SlideShare a Scribd company logo

Apache2 BootCamp : Restricting Access

Wildan Maulana
Wildan Maulana
Technology
1 of 35
Download to read offline
#7 Day #2 Restricting Access Wildan Maulana wildan.m@openthinklabs.com http://workshop.openthinklabs.com
Overview ● How to restrict access based on the user, client IP address, domain name, and browser version ● How to enable and configure Apache authentication modules ● How to use the user management tools provided with Apache
Authentication ● Authentication : establishes the identity of parties in a communication ● Authentication in the Context of the Web : – Use of passwords – Use of certificates ● Authorization : deals with protecting access to resources, we can authorize based on : ● IP address the user is coming from ● The user’s browser ● The content ● The user is trying to access ● Who the user is
Client Authentication ● The HTTP specification provides two authentication mechanisms: basic and digest The username and password are transmitted in clear text The username and password are transmitted in digest
Client Authentication User Management File-based Database-based authentication mechanisms authentication mechanisms Supported in Apache Bundles Supported in Third-party modules LDAP (Lightweight Directory Access Protocol) NIS (Network Information Services)
Apache Authentication Modules Authentication modules bundled with Apache mod_auth mod_auth_dbm mod_auth_digest mod_auth_anon
Apache Authentication Modules Common Functionality Apache provides three built-in directives related to authentication that will be used with any of the authentication modules AuthName AuthType Require Example Require user joe bob Require group employee contractor Require valid-user
Apache Authentication Modules Module Functionality Backend storage User management Authoritative information Provide text or database files containing the username and groups information Supply tools for creating and managing users and groups in the backend storage Specify whether the results of the module are authoritative
File-Based Authentication mod_auth Provides basic authentication via text files containing usernames and passwords, similar to how traditional Unix authentication works with the /etc/passwd and /etc/groups files.
File-Based Authentication Backend Storage Directives AuthUserFile Take a path argument, pointing to the users file AuthGroupFile Take a path argument, pointing to the users file /etc/apache.passwords Examples /etc/apache.groups Examples admin:iFrlxqg0Q6RQ6 web: admin umar abdul aziz
File-Based Authentication User Management htpasswd -c file userid htpasswd -c /usr/local/apache2/conf/htusers admin Don't use -c options if you want to add users to an existing password file
File-Based Authentication Authoritative Directive AuthAuthoritative on|off
File-Based Authentication Using mod_auth <directory /usr/local/apache2/htdocs/private> AuthType Basic AuthName “Private Area” AuthUserFile /usr/local/apache2/conf/htusers AuthAuthoritative on Require valid-user </directory>
Database File-Based Access Control mod_auth_dbm More scalable and faster with because of indexed database files
Database File-Based Access Control Backend Storage mod_auth_dbm modules AuthDBMUserFile Directives AuthDBMGroupFile
Database File-Based Access Control User Management On Windows On Unix If you are using ActiveState Perl, start the Perl package manager and type install Crypt-PasswdMD5 ./dbmmanage dbfile adduser userid perl ./dbmmanage.pl dbfile adduser userid htdbm Examples dbmmanage /usr/local/apache2/conf/dbmusers adduser daniel employee,engineering dbmmanage dbfile delete daniel
Database File-Based Access Control Authoritative AuthDBMAuthoritative on|off
Database File-Based Access Control Using mod_auth_dbm <directory /home/*/public_html> AuthType Basic AuthName “Private Area” AuthDBMUserFile /usr/local/apache2/conf/dbmusers AuthDBMGroupFile /usr/local/apache2/conf/dbmusers AuthDBMAuthoritative on Require group student faculty </directory>
Digest-Based Authentication mod_auth_digest
Digest-Based Authentication Backend Storage mod_auth_digest modules Directives AuthDigestFile AuthDigestGroupFile
Digest-Based Authentication User Management On Windows On Unix htdigest.exe htdigest
Digest-Based Authentication User Management AuthDigestAuthoritative on|off
Digest-Based Authentication Additional Directives AuthDigestDomain Takes a list of URLs that share the same realm and username password protection
Digest-Based Authentication Using mod_auth_digest <Location /private> AuthType Digest AuthName “Private Area” AuthDigestFile /usr/local/apache2/conf/digestusers AuthDigestDomain /private /private2 /private3 AuthDigestAuthoritative on Require valid-user </Location>
Additional Authentication Modules mod_auth_anon
Access Control ● Access Rules ● IP Addresses – A Partial IP Address – A Network/Mask Pair ● Domain Name ● Environment Variables ● All Clients
Access Rules IP Addresses IP Addresses Allow from 10.0.0.1 10.0.0.2 10.0.0.3 A Partial IP Address Allow from 10.0.0.0/255.255.255.0 Deny from 10.0 Allow from 10.0.0.0/24 A Network/Mask Pair
Access Rules Domain Name Allow from example.com Enabling access rules based on domain names will force Apache to do a reverse DNS lookup on the client address, bypassing the settings of the HostNameLookups directive
Access Rules Environment Variables BrowserMatch MSIE iexplorer Deny from env=iexplorer
Access Rules All Clients Allow from all Deny from all
Access Rules Evaluation Deny,Allow <location /private> Order Deny,Allow Allow from 10.0.0.0/255.255.255.0 example.com Deny from all </location> Allow,Deny <location /some/location/> Order Allow,Deny Allow from all Deny from host.example.com </location>
Combining Access Methods <Location /restricted> Allow from 10.0.0.0/255.255.255.0 AuthType Basic AuthName “Intranet” AuthUserFile /usr/local/apache2/conf/htusers AuthAuthoritative on Require valid-user Satisfy any </Location>
Limiting Access Based on HTTP Methods HTTP Methods : GET,POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, and UNLOCK. <Directory /home/*/public_html> AllowOverride FileInfo AuthConfig Limit Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec <Limit GET POST OPTIONS PROPFIND> Order allow,deny Allow from all </Limit> <LimitExcept GET POST OPTIONS PROPFIND> Order deny,allow Deny from all </LimitExcept> </Directory>
Q&A http://workshop.openthinklabs.com
Reference ● Daniel Lopez Ridruezo; SAMS Teach Yourself Apache2 in 24 Hours, SAMS Publishing, 2002 (Buy this book on Amazon)

