Web website service 2.1

Enterprise 2023-09-18 17:57:13 views: null

2.1.Access control of httpd service

  • In order to further control access to website resources, you can add access authorization for specific website directories.
    • 2.1.1 Client address is restricted
    • Through the Require configuration item, you can decide whether to allow client access based on the host name or IP address of the host. The Require configuration item can be used in the <Location><Directory>, <Files>, and <Limit> configuration sections of the main configuration file of the httpd server to access the Diabolo client. When using the Require configuration item, you need to set the client address to form a complete restriction policy. The address can be in the form of IP address, network address, host name and domain name. Use the name "all" to represent any address.
    • The format is as follows:
    • Require all granted: Indicates that all hosts are allowed to access
      • The configuration is as follows
      • Normally, the website server is open to all clients, and the web document directory does not impose any restrictions. Use the Require all granted policy to allow all clients to access
      • Require [not] ip <ip address or network segment list>: expresses allowing or specifying IP address or network segment access
      • Require [not] host <host name or domain name list>: Indicates that access to the specified host or domain is allowed or denied
      • Require local: Indicates that only local host access is allowed
      • Require all denied: means denying access to all hosts

        • The definition restriction policy is that there is an OR relationship between multiple Require configuration statements without not, and any Require configuration statement can be accessed if it meets the conditions. If a Require configuration statement without not appears, and a Require configuration statement with not appears, the relationship between the statements is AND, that is, only when all Require configuration statements are satisfied at the same time can access
        • For example, only the host of 173.17.17.173 is allowed to access

          •  
          • On the contrary, when you need to use a deny-only restriction policy, you can flexibly use the Require and Require not configuration statements to set the deny policy and only prohibit access to some hosts. When using not to prohibit access, place it in the <RequireAll> </RequireAll> container and specify the corresponding restriction policy in the container.
            • For example: prohibit access to hosts on network segments 192.168.0.0/24 and 192.168.1.0/24, and allow other hosts to access

       

            • When unauthorized clients access the website directory, access will be denied. Depending on the browser, the rejection message may differ slightly.
            • For example: Edge browser
            •  

      • The httpd service supports digest authentication and basic authentication. Basic authentication is the basic function of the httpd service. Digest authentication requires adding "--enable-auth-digest" before compilation. Not all browsers support digest authentication.
        • 1. Create user authentication data file
          • The basic authentication of httpd determines whether user access is allowed by verifying the user name and password. The user account for authorized access must first be established and saved in a fixed data file.
          • Use the htpasswd tool to specify the location of the user data file and add -c to create a new file.

           

      • User-based access control includes two processes: authentication and authorization. It is a way for Apache to allow specified users to access specific resources using user names and passwords. Authentication refers to the process of identifying a user, and authorization refers to the process of allowing specific users to access specific directory areas.

      • If there is no -c option, it means that the specified user data file exists, which can be used to add new users or modify the password of existing users.

        For example: when adding a new user tsengyia to the .awspwd data file

      • 2. Add user authorization configuration
        • For example: Allow any user in the .awspwd data file to access the web page
        • To authorize user accounts, you need to modify the httpd.conf configuration file, add authorization configurations in specific directory areas, and enable basic authentication settings to allow those users to access.

    • Among the above configuration contents, the meaning of relevant configuration items
      • Note: When user access authorization and host access control are set at the same time, the set host access control takes precedence.
      • Require Valid-user: Requires that only legitimate users in the authentication file can access. If authorized to a single user, you can specify the user name
      • AuthUserFile: Set the authentication file path used to save user accounts and passwords
      • AuthType: Set the authentication type, Basic means basic authentication
      • AuthName: Define the protected realm name and display the content in the authentication dialog box that pops up in the browser

     

Guess you like

Origin blog.csdn.net/m0_65487180/article/details/129815825
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com