In this case, we want to give access to our web server for those that supply the correct user name and password. First of all, we need to create the file that usernames and passwords will be restored.
Before, going into the details of how we can do that, there are a few points about this file. We should save it to the folder that are not accessible through our web folders (e.g. it should not be located in the C:\Apache\htdocs folder). The good place for that is the root directory of the Apache server (e.g. C:\Apache). Even if someone gets that file anyhow, since the passwords in that file is encrypted by MD5 algorithm (default in Windows system), he will not be able to get exact user name and password combination.
With these in mind, we have to run the utility that makes the files for user lists. This program is named htpassword and should be located in the bin directory under the installed Apache root (e.g. c:\Apache\bin\). By using console, we write the followings:
htpasswd -c ../users can
Here, "-c" is used for the first time in order to create the user file. and the "../users" describes the name of the file "users" and the location of it (by relative path, it means C:\Apache\ since right now we are in C:\Apache\bin\). "can" is the name of the user we specify.
Then the console prompts for the password for that user. We verify this password in the next step. If everything goes well, you will get "Adding password for user can" indicating that the operation is finished.
At the second part, we have to declare to Apache that we need basic authentication in accessing the web server. To do this, we open the Apache configuration file (located in C:\Apache\conf\httpd.conf). We find the lines that includes
Order allow,deny
Allow from all
Just after that, we include the following lines:
AuthName "restricted stuff"
AuthType Basic
AuthUserFile users
require user can
AuthName will appear at the top when the user name and password screen in web browser appears. And the AuthType is the method we use in this example. AuthUserFile is the file that user name and password is stored (here it is relative to the path C:\Apache\). Finally require user is used for the users that we want to give access to our web servers.
Here, there are a few remarks that might help you:
- You can give access for different directories to different users by using the directory directive.
- Notice that, you can add same description in your .htaccess files provided that the usage of the .htacces files allowed in your Apache configuration file (is given by the directive AllowOverride).
- If your server is not accessible outside your computer, check for your firewall settings. If you use Windows Firewall, you should give Apache the required access (This can be done by adding Apache to the programs listed in Special Cases in the Windows Firewall configuration file).
After restarting Apache server, you should be able to see effects of these changes when you access your web pages with your web browser. The password and user name screen should appear. After giving the correct combination, you should access your web pages. If this is not the case or there are some errors, the very first thing you should look is the Apache's error log file (located in C:\Apache\logs). Reviewing this will give you best clues of what went wrong. Please feel free to ask me questions by using comments in this blog.
Hiç yorum yok:
Yorum Gönder