Recommended

Running the Apache Web Server
Running the Apache Web ServerRunning the Apache Web Server
Running the Apache Web Serverwebhostingguy
 
Java Security Manager Reloaded - jOpenSpace Lightning Talk
Java Security Manager Reloaded - jOpenSpace Lightning TalkJava Security Manager Reloaded - jOpenSpace Lightning Talk
Java Security Manager Reloaded - jOpenSpace Lightning TalkJosef Cacek
 
Java Security Manager Reloaded - Devoxx 2014
Java Security Manager Reloaded - Devoxx 2014Java Security Manager Reloaded - Devoxx 2014
Java Security Manager Reloaded - Devoxx 2014Josef Cacek
 
WordPress Security Fundamentals - WordCamp Biratnagar 2018
WordPress Security Fundamentals - WordCamp Biratnagar 2018WordPress Security Fundamentals - WordCamp Biratnagar 2018
WordPress Security Fundamentals - WordCamp Biratnagar 2018Abul Khayer
 
Java secure development part 3
Java secure development part 3Java secure development part 3
Java secure development part 3Rafel Ivgi
 
Install ldap server
Install ldap serverInstall ldap server
Install ldap serverMawardi 12
 
12 core technologies you should learn, love, and hate to be a 'real' technocrat
12 core technologies you should learn, love, and hate to be a 'real' technocrat12 core technologies you should learn, love, and hate to be a 'real' technocrat
12 core technologies you should learn, love, and hate to be a 'real' technocratlinoj
 
Hadoop Security in Detail__HadoopSummit2010
Hadoop Security in Detail__HadoopSummit2010Hadoop Security in Detail__HadoopSummit2010
Hadoop Security in Detail__HadoopSummit2010Yahoo Developer Network
 

Recommended

Running the Apache Web Server
Running the Apache Web ServerRunning the Apache Web Server
Running the Apache Web Serverwebhostingguy
 
Java Security Manager Reloaded - jOpenSpace Lightning Talk
Java Security Manager Reloaded - jOpenSpace Lightning TalkJava Security Manager Reloaded - jOpenSpace Lightning Talk
Java Security Manager Reloaded - jOpenSpace Lightning TalkJosef Cacek
 
Java Security Manager Reloaded - Devoxx 2014
Java Security Manager Reloaded - Devoxx 2014Java Security Manager Reloaded - Devoxx 2014
Java Security Manager Reloaded - Devoxx 2014Josef Cacek
 
WordPress Security Fundamentals - WordCamp Biratnagar 2018
WordPress Security Fundamentals - WordCamp Biratnagar 2018WordPress Security Fundamentals - WordCamp Biratnagar 2018
WordPress Security Fundamentals - WordCamp Biratnagar 2018Abul Khayer
 
Java secure development part 3
Java secure development part 3Java secure development part 3
Java secure development part 3Rafel Ivgi
 
Install ldap server
Install ldap serverInstall ldap server
Install ldap serverMawardi 12
 
12 core technologies you should learn, love, and hate to be a 'real' technocrat
12 core technologies you should learn, love, and hate to be a 'real' technocrat12 core technologies you should learn, love, and hate to be a 'real' technocrat
12 core technologies you should learn, love, and hate to be a 'real' technocratlinoj
 
Hadoop Security in Detail__HadoopSummit2010
Hadoop Security in Detail__HadoopSummit2010Hadoop Security in Detail__HadoopSummit2010
Hadoop Security in Detail__HadoopSummit2010Yahoo Developer Network
 
Drupal Security Hardening
Drupal Security HardeningDrupal Security Hardening
Drupal Security HardeningGerald Villorente
 
Drupal and Security: What You Need to Know
Drupal and Security: What You Need to KnowDrupal and Security: What You Need to Know
Drupal and Security: What You Need to KnowAcquia
 
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)Hack Into Drupal Sites (or, How to Secure Your Drupal Site)
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)nyccamp
 
Securing Apache Web Servers
Securing Apache Web ServersSecuring Apache Web Servers
Securing Apache Web Serverswebhostingguy
 
Introduction to MariaDb
Introduction to MariaDbIntroduction to MariaDb
Introduction to MariaDbBehzadDara
 
1 hadoop security_in_details_hadoop_summit2010
1 hadoop security_in_details_hadoop_summit20101 hadoop security_in_details_hadoop_summit2010
1 hadoop security_in_details_hadoop_summit2010Hadoop User Group
 
