APACHE ACL (Access Control List)
APACHE ACL [ORDER, ALLOW, DENY]
It is used to FILTER/BLOCK
the Network (ACL).
REQUIREMENT
Access “first.com” only from 192.168.0.104.
<SERVER>
1) Go to configuration file, and add below lines in “Directory”
directive.
# vim /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.0.102:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /opt
ServerName first.com
DirectoryIndex index.php
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
<Directory /opt>
(Website DocumentRoot)
AuthUserFile /opt/private (Store Non-VLU as well as VLU details)
AuthType Basic
AuthName “MY FILES” (It’s
a Banner)
Require valid-user
order
deny,allow (This
work like IPTABLES)
allow
From 192.168.0.104
deny
From All
</Directory>
</VirtualHost>
2) # /etc/init.d/httpd reload
3) # htpasswd -c /opt/private adam
# htpasswd /opt/private will
(This command is used to create Non-VLU users to authenticate
website. “-c” option is used only first time.)
· <Directory> directive
is a DocumentRoot/File System Level control.
· AuthType(Encryption):
§ BASIC : Plain Text
§ DIGEST : MD5 encryption (Mostly Used)
§ LDAP
§ MYSQL
· AuthName: It is like a
Banner
· APACHE having 2 types of
users:
§ valid-user
§ virtual user (Both user should have Apache user DB)
· “Require” directive:
§ valid-user = VLU
§ virtual user = Non-VLU
· We can create virtual user
in Linux with “htpasswd” command.
<CLIENT>
1) Go to client whose IP is “192.168.0.104” and
access “first.com”
http://first.com (You will get the
webpage)
2) Go to client whose IP is other than “192.168.0.104” and
access “first.com”
http://first.com (This time you didn’t
get webpage of first.com but you got the Apache page.)
Comments
Post a Comment