Are you able to Restrict Access through your Configuration Files in apache web server??
Thanks in Advance for best reply
|
The short answer is "yes". The longer answer is that it helps to have a little more information such as which distro, including version, and which version of Apache2 you are running. As well, it is easier to read with the question in the body of the post. But those aside, have you looked at the Apache2 documentation for basic authentication and authorization? Be sure to have HTTPS (HTTP over TLS) set up first.
How complex do you want things to get? You can tie authorization to LDAP, for example. |
|
|
Code:
file some-file More than one allow from is allowed and accepts /CIDR notations Access to the site, yes, it can and should be enforced in the site.conf apache2 system file. .htaccess is kludgy and a resource killer. directives in the site.conf are global and are only read once, not every hit, like .htaccess. No one should have access to the apache2 configuration files themselves. and if installed correctly, there is nothing to "do" in /etc/apache2/ except Code:
cd /etc/apache2/ .htaccess tricks and tips...Part I .htaccess tricks and tips... Part II Discusses some good stuff and every where it says "htaccess", you have to or should want to utilize it in the site.conf Here's a practical example for securing Wordpress's wp-login.php area of any site using that software, Code:
# END WordPress good.guy.ip.1 and good.guy.ip.2 would not. So test it Code:
write "echo LQRocks" > /var/www/html/secret.file Code:
# END WordPress Code:
apache2ctl graceful You should get a 403 "error". and that is correct. If it's some else, let us know. All this is the same info as on .htaccess tricks and tips...Part I which I have nothing to do with except read there. (Glad it's still up, too!) Peace. |
|
All times are GMT -5. The time now is 10:39 AM. |