Java Web Programming [9/9] : Web Application Security
Java Web Programming [9/9] : Web Application SecurityJava Web Programming [9/9] : Web Application Security
Java Web Programming [9/9] : Web Application SecurityIMC Institute
 
Is Drupal secure?
Is Drupal secure?Is Drupal secure?
Is Drupal secure?Four Kitchens
 
Drupal security
Drupal securityDrupal security
Drupal securityTechday7
 
Security and performance designs for client-server communications
Security and performance designs for client-server communicationsSecurity and performance designs for client-server communications
Security and performance designs for client-server communicationsWO Community
 
CRESTCon Asia 2018 - Config Password Encryption Gone Wrong
CRESTCon Asia 2018 - Config Password Encryption Gone WrongCRESTCon Asia 2018 - Config Password Encryption Gone Wrong
CRESTCon Asia 2018 - Config Password Encryption Gone WrongKeith Lee
 
Role based access control
Role based access controlRole based access control
Role based access controlPeter Edwards
 
Apache Cookbook - TekX Chicago 2010
Apache Cookbook - TekX Chicago 2010Apache Cookbook - TekX Chicago 2010
Apache Cookbook - TekX Chicago 2010Rich Bowen
 
Web application security (eng)
Web application security (eng)Web application security (eng)
Web application security (eng)Anatoliy Okhotnikov
 
Html5 Application Security
Html5 Application SecurityHtml5 Application Security
Html5 Application Securitychuckbt
 
Apache2 BootCamp : Using Apache to Serve Static Content
Apache2 BootCamp : Using Apache to Serve Static ContentApache2 BootCamp : Using Apache to Serve Static Content
Apache2 BootCamp : Using Apache to Serve Static ContentWildan Maulana
 
Apache2 BootCamp : Logging and Monitoring
Apache2 BootCamp : Logging and MonitoringApache2 BootCamp : Logging and Monitoring
Apache2 BootCamp : Logging and MonitoringWildan Maulana
 
Apache2 BootCamp : Getting Started With Apache
Apache2 BootCamp : Getting Started With ApacheApache2 BootCamp : Getting Started With Apache
Apache2 BootCamp : Getting Started With ApacheWildan Maulana
 
How to installation and configure apache2
How to installation and configure apache2How to installation and configure apache2
How to installation and configure apache2VCP Muthukrishna
 
Apache2 BootCamp : Overview
Apache2 BootCamp : OverviewApache2 BootCamp : Overview
Apache2 BootCamp : OverviewWildan Maulana
 
Makefile Generation From Autotools
Makefile Generation From AutotoolsMakefile Generation From Autotools
Makefile Generation From AutotoolsWaqqas Jabbar
 
Using Nagios with Chef
Using Nagios with ChefUsing Nagios with Chef
Using Nagios with ChefBryan McLellan
 

More Related Content

What's hot

Drupal and Security: What You Need to Know
Drupal and Security: What You Need to KnowDrupal and Security: What You Need to Know
Drupal and Security: What You Need to KnowAcquia
 
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)Hack Into Drupal Sites (or, How to Secure Your Drupal Site)
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)nyccamp
 
Securing Apache Web Servers
Securing Apache Web ServersSecuring Apache Web Servers
Securing Apache Web Serverswebhostingguy
 
Introduction to MariaDb
Introduction to MariaDbIntroduction to MariaDb
Introduction to MariaDbBehzadDara
 
1 hadoop security_in_details_hadoop_summit2010
1 hadoop security_in_details_hadoop_summit20101 hadoop security_in_details_hadoop_summit2010
1 hadoop security_in_details_hadoop_summit2010Hadoop User Group
 
Java Web Programming [9/9] : Web Application Security
Java Web Programming [9/9] : Web Application SecurityJava Web Programming [9/9] : Web Application Security
Java Web Programming [9/9] : Web Application SecurityIMC Institute
 
Drupal security
Drupal securityDrupal security
Drupal securityTechday7
 
Security and performance designs for client-server communications
Security and performance designs for client-server communicationsSecurity and performance designs for client-server communications
Security and performance designs for client-server communicationsWO Community
 
CRESTCon Asia 2018 - Config Password Encryption Gone Wrong
CRESTCon Asia 2018 - Config Password Encryption Gone WrongCRESTCon Asia 2018 - Config Password Encryption Gone Wrong
CRESTCon Asia 2018 - Config Password Encryption Gone WrongKeith Lee
 
Role based access control
Role based access controlRole based access control
Role based access controlPeter Edwards
 
Apache Cookbook - TekX Chicago 2010
Apache Cookbook - TekX Chicago 2010Apache Cookbook - TekX Chicago 2010
Apache Cookbook - TekX Chicago 2010Rich Bowen
 
Html5 Application Security
Html5 Application SecurityHtml5 Application Security
Html5 Application Securitychuckbt
 

What's hot (15)

Drupal Security Hardening
Drupal Security HardeningDrupal Security Hardening
Drupal Security Hardening
 
Drupal and Security: What You Need to Know
Drupal and Security: What You Need to KnowDrupal and Security: What You Need to Know
Drupal and Security: What You Need to Know
 
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)Hack Into Drupal Sites (or, How to Secure Your Drupal Site)
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)
 
Securing Apache Web Servers
Securing Apache Web ServersSecuring Apache Web Servers
Securing Apache Web Servers
 
Introduction to MariaDb
Introduction to MariaDbIntroduction to MariaDb
Introduction to MariaDb
 
1 hadoop security_in_details_hadoop_summit2010
1 hadoop security_in_details_hadoop_summit20101 hadoop security_in_details_hadoop_summit2010
1 hadoop security_in_details_hadoop_summit2010
 
Java Web Programming [9/9] : Web Application Security
Java Web Programming [9/9] : Web Application SecurityJava Web Programming [9/9] : Web Application Security
Java Web Programming [9/9] : Web Application Security
 
Is Drupal secure?
Is Drupal secure?Is Drupal secure?
Is Drupal secure?
 
