LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-09-2007, 06:29 AM   #1
cornish
Member
 
Registered: May 2005
Location: Sussex, England
Distribution: Ubuntu 7.10
Posts: 131

Rep: Reputation: 15
Apache Webserver - Selected Users


I have installed an Ubuntu LAMP server on our Windows domain, it hosts a Database that the IT Dept need to access though out the sites.

This part is working fine the only problem I have at the moment is that any old Joe can also access this server by typing the name in a browser.

How do I control the access to /var/www so only a certain group of users can you view the website, i.e myDomain/IT-Dept?
 
Old 08-09-2007, 07:16 AM   #2
brianmcgee
Member
 
Registered: Jun 2007
Location: Munich, Germany
Distribution: RHEL, CentOS, Fedora, SLES (...)
Posts: 399

Rep: Reputation: 40
You could place the following settings into your httpd.conf (don't forget to reload server!) so that only the IP range for your administrators is enabled to access the directory:

Code:
<Directory /var/www/html/some/dir>
      	Order Deny,Allow
      	Deny from all
      	Allow from 111.22.33
</Directory>
or you could create a .htaccess file that is placed in the according directory.

If you also want that only specific users may access the site you should create a .htaccess and .htpasswd:

.htaccess
Code:
    AuthName Restricted Area
    AuthType Basic
    AuthUserFile /some/path/.htpasswd
    require valid-user
#    require user user1
#    require user user5
.htpasswd
Code:
    user1:4Rw6jvSWm8E3c
    user2:lBpXKPKYBNVhg
    ...
You can create the password file with:

Code:
# htpasswd -c /some/path/.htpasswd username
New password:
Re-type new password:
Adding password for user username
Or you could use an online generator [1].

[1] http://aspirine.org/htpasswd_en.html

Last edited by brianmcgee; 08-09-2007 at 07:18 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Bounce selected users in virtual domain with Postfix? annekaelber Linux - Software 5 10-18-2007 02:58 PM
Different webserver folders for different users flibby Linux - Networking 2 01-18-2006 04:43 AM
info about vsftpd, apache and xinetd, setting up a webserver with users and passwords Grifter Linux - Newbie 7 07-13-2005 11:40 PM
Apache Webserver 403 Forbidden Errors (User not in apache group?) Mankind75 Mandriva 4 07-08-2004 06:30 AM
How to allow selected users to send a email to a particular IP xanthium Linux - Networking 2 11-05-2002 09:49 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration