Podstrony

• Index
• PHP and MySQL MySQL Bible
• McGraw.Hill,.Digital.Animation.Bible.Creating.Professional.Animation.with.3ds.Max.Lightwave.and.Maya.(2004).LiB
• [eBook] DirectX 3D Graphics Programming Bible
• Microsoft Office Excel 2003 Bible
• Ebook Windows XP Bible
• Windows XP Bible (2)
• Dreamweaver MX Bible
• Wasiliadis Mikołaj Tajemnica Âśmierci
• Hayden Torey L Dziecko
• Henryk Sienkiewicz Potop tom 3
• zanotowane.pl
• doc.pisz.pl
• pdf.pisz.pl
• kudrzwi.xlx.pl

[ Pobierz całość w formacie PDF ]
.members && chmod 750/www/secrets/.memberscommands to ensure that only httpd user (andgroup) can read this file.6.Restart the Apache server using the /usr/local/apache/bin/apachectlrestart command.7.Now, use http://your_server_name/memberonly/to access the member-only section; you should be prompted for a username and password.Youshould see the value of the AuthName( Member-Only Access ) in the dis-played dialog box.8.Enter an invalid username and password and you should see a rejectionmessage.9.Finally, try and access the site again and then enter a valid username andpassword as created by the htpasswdutility.You should have access to therestricted section.NoteIf you are using the default common log format to log access, you can see logged-in usernames in your log files.Creating a members-only section usinga.htaccess fileFor organizations such as Internet Service Providers (ISPs) and large companieswith many departments running virtual Web sites on the same Web server, addingmember-only configuration in httpd.conf(which was discussed in the last sec-tion) may not be a manageable solution, because you will have to add or removeconfigurations as quickly as various users (in case of an ISP setup) request suchchanges.By using a.htaccess-based authentication, however, you can allow auser or department to create as many member-only sections as they want withoutyour involvement  a blessing for a busy system administrator.To use.htaccess-based authentication for member-only authentication, followthese steps.1.Add the following directive in your httpd.conffile:AccessFileName.htaccessNoteIf you wish to enable the.htaccess-based authentication only for a virtual host,add this directive within the appropriate container.2.Change the following default configuration:Options FollowSymLinksAllowOverride Noneto:e4821-2 ch07.F 2/22/02 10:12 AM Page 188Part II &' Web Site Administration188Options FollowSymLinksAllowOverride AuthConfigThis enables use of the authorization directives (AuthDBMGroupFile,AuthDBMUserFile, AuthGroupFile, AuthName, AuthType, AuthUserFile,Require, and so on) in an.htaccessfile.3.Restart the Apache server using /usr/local/apache/bin/apachectlrestartcommand.4.Now you can create an.htaccessfile in any Web accessible directory andcontrol access to it.You need to have these directives in the.htaccessfile:AuthName  Enter Appropriate Label HereAuthType BasicAuthUserFile path_to_user_password_fileRequire valid-userFor example, say you have a directory called /www/mysite/htdocs/asbandwant to restrict access to this directory to users listed in/www/mysite/secrets/users.pwd.To do so, you would use the followingconfiguration:AuthName  ASB Member Only AccessAuthType BasicAuthUserFile /www/mysite/secrets/users.pwdRequire valid-userNoteMake sure that the.htaccessfile is readable only by the Apache user (set usingUser directive).For example, if you run Apache as httpd, then you would runchown httpd:httpd.htaccess && chmod 750.htaccesscommands fromthe directory where you keep the file.Also note that creation or modification of an.htaccess file does not require restarting Apache server, so you can try out therestricted section of your Web site to determine whether the authentication pro-cess is working properly.Grouping users for restricted access todifferent Web sectionsIf you different users need access to different parts of your Web site, you have sev-eral choices.Instead of just requiring a valid-user configuration, which opens up therestricted section for all valid users, you can use specific usernames.For example:AuthName  Members OnlyAuthType BasicAuthUserFile /www/mysite/secrets/.users.pwdrequire cgodsave jolsone4821-2 ch07.F 2/22/02 10:12 AM Page 189Chapter 7 &' Authenticating and Authorizing Web Site Visitors189AuthName  Members OnlyAuthType BasicAuthUserFile /www/mysite/secrets/.users.pwdrequire esmith jkirkHere only cgodsaveand jolsonhave access to the /financialsection and esmithand jkirkhave access to /salessection.However, naming all users in the configu-ration is a cumbersome and often unmanageable undertaking.One approach is tocreate either separate password files, which would make the above configurationsegments look as follows:AuthName  Members OnlyAuthType BasicAuthUserFile /www/mysite/secrets/.financial-team.pwdrequire valid-userAuthName  Members OnlyAuthType BasicAuthUserFile /www/mysite/secrets/.sales-team.pwdrequire valid-userNow, add only the users who should be added to /www/mysite/secrets/.financial-team.pwd, in this case, cgodsaveand jolson, and add only the userswho should be added to /www/mysite/secrets/.sales-team.pwd, in this case,esmithand jkirk.However, if maintaining multiple password files is not appealing to you, there isanother approach.For example, take a look at the following configuration segments:AuthName  Members OnlyAuthType BasicAuthUserFile /www/mysite/secrets/.members.pwdAuthGroupFile /www/mysite/secrets/.groupsrequire group financialAuthName  Members OnlyAuthType BasicAuthUserFile /www/mysite/secrets/.members.pwdAuthGroupFile /www/mysite/secrets/.groupsrequire group salese4821-2 ch07.F 2/22/02 10:12 AM Page 190Part II &' Web Site Administration190Here the same password file.members.pwdis used for both locations but eachlocation uses a different group.The group file is common because a group file cancontain multiple groups.The group file /www/mysite/secrets/.groupsis a simpletext file, which for the above example looks like:financial: cgodsave jolsonsales: esmith jkirkNow, to add new users to a group does not require changing the httpd.conffile(or if you are using.htaccessfiles, the containers).You can simplyadd the user to the appropriate group in the group file after you have created theuser account using htpasswdcommand.Authorizing Access via Host Nameor IP AddressesIn this authorization scheme, the host name or the host s IP address controlsaccess.When a request is made for a certain resource, the Web server checkswhether the requesting host is allowed access to the resource and takes actionbased on its findings.The standard Apache distribution includes a module called mod_access, whichenables access control based on the Internet host name of a Web client.The hostname can be either a fully qualified domain name (FQDN), such as blackhole.mobidac.com, or an IP address, such as 192.168.1.100.The module provides thisaccess control support by using these Apache directives: allow, deny, order,allow from env=variable, and deny from env=variable [ Pobierz całość w formacie PDF ]