httpd访问控制:用户授权—>官方指南:http://httpd.apache.org/docs/2.4/howto/auth.html
注1: http2.2/http2.4的访问控制,配置方式是通用的
注2:生成密码文件(-m:md5,默认选项): htpasswd [-c] [-b] [-m] /etc/httpd/http.users tom [-b的密码]
操作系统 | http版本 |
---|---|
centos6 | http2.2 |
centos7 | http2.4 |
#1,配置站点:
[root@c7 conf.d]# grep DocumentRoot /etc/httpd/conf/httpd.conf
# DocumentRoot: The directory out of which you will serve your
DocumentRoot "/var/www/html"
[root@c7 conf.d]# mkdir -p /var/www/html/admin/
[root@c7 conf.d]# echo "admin" >/var/www/html/admin/index.html
[root@c7 conf.d]# curl c7:80/admin/
admin
#2, 添加密码验证配置
#--------------添加用户名密码:数据文件/etc/httpd/http.users--------------
#tom:123
#jerry:456
#test:123456
[root@c7 ~]# htpasswd -c /etc/httpd/http.users tom
New password: #密码:123
Re-type new password:
Adding password for user tom
[root@c7 ~]# cat /etc/httpd/http.users
tom:$apr1$BYpkVDFf$w0vnrc8D0ecklq69NKciW1
[root@c7 ~]# htpasswd /etc/httpd/http.users jerry
New password: #密码:456
Re-type new password:
Adding password for user jerry
[root@c7 ~]# htpasswd -b /etc/httpd/http.users test 123456 #密码:123456
Adding password for user test
[root@c7 ~]# cat /etc/httpd/http.users
tom:$apr1$BYpkVDFf$w0vnrc8D0ecklq69NKciW1
jerry:$apr1$/kCjFP.P$haIHJ8c66US631W40Sw1A1
test:$apr1$3idpMzlY$HoASzcDTYnElVykDwoD84/
#--------------为站点添加密码验证: 基于用户名/密码--------------
[root@c7 conf.d]# pwd
/etc/httpd/conf.d
[root@c7 conf.d]# cat mypass.conf
<Directory /var/www/html/admin>
Options None
AllowOverride None
AuthType basic
AuthName " please input name/passwd:"
#基于username/passwd
AuthUserFile "/etc/httpd/http.users"
Require user tom jerry
#Require valid-user
#基于group
#AuthUserFile "/etc/httpd/http.users"
#AuthGroupFile "/etc/httpd/http.groups"
#Require group admins
</Directory>
#--------------测试密码验证是否生效--------------
[root@c7 conf.d]# curl -u tom:123 c7:80/admin/
admin
[root@c7 conf.d]# curl -u jerry:456 c7:80/admin/
admin
[root@c7 conf.d]# curl -u test:123456 c7:80/admin/
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
#--------------为站点添加密码验证: 基于组--------------
[root@c7 conf.d]# pwd
/etc/httpd/conf.d
[root@c7 conf.d]# cat /etc/httpd/http.users
tom:$apr1$BYpkVDFf$w0vnrc8D0ecklq69NKciW1
jerry:$apr1$/kCjFP.P$haIHJ8c66US631W40Sw1A1
test:$apr1$3idpMzlY$HoASzcDTYnElVykDwoD84/
[root@c7 conf.d]# cat /etc/httpd/http.groups
admins: tom test
[root@c7 conf.d]# cat mypass.conf
<Directory /var/www/html/admin>
Options None
AllowOverride None
AuthType basic
AuthName " please input name/passwd:"
#基于username/passwd
#AuthUserFile "/etc/httpd/http.users"
#Require user tom jerry
#基于group
AuthUserFile "/etc/httpd/http.users"
AuthGroupFile "/etc/httpd/http.groups"
Require group admins
</Directory>
#--------------测试密码验证是否生效--------------
[root@c7 conf.d]# curl -u tom:123 c7:80/admin/
admin
[root@c7 conf.d]# curl -u jerry:456 c7:80/admin/
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>