Drupal security
Drupal securityDrupal security
Drupal security
 
Security and performance designs for client-server communications
Security and performance designs for client-server communicationsSecurity and performance designs for client-server communications
Security and performance designs for client-server communications
 
CRESTCon Asia 2018 - Config Password Encryption Gone Wrong
CRESTCon Asia 2018 - Config Password Encryption Gone WrongCRESTCon Asia 2018 - Config Password Encryption Gone Wrong
CRESTCon Asia 2018 - Config Password Encryption Gone Wrong
 
Role based access control
Role based access controlRole based access control
Role based access control
 
Apache Cookbook - TekX Chicago 2010
Apache Cookbook - TekX Chicago 2010Apache Cookbook - TekX Chicago 2010
Apache Cookbook - TekX Chicago 2010
 
Web application security (eng)
Web application security (eng)Web application security (eng)
Web application security (eng)
 
Html5 Application Security
Html5 Application SecurityHtml5 Application Security
Html5 Application Security
 

Viewers also liked

Apache2 BootCamp : Using Apache to Serve Static Content
Apache2 BootCamp : Using Apache to Serve Static ContentApache2 BootCamp : Using Apache to Serve Static Content
Apache2 BootCamp : Using Apache to Serve Static ContentWildan Maulana
 
Apache2 BootCamp : Logging and Monitoring
Apache2 BootCamp : Logging and MonitoringApache2 BootCamp : Logging and Monitoring
Apache2 BootCamp : Logging and MonitoringWildan Maulana
 
Apache2 BootCamp : Getting Started With Apache
Apache2 BootCamp : Getting Started With ApacheApache2 BootCamp : Getting Started With Apache
Apache2 BootCamp : Getting Started With ApacheWildan Maulana
 
How to installation and configure apache2
How to installation and configure apache2How to installation and configure apache2
How to installation and configure apache2VCP Muthukrishna
 
Apache2 BootCamp : Overview
Apache2 BootCamp : OverviewApache2 BootCamp : Overview
Apache2 BootCamp : OverviewWildan Maulana
 
Makefile Generation From Autotools
Makefile Generation From AutotoolsMakefile Generation From Autotools
Makefile Generation From AutotoolsWaqqas Jabbar
 
Using Nagios with Chef
Using Nagios with ChefUsing Nagios with Chef
Using Nagios with ChefBryan McLellan
 

Viewers also liked (7)

Apache2 BootCamp : Using Apache to Serve Static Content
Apache2 BootCamp : Using Apache to Serve Static ContentApache2 BootCamp : Using Apache to Serve Static Content
Apache2 BootCamp : Using Apache to Serve Static Content
 
Apache2 BootCamp : Logging and Monitoring
Apache2 BootCamp : Logging and MonitoringApache2 BootCamp : Logging and Monitoring
Apache2 BootCamp : Logging and Monitoring
 
Apache2 BootCamp : Getting Started With Apache
Apache2 BootCamp : Getting Started With ApacheApache2 BootCamp : Getting Started With Apache
Apache2 BootCamp : Getting Started With Apache
 
How to installation and configure apache2
How to installation and configure apache2How to installation and configure apache2
How to installation and configure apache2
 
Apache2 BootCamp : Overview
Apache2 BootCamp : OverviewApache2 BootCamp : Overview
Apache2 BootCamp : Overview
 
Makefile Generation From Autotools
Makefile Generation From AutotoolsMakefile Generation From Autotools
Makefile Generation From Autotools
 
Using Nagios with Chef
Using Nagios with ChefUsing Nagios with Chef
Using Nagios with Chef
 

Similar to Apache2 BootCamp : Restricting Access

Apache server configuration & optimization
Apache server configuration & optimizationApache server configuration & optimization
Apache server configuration & optimizationGokul Muralidharan
 
Apache Server Tutorial
Apache Server TutorialApache Server Tutorial
Apache Server TutorialJagat Kothari
 
Lesson 9. The Apache Web Server
Lesson 9. The Apache Web ServerLesson 9. The Apache Web Server
Lesson 9. The Apache Web Serverwebhostingguy
 
Setting Up Security on Apache
Setting Up Security on ApacheSetting Up Security on Apache
Setting Up Security on Apacheelliando dias
 
Version Control With CVS
Version Control With CVSVersion Control With CVS
Version Control With CVSRajesh Kumar
 
ProxySQL Tutorial - PLAM 2016
ProxySQL Tutorial - PLAM 2016ProxySQL Tutorial - PLAM 2016
ProxySQL Tutorial - PLAM 2016Derek Downey
 
Utosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptUtosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptwebhostingguy
 
Utosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptUtosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptwebhostingguy
 
Utosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptUtosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptwebhostingguy
 
Apache Presentation
Apache PresentationApache Presentation
Apache PresentationAnkush Jain
 
Hive contributors meetup apache sentry
Hive contributors meetup apache sentryHive contributors meetup apache sentry
Hive contributors meetup apache sentryBrock Noland
 
apresentacao_apache2..
apresentacao_apache2..apresentacao_apache2..
apresentacao_apache2..webhostingguy
 
apresentacao_apache2..
apresentacao_apache2..apresentacao_apache2..
apresentacao_apache2..webhostingguy
 

Similar to Apache2 BootCamp : Restricting Access (20)

Apache Web Server Setup 4
Apache Web Server Setup 4Apache Web Server Setup 4
Apache Web Server Setup 4
 
Apache server configuration & optimization
Apache server configuration & optimizationApache server configuration & optimization
Apache server configuration & optimization
 
Squid
SquidSquid
Squid
 
Apache Server Tutorial
Apache Server TutorialApache Server Tutorial
Apache Server Tutorial
 
Lesson 9. The Apache Web Server
Lesson 9. The Apache Web ServerLesson 9. The Apache Web Server
Lesson 9. The Apache Web Server
 
Introduction to Flow3
Introduction to Flow3Introduction to Flow3
Introduction to Flow3
 
Setting Up Security on Apache
Setting Up Security on ApacheSetting Up Security on Apache
Setting Up Security on Apache
 
Version Control With CVS
Version Control With CVSVersion Control With CVS
Version Control With CVS
 
ProxySQL Tutorial - PLAM 2016
ProxySQL Tutorial - PLAM 2016ProxySQL Tutorial - PLAM 2016
ProxySQL Tutorial - PLAM 2016
 
Apache
ApacheApache
Apache
 
Presentation (PPT)
Presentation (PPT)Presentation (PPT)
Presentation (PPT)
 
Utosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptUtosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.ppt
 
Utosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptUtosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.ppt
 
Utosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptUtosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.ppt
 
Apache Presentation
Apache PresentationApache Presentation
Apache Presentation
 
Hive contributors meetup apache sentry
Hive contributors meetup apache sentryHive contributors meetup apache sentry
Hive contributors meetup apache sentry
 
apresentacao_apache2..
apresentacao_apache2..apresentacao_apache2..
apresentacao_apache2..
 
apresentacao_apache2..
apresentacao_apache2..apresentacao_apache2..
apresentacao_apache2..
 
Durkee apache 2009_v7
Durkee apache 2009_v7Durkee apache 2009_v7
Durkee apache 2009_v7
 
Hadoop security
Hadoop securityHadoop security
Hadoop security
 

More from Wildan Maulana

Hasil Pendataan Potensi Desa 2018
Hasil Pendataan Potensi Desa 2018Hasil Pendataan Potensi Desa 2018
Hasil Pendataan Potensi Desa 2018Wildan Maulana
 
Double for Nothing? Experimental Evidence on an Unconditional TeacherSalary I...
Double for Nothing? Experimental Evidence on an Unconditional TeacherSalary I...Double for Nothing? Experimental Evidence on an Unconditional TeacherSalary I...
Double for Nothing? Experimental Evidence on an Unconditional TeacherSalary I...Wildan Maulana
 
Ketahanan Pangan #1 : Gerakan Sekolah Menanam Melon
Ketahanan Pangan #1 : Gerakan Sekolah Menanam MelonKetahanan Pangan #1 : Gerakan Sekolah Menanam Melon
Ketahanan Pangan #1 : Gerakan Sekolah Menanam MelonWildan Maulana
 
Pengembangan OpenThink SAS 2013-2014
Pengembangan OpenThink SAS 2013-2014Pengembangan OpenThink SAS 2013-2014
Pengembangan OpenThink SAS 2013-2014Wildan Maulana
 
ICA – AtoM : Retensi Arsip
ICA – AtoM : Retensi ArsipICA – AtoM : Retensi Arsip
ICA – AtoM : Retensi ArsipWildan Maulana
 
OpenThink Labs Workshop : Ketahanan Pangan Skala RT/RW
OpenThink Labs Workshop : Ketahanan Pangan Skala RT/RWOpenThink Labs Workshop : Ketahanan Pangan Skala RT/RW
OpenThink Labs Workshop : Ketahanan Pangan Skala RT/RWWildan Maulana
 
OpenThink Labs : Dengar Pendapat Komunitas ciliwung dengan kemen pu dan kemen...
OpenThink Labs : Dengar Pendapat Komunitas ciliwung dengan kemen pu dan kemen...OpenThink Labs : Dengar Pendapat Komunitas ciliwung dengan kemen pu dan kemen...
OpenThink Labs : Dengar Pendapat Komunitas ciliwung dengan kemen pu dan kemen...Wildan Maulana
 
PostgreSQL BootCamp : Manajemen Master Data dengan SkyTools
PostgreSQL BootCamp : Manajemen Master Data dengan SkyToolsPostgreSQL BootCamp : Manajemen Master Data dengan SkyTools
PostgreSQL BootCamp : Manajemen Master Data dengan SkyToolsWildan Maulana
 
Mensetup Google Apps sebagai IdP jenis openID dan Aplikasi Berbasis CakePHP ...
Mensetup Google Apps sebagai IdP jenis openID dan Aplikasi Berbasis CakePHP ...Mensetup Google Apps sebagai IdP jenis openID dan Aplikasi Berbasis CakePHP ...
Mensetup Google Apps sebagai IdP jenis openID dan Aplikasi Berbasis CakePHP ...Wildan Maulana
 
