UbXZopqGKGC/xgDdgGx+Pc5HIVYMHSDbIY66p6BH5pR0qpRkUXh0Vfow
tDJnMQIDAQABoAAwDQYJKoZIhvcNAQEFBQADQQBikn35C1gEeMpG86kclJ6DVZbJ
L0ZyC5GsaD+JWulbhIzS4XtsLwYZyf4tblCZtDzzZxCgO+5R4WdcJY2HEjvi
-----END CERTIFICATE REQUEST-----

A copy of this CSR has been saved in the file
/etc/pki/tls/certs/linuxgateway.in.0.csr

Press return when ready to continue

Step3:  Create Webpages

#vi /home/linuxgateway/index.html

<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Test Page for SSL  TEST on Directory 
</div>
</body>
</html>

# service httpd restart

Now check url  https://linuxgateway.in in windows client ( make sure your DNS of Windows PC should be your local DNS )

Gives some warning because this is self signed certificates.  go though  errors > I understand the risks > Add Exceptions >Confirm Security Exceptions

Now Page will open in https (Secure mode )

CEO, KV IT-Solutions Pvt. Ltd. | vikas@kvit.in | 9810028374|
Linux Professional and an Industrial Trainer | 20 + years Experience in IT Industry

” We are born free, No Gate and Windows can snatch our freedom “

Download PDF

SIMILAR ARTICLES

0 890

0 573

1 COMMENT

  1. Hello Sir

    it would be great if u also upload a document regarding security of our apache server frontend from dos attack and other such attacks .
    Thanks
    Best regards

Leave a Reply

Required Captcha *