Apache用户认证

Apache用户认证

本随笔中的用户认证为打开网站的用户认证,而非页面当中的用户认证。

某些页面用于管理或者指定访问,要配置用户认证来实现,主要目的为了增加网站的安全性。

主要分为两部分,针对整个网站目录进行认证和针对单个文件进行认证

针对整个网站目录的认证

1.修改httpd-vhosts.conf

cd /usr/local/apache2.4/conf/extra/
vim httpd-vhosts.conf  //增加Directory
<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot "/usr/local/apache2.4/docs/abc.com"
    ServerName abc.com
    ServerAlias www.abc.com www.aaa.com
    <Directory /usr/local/apache2.4/docs/abc.com> 
        AllowOverride AuthConfig
        AuthName "abc.com user auth"
        AuthType Basic
        AuthUserFile /usr/local/apache2.4/docs/.htpasswd
        require valid-user
    </Directory>
    ErrorLog "logs/abc.com-error_log"
    CustomLog "logs/abc.com-access_log" common
</VirtualHost>
/usr/local/apache2.4/bin/apachectl -t
/usr/local/apache2.4/bin/apachectl graceful

2.创建认证文件(创建用户名和密码)

/usr/local/apache2.4/bin/htpasswd -cm /usr/local/apache2.4/docs/.htpasswd lhy
输入密码
确认密码

3.测试配置内容

linux测试:

[root@antong abc.com]# curl -xlocalhost:80 abc.com -I
HTTP/1.1 401 Unauthorized      //发生报错,401错误
Date: Mon, 26 Jul 2021 03:59:19 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
WWW-Authenticate: Basic realm="abc.com user auth"
Content-Type: text/html; charset=iso-8859-1

[root@antong abc.com]# curl -xlocalhost:80 -u lhy:000000 abc.com -I //使用-u参数           
HTTP/1.1 200 OK
Date: Mon, 26 Jul 2021 04:01:42 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
Last-Modified: Mon, 26 Jul 2021 02:50:30 GMT
ETag: "8-5c7fdd0f640d5"
Accept-Ranges: bytes
Content-Length: 8
Content-Type: text/html

windows测试:

输入用户名和密码后成功访问。

针对单个文件的认证

修改httpd-vhosts.conf,将Directory修改为FilesMatch

<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot "/usr/local/apache2.4/docs/abc.com"
    ServerName abc.com
    ServerAlias www.abc.com www.aaa.com
    <FilesMatch admin.php>    //Directory变成了FilesMatch
        AllowOverride AuthConfig
        AuthName "123.com user auth"
        AuthType Basic
        AuthUserFile /usr/local/apache2.4/docs/.htpasswd
        require valid-user
    </FilesMatch>
    ErrorLog "logs/abc.com-error_log"
    CustomLog "logs/abc.com-access_log" common
</VirtualHost>
/usr/local/apache2.4/bin/apachectl -t
/usr/local/apache2.4/bin/apachectl graceful

由于是对admin.php限制的认证,所以需要创建admin.php文件以供测试

cd /usr/local/apache2.4/docs/abc.com/
vim admin.php
<?php
echo "abc.com --admin.php";
?>

进行测试:

[root@antong abc.com]# curl -xlocalhost:80 www.abc.com
abc.com

[root@antong abc.com]# curl -xlocalhost:80 abc.com/admin.php -I 
HTTP/1.1 401 Unauthorized           //状态码为401
Date: Mon, 26 Jul 2021 04:22:14 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
WWW-Authenticate: Basic realm="123.com user auth"
Content-Type: text/html; charset=iso-8859-1

[root@antong abc.com]# curl -xlocalhost:80 -u lhy:000000 abc.com/admin.php -I   
HTTP/1.1 200 OK                    //状态码从401变为200
Date: Mon, 26 Jul 2021 04:22:50 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8
posted @ 2021-07-26 12:25  殇黯瞳  阅读(131)  评论(0编辑  收藏  举报