Mensetup Google Apps sebagai IdP jenis openID dan Wordpress sebagai Sp
Mensetup Google Apps sebagai IdP jenis openID dan Wordpress sebagai SpMensetup Google Apps sebagai IdP jenis openID dan Wordpress sebagai Sp
Mensetup Google Apps sebagai IdP jenis openID dan Wordpress sebagai SpWildan Maulana
 
Konfigurasi simpleSAMLphp dengan Google Apps Sebagai Identity Provider
Konfigurasi simpleSAMLphp dengan Google Apps Sebagai Identity ProviderKonfigurasi simpleSAMLphp dengan Google Apps Sebagai Identity Provider
Konfigurasi simpleSAMLphp dengan Google Apps Sebagai Identity ProviderWildan Maulana
 
Instalasi simpleSAMLphp sebagai Identity Provider (IdP)
Instalasi simpleSAMLphp sebagai Identity Provider (IdP)Instalasi simpleSAMLphp sebagai Identity Provider (IdP)
Instalasi simpleSAMLphp sebagai Identity Provider (IdP)Wildan Maulana
 
Instalasi dan Konfigurasi simpleSAMLphp
Instalasi dan Konfigurasi simpleSAMLphpInstalasi dan Konfigurasi simpleSAMLphp
Instalasi dan Konfigurasi simpleSAMLphpWildan Maulana
 
River Restoration in Asia and Connection Between IWRM and River Restoration
River Restoration in Asia and Connection Between IWRM and River RestorationRiver Restoration in Asia and Connection Between IWRM and River Restoration
River Restoration in Asia and Connection Between IWRM and River RestorationWildan Maulana
 
Optimasi Limpasan Air Limbah Ke Kali Surabaya (Segmen Sepanjang – Jagir) De...
Optimasi Limpasan Air Limbah Ke Kali Surabaya (Segmen Sepanjang – Jagir) De...Optimasi Limpasan Air Limbah Ke Kali Surabaya (Segmen Sepanjang – Jagir) De...
Optimasi Limpasan Air Limbah Ke Kali Surabaya (Segmen Sepanjang – Jagir) De...Wildan Maulana
 
Penilaian Siswa di Finlandia - Pendidikan Dasar
Penilaian Siswa di Finlandia - Pendidikan DasarPenilaian Siswa di Finlandia - Pendidikan Dasar
Penilaian Siswa di Finlandia - Pendidikan DasarWildan Maulana
 
Proyek Al-'Alaq : Electric Bicycles ; History, Characteristics, and Uses
Proyek Al-'Alaq : Electric Bicycles ; History, Characteristics, and UsesProyek Al-'Alaq : Electric Bicycles ; History, Characteristics, and Uses
Proyek Al-'Alaq : Electric Bicycles ; History, Characteristics, and UsesWildan Maulana
 
OpenThink SAS : Interaksi Antara Sekolah, Wali Kelas, Siswa dan Orang Tua
OpenThink SAS : Interaksi Antara Sekolah, Wali Kelas, Siswa dan Orang TuaOpenThink SAS : Interaksi Antara Sekolah, Wali Kelas, Siswa dan Orang Tua
OpenThink SAS : Interaksi Antara Sekolah, Wali Kelas, Siswa dan Orang TuaWildan Maulana
 
Menggunakan AlisJK : Equating
Menggunakan AlisJK : EquatingMenggunakan AlisJK : Equating
Menggunakan AlisJK : EquatingWildan Maulana
 

More from Wildan Maulana (20)

Hasil Pendataan Potensi Desa 2018
Hasil Pendataan Potensi Desa 2018Hasil Pendataan Potensi Desa 2018
Hasil Pendataan Potensi Desa 2018
 
Double for Nothing? Experimental Evidence on an Unconditional TeacherSalary I...
Double for Nothing? Experimental Evidence on an Unconditional TeacherSalary I...Double for Nothing? Experimental Evidence on an Unconditional TeacherSalary I...
Double for Nothing? Experimental Evidence on an Unconditional TeacherSalary I...
 
Ketahanan Pangan #1 : Gerakan Sekolah Menanam Melon
Ketahanan Pangan #1 : Gerakan Sekolah Menanam MelonKetahanan Pangan #1 : Gerakan Sekolah Menanam Melon
Ketahanan Pangan #1 : Gerakan Sekolah Menanam Melon
 
Pengembangan OpenThink SAS 2013-2014
Pengembangan OpenThink SAS 2013-2014Pengembangan OpenThink SAS 2013-2014
Pengembangan OpenThink SAS 2013-2014
 
ICA – AtoM : Retensi Arsip
ICA – AtoM : Retensi ArsipICA – AtoM : Retensi Arsip
ICA – AtoM : Retensi Arsip
 
OpenThink Labs Workshop : Ketahanan Pangan Skala RT/RW
OpenThink Labs Workshop : Ketahanan Pangan Skala RT/RWOpenThink Labs Workshop : Ketahanan Pangan Skala RT/RW
OpenThink Labs Workshop : Ketahanan Pangan Skala RT/RW
 
OpenThink Labs : Dengar Pendapat Komunitas ciliwung dengan kemen pu dan kemen...
OpenThink Labs : Dengar Pendapat Komunitas ciliwung dengan kemen pu dan kemen...OpenThink Labs : Dengar Pendapat Komunitas ciliwung dengan kemen pu dan kemen...
OpenThink Labs : Dengar Pendapat Komunitas ciliwung dengan kemen pu dan kemen...
 
