Basic-authentication

From VoIPmonitor.org
Revision as of 12:51, 13 May 2021 by Festr (talk | contribs) (Created page with "Configuring your websites with password authentication can prevent unauthorized users from accessing your website without the correct user ID and password. =Centos/Redhat= =...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Configuring your websites with password authentication can prevent unauthorized users from accessing your website without the correct user ID and password.

Centos/Redhat

Configure Apache To Allow .Htaccess Authentication

edit /etc/httpd/conf/httpd.conf

Find the section that begins with <Directory "/var/www/html">. Change the line from AllowOverride none to AllowOverride AuthConfig

AllowOverride AuthConfig

Create A Password File With Htpasswd

htpasswd -c /etc/httpd/.htpasswd yourusername

You will be asked to supply and confirm a password for yourusername

Now, you need to allow the apache user to read the .htpasswd file.

sudo chown apache:apache /etc/httpd/.htpasswd sudo chmod 0660 /etc/httpd/.htpasswd

Configure Apache Password Authentication

Now you need to create a .htaccess file in the web directory you wish to restrict. We will create the .htaccess file in the /var/www/html/ directory to restrict the entire document root.

create /var/www/html/.htaccess
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/httpd/.htpasswd
Require valid-user

Save and close the file, then restart Apache to make these changes take effect.

sudo apachectl restart

Testing Password Authentication

After everything has been set up, it's time to test your Apache server. From your desktop computer, try to access your voipmonitor page in a web browser by visiting your URL or static IP address. You will be prompted with a username and password to access the website.


Debian

apt -y install apache2-utils
edit /etc/apache2/apache2.conf

Find the <Directory> block for the /var/www directory that holds the document root. Turn on .htaccess processing by changing the AllowOverride directive within that block from “None” to “All”:

<Directory /var/www/>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>
create /var/www/html/.htaccess
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user

add a user : create a new file with "-c" ("-c" option is needed only for the initial registration)

root@www:~# htpasswd -c /etc/apache2/.htpasswd yourusername

Restart the web server to password protect all content in or below the directory with the .htaccess

sudo service apache2 restart