測試環境為 CentOS 7 x86_64 虛擬機
安裝完 Apache (Httpd),預設所有知道 IP , DNS Name 的人都可以存取網頁,有辦法可以直接設定帳號密碼來限制存取嗎? 我們可以利用 .htaccess 這個檔案來對網頁存取時需數入帳號與密碼,更多關於 .htaccess 請參考 – https://benjr.tw/100916
[root@localhost ~]# yum install -y httpd
[root@localhost ~]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2017-07-21 12:03:23 CST; 5s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 6418 (httpd)
Status: "Processing requests..."
CGroup: /system.slice/httpd.service
├─6418 /usr/sbin/httpd -DFOREGROUND
├─6419 /usr/sbin/httpd -DFOREGROUND
├─6420 /usr/sbin/httpd -DFOREGROUND
├─6421 /usr/sbin/httpd -DFOREGROUND
├─6422 /usr/sbin/httpd -DFOREGROUND
└─6423 /usr/sbin/httpd -DFOREGROUND
如果連不上請先確一下 Firewall 的狀態.
[root@localhost ~]# systemctl stop firewalld
AllowOverride 為 All (或 AuthConfig)
Apache 預設不使用 .htaccess 做設定,先確認 Apache 網頁資料夾 (預設為 /var/www/html) 權限的 AllowOverride 需設定為 All (或 AuthConfig),之後在 .htaccess 設定不需重新啟動 http 服務就可立即生效.
[root@localhost ~]# vi /etc/httpd/conf/httpd.conf
<Directory "/var/www/html">
AllowOverride All
</Directory>
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since 二 2019-06-18 22:27:08 CST; 9s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 9880 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Main PID: 9883 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
Tasks: 6
CGroup: /system.slice/httpd.service
├─9883 /usr/sbin/httpd -DFOREGROUND
├─9885 /usr/sbin/httpd -DFOREGROUND
├─9886 /usr/sbin/httpd -DFOREGROUND
├─9887 /usr/sbin/httpd -DFOREGROUND
├─9888 /usr/sbin/httpd -DFOREGROUND
└─9889 /usr/sbin/httpd -DFOREGROUND
建立 Apache Basic Authentication 所需的使用者帳號與密碼
這邊使用的是 Apache Basic Authentication , 使用者帳號與密碼皆寫在檔案中,需透過指令 #htpasswd 來建立.
[root@localhost ~]# htpasswd -c /etc/httpd/.htpasswd user1 New password: Re-type new password: Adding password for user user1
參數說明:
- -c
會建立使用者密碼檔,如果檔案已存在時,內容會被覆蓋,只需在建立第一筆資料時使用該參數.
建立第二位使用者與其密碼.
[root@localhost ~]# htpasswd /etc/httpd/.htpasswd user2 New password: Re-type new password: Adding password for user user2
使用者:非明碼密碼.
[root@localhost ~]# cat /etc/httpd/.htpasswd user1:$apr1$bQMgjIh2$Mbbr0x/SjIHmqrBBqMrzB0 user2:$apr1$zUmY5.Yf$1jVE3y30LJVLloEr.CiVD0
該檔案會透過 apache 使用者做存取 (Ubuntu 則為 www-data).
[root@localhost ~]# chown apache:apache /etc/httpd/.htpasswd [root@localhost ~]# chmod 0660 /etc/httpd/.htpasswd [root@localhost ~]# ll /etc/httpd/.htpasswd -rw-rw---- 1 apache apache 88 6月 18 13:54 /etc/httpd/.htpasswd
設定 .htaccess – Apache Basic Authentication
設定 .htaccess
[root@localhost ~]# vi /var/www/html/.htaccess AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/httpd/.htpasswd Require valid-user
參數說明:
- AuthType Basic
模式有這幾種 None , Basic , Digest 與 Form ,詳細說明請參考 https://httpd.apache.org/docs/2.4/mod/mod_authn_core.html#authtype - AuthName “Restricted Content”
輸入 使用者與密碼顯示時的提示信息. - AuthUserFile /etc/httpd/.htpasswd
剛剛產生的使用者與密碼檔位置. - Require valid-user
所有經過身份驗證的使用者皆可存取網頁,更多關於 Require 的使用請參考 https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require
測試與除錯
再次登入網站就需要輸入帳號及密碼了.
有錯誤發生時,請先檢視 /var/log/httpd/ /var/log/httpd/error_log 及 /var/log/httpd/access_log
沒有解決問題,試試搜尋本站其他內容