PostgreSQL BootCamp : Manajemen Master Data dengan SkyTools
PostgreSQL BootCamp : Manajemen Master Data dengan SkyToolsPostgreSQL BootCamp : Manajemen Master Data dengan SkyTools
PostgreSQL BootCamp : Manajemen Master Data dengan SkyTools
 
Mensetup Google Apps sebagai IdP jenis openID dan Aplikasi Berbasis CakePHP ...
Mensetup Google Apps sebagai IdP jenis openID dan Aplikasi Berbasis CakePHP ...Mensetup Google Apps sebagai IdP jenis openID dan Aplikasi Berbasis CakePHP ...
Mensetup Google Apps sebagai IdP jenis openID dan Aplikasi Berbasis CakePHP ...
 
Mensetup Google Apps sebagai IdP jenis openID dan Wordpress sebagai Sp
Mensetup Google Apps sebagai IdP jenis openID dan Wordpress sebagai SpMensetup Google Apps sebagai IdP jenis openID dan Wordpress sebagai Sp
Mensetup Google Apps sebagai IdP jenis openID dan Wordpress sebagai Sp
 
Konfigurasi simpleSAMLphp dengan Google Apps Sebagai Identity Provider
Konfigurasi simpleSAMLphp dengan Google Apps Sebagai Identity ProviderKonfigurasi simpleSAMLphp dengan Google Apps Sebagai Identity Provider
Konfigurasi simpleSAMLphp dengan Google Apps Sebagai Identity Provider
 
Instalasi simpleSAMLphp sebagai Identity Provider (IdP)
Instalasi simpleSAMLphp sebagai Identity Provider (IdP)Instalasi simpleSAMLphp sebagai Identity Provider (IdP)
Instalasi simpleSAMLphp sebagai Identity Provider (IdP)
 
Instalasi dan Konfigurasi simpleSAMLphp
Instalasi dan Konfigurasi simpleSAMLphpInstalasi dan Konfigurasi simpleSAMLphp
Instalasi dan Konfigurasi simpleSAMLphp
 
River Restoration in Asia and Connection Between IWRM and River Restoration
River Restoration in Asia and Connection Between IWRM and River RestorationRiver Restoration in Asia and Connection Between IWRM and River Restoration
River Restoration in Asia and Connection Between IWRM and River Restoration
 
Optimasi Limpasan Air Limbah Ke Kali Surabaya (Segmen Sepanjang – Jagir) De...
Optimasi Limpasan Air Limbah Ke Kali Surabaya (Segmen Sepanjang – Jagir) De...Optimasi Limpasan Air Limbah Ke Kali Surabaya (Segmen Sepanjang – Jagir) De...
Optimasi Limpasan Air Limbah Ke Kali Surabaya (Segmen Sepanjang – Jagir) De...
 
Penilaian Siswa di Finlandia - Pendidikan Dasar
Penilaian Siswa di Finlandia - Pendidikan DasarPenilaian Siswa di Finlandia - Pendidikan Dasar
Penilaian Siswa di Finlandia - Pendidikan Dasar
 
Statistik Listrik
Statistik ListrikStatistik Listrik
Statistik Listrik
 
Proyek Al-'Alaq : Electric Bicycles ; History, Characteristics, and Uses
Proyek Al-'Alaq : Electric Bicycles ; History, Characteristics, and UsesProyek Al-'Alaq : Electric Bicycles ; History, Characteristics, and Uses
Proyek Al-'Alaq : Electric Bicycles ; History, Characteristics, and Uses
 
OpenThink SAS : Interaksi Antara Sekolah, Wali Kelas, Siswa dan Orang Tua
OpenThink SAS : Interaksi Antara Sekolah, Wali Kelas, Siswa dan Orang TuaOpenThink SAS : Interaksi Antara Sekolah, Wali Kelas, Siswa dan Orang Tua
OpenThink SAS : Interaksi Antara Sekolah, Wali Kelas, Siswa dan Orang Tua
 
Menggunakan AlisJK : Equating
Menggunakan AlisJK : EquatingMenggunakan AlisJK : Equating
Menggunakan AlisJK : Equating
 

Recently uploaded

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Apache2 BootCamp : Restricting Access

  • 1. #7 Day #2 Restricting Access Wildan Maulana wildan.m@openthinklabs.com http://workshop.openthinklabs.com
  • 2. Overview ● How to restrict access based on the user, client IP address, domain name, and browser version ● How to enable and configure Apache authentication modules ● How to use the user management tools provided with Apache
  • 3. Authentication ● Authentication : establishes the identity of parties in a communication ● Authentication in the Context of the Web : – Use of passwords – Use of certificates ● Authorization : deals with protecting access to resources, we can authorize based on : ● IP address the user is coming from ● The user’s browser ● The content ● The user is trying to access ● Who the user is
  • 4. Client Authentication ● The HTTP specification provides two authentication mechanisms: basic and digest The username and password are transmitted in clear text The username and password are transmitted in digest
  • 5. Client Authentication User Management File-based Database-based authentication mechanisms authentication mechanisms Supported in Apache Bundles Supported in Third-party modules LDAP (Lightweight Directory Access Protocol) NIS (Network Information Services)
  • 6. Apache Authentication Modules Authentication modules bundled with Apache mod_auth mod_auth_dbm mod_auth_digest mod_auth_anon
  • 7. Apache Authentication Modules Common Functionality Apache provides three built-in directives related to authentication that will be used with any of the authentication modules AuthName AuthType Require Example Require user joe bob Require group employee contractor Require valid-user
  • 8. Apache Authentication Modules Module Functionality Backend storage User management Authoritative information Provide text or database files containing the username and groups information Supply tools for creating and managing users and groups in the backend storage Specify whether the results of the module are authoritative
  • 9. File-Based Authentication mod_auth Provides basic authentication via text files containing usernames and passwords, similar to how traditional Unix authentication works with the /etc/passwd and /etc/groups files.
  • 10. File-Based Authentication Backend Storage Directives AuthUserFile Take a path argument, pointing to the users file AuthGroupFile Take a path argument, pointing to the users file /etc/apache.passwords Examples /etc/apache.groups Examples admin:iFrlxqg0Q6RQ6 web: admin umar abdul aziz
  • 11. File-Based Authentication User Management htpasswd -c file userid htpasswd -c /usr/local/apache2/conf/htusers admin Don't use -c options if you want to add users to an existing password file
  • 12. File-Based Authentication Authoritative Directive AuthAuthoritative on|off
  • 13. File-Based Authentication Using mod_auth <directory /usr/local/apache2/htdocs/private> AuthType Basic AuthName “Private Area” AuthUserFile /usr/local/apache2/conf/htusers AuthAuthoritative on Require valid-user </directory>
  • 14. Database File-Based Access Control mod_auth_dbm More scalable and faster with because of indexed database files
  • 15. Database File-Based Access Control Backend Storage mod_auth_dbm modules AuthDBMUserFile Directives AuthDBMGroupFile
  • 16. Database File-Based Access Control User Management On Windows On Unix If you are using ActiveState Perl, start the Perl package manager and type install Crypt-PasswdMD5 ./dbmmanage dbfile adduser userid perl ./dbmmanage.pl dbfile adduser userid htdbm Examples dbmmanage /usr/local/apache2/conf/dbmusers adduser daniel employee,engineering dbmmanage dbfile delete daniel
  • 17. Database File-Based Access Control Authoritative AuthDBMAuthoritative on|off
  • 18. Database File-Based Access Control Using mod_auth_dbm <directory /home/*/public_html> AuthType Basic AuthName “Private Area” AuthDBMUserFile /usr/local/apache2/conf/dbmusers AuthDBMGroupFile /usr/local/apache2/conf/dbmusers AuthDBMAuthoritative on Require group student faculty </directory>
  • 19. Digest-Based Authentication mod_auth_digest
  • 20. Digest-Based Authentication Backend Storage mod_auth_digest modules Directives AuthDigestFile AuthDigestGroupFile
  • 21. Digest-Based Authentication User Management On Windows On Unix htdigest.exe htdigest
  • 22. Digest-Based Authentication User Management AuthDigestAuthoritative on|off
  • 23. Digest-Based Authentication Additional Directives AuthDigestDomain Takes a list of URLs that share the same realm and username password protection
  • 24. Digest-Based Authentication Using mod_auth_digest <Location /private> AuthType Digest AuthName “Private Area” AuthDigestFile /usr/local/apache2/conf/digestusers AuthDigestDomain /private /private2 /private3 AuthDigestAuthoritative on Require valid-user </Location>
  • 26. Access Control ● Access Rules ● IP Addresses – A Partial IP Address – A Network/Mask Pair ● Domain Name ● Environment Variables ● All Clients
  • 27. Access Rules IP Addresses IP Addresses Allow from 10.0.0.1 10.0.0.2 10.0.0.3 A Partial IP Address Allow from 10.0.0.0/255.255.255.0 Deny from 10.0 Allow from 10.0.0.0/24 A Network/Mask Pair
  • 28. Access Rules Domain Name Allow from example.com Enabling access rules based on domain names will force Apache to do a reverse DNS lookup on the client address, bypassing the settings of the HostNameLookups directive
  • 29. Access Rules Environment Variables BrowserMatch MSIE iexplorer Deny from env=iexplorer
  • 30. Access Rules All Clients Allow from all Deny from all
  • 31. Access Rules Evaluation Deny,Allow <location /private> Order Deny,Allow Allow from 10.0.0.0/255.255.255.0 example.com Deny from all </location> Allow,Deny <location /some/location/> Order Allow,Deny Allow from all Deny from host.example.com </location>
  • 32. Combining Access Methods <Location /restricted> Allow from 10.0.0.0/255.255.255.0 AuthType Basic AuthName “Intranet” AuthUserFile /usr/local/apache2/conf/htusers AuthAuthoritative on Require valid-user Satisfy any </Location>
  • 33. Limiting Access Based on HTTP Methods HTTP Methods : GET,POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, and UNLOCK. <Directory /home/*/public_html> AllowOverride FileInfo AuthConfig Limit Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec <Limit GET POST OPTIONS PROPFIND> Order allow,deny Allow from all </Limit> <LimitExcept GET POST OPTIONS PROPFIND> Order deny,allow Deny from all </LimitExcept> </Directory>
  • 35. Reference ● Daniel Lopez Ridruezo; SAMS Teach Yourself Apache2 in 24 Hours, SAMS Publishing, 2002 (Buy this book on Amazon)