Allow from gnulix.org
AuthType Basic
AuthName 'Server status'
AuthUserFile 'gnulixusers'
Require valid-user
Satisfy Any
</Location>
There are more ways to protect material on your web server, but the methods discussed here should get you started and are probably more than adequate for most circumstances. Look to Apache's online documentation for more examples of how to secure areas of your site.
Apache Modules
The Apache core does relatively little; Apache gains its functionality from modules. Each module solves a well-defined problem by adding necessary features. By adding or removing modules to supply the functionality you want Apache to have, you can tailor the Apache server to suit your exact needs.
Nearly 50 core modules are included with the basic Apache server. Many more are available from other developers. The Apache Module Registry is a repository for add-on modules for Apache, and it can be found at http://modules.apache.org/. The modules are listed in the modules directory under /etc/httpd/, but the following directory is a link to the /usr/lib/httpd/modules directory where the modules reside (your list might look different):
mod_access.so mod_cern_meta.so mod_log_config.so mod_setenvif.so
mod_actions.so mod_cgi.so mod_mime_magic.so mod_speling.so
mod_alias.so mod_dav_fs.so mod_mime.so mod_ssl.so
mod_asis.so mod_dav.so mod_negotiation.so mod_status.so
mod_auth_anon.so mod_dir.so mod_perl.so mod_suexec.so
mod_auth_dbm.so mod_env.so mod_proxy_connect.so mod_unique_id.so
mod_auth_digest.so mod_expires.so mod_proxy_ftp.so mod_userdir.so
mod_auth_mysql.so mod_headers.so mod_proxy_http.so mod_usertrack.so
mod_auth_pgsql.so mod_imap.so mod_proxy.so mod_vhost_alias.so
mod_auth.so mod_include.so mod_python.so mod_autoindex.so
mod_info.so mod_rewrite.so
Each module adds new directives that can be used in your configuration files. As you might guess, there are far too many extra commands, switches, and options to describe them all in this chapter. The following sections briefly describe a subset of those modules available with Fedora's Apache installation.
mod_accessmod_access controls access to areas on your web server based on IP addresses, hostnames, or environment variables. For example, you might want to allow anyone from within your own domain to access certain areas of your web. Refer to the 'File System Authentication and Access Control' section earlier in this chapter for more information.
mod_aliasmod_alias manipulates the URLs of incoming HTTP requests, such as when redirecting a client request to another URL. It also can map a part of the file system into your web hierarchy. For example,
Alias /images/ /home/wsb/graphics/
fetches contents from the /home/wsb/graphics directory for any URL that starts with /images/. This is done without the client knowing anything about it. If you use a redirection, the client is instructed to go to another URL to find the requested content. More advanced URL manipulation can be accomplished with mod_rewrite.
mod_asismod_asis is used to specify, in fine detail, all the information to be included in a response. This completely bypasses any headers Apache might have otherwise added to the response. All files with an .asis extension are sent straight to the client without any changes.
As a short example of the use of mod_asis, assume that you've moved content from one location to another on your site. Now you must inform people who try to access this resource that it has moved, as well as automatically redirect them to the new location. To provide this information and redirection, you can add the following code to a file with an .asis extension:
Status: 301 No more old stuff!
Location: http://gnulix.org/newstuff/
Content-type: text/html
<HTML>
<HEAD>
<TITLE>We've moved...</TITLE>
</HEAD>
<BODY>
<P>We've moved the old stuff and now you'll find it at:</P>
<A HREF='http://gnulix.org/newstuff/'>New stuff</A>!.
</BODY>
</HTML>
mod_authmod_auth uses a simple user authentication scheme, referred to as Basic Authentication, which is based on storing usernames and encrypted passwords in a text file. This file looks very much like Unix's /etc/passwd file and is created with the htpasswd command. Refer to the 'File System Authentication and Access Control' section earlier in this chapter for more information about this subject.
mod_auth_anonThe mod_auth_anon module provides anonymous authentication similar to that of anonymous FTP. The module enables you to define user IDs of those who are to be handled as guest users. When such a user tries to log on, he is prompted to enter his email address as his password. You can have Apache check the password to ensure that it's a (more or less) proper email address. Basically, it ensures that the password contains an @ character and at least one . character.
mod_auth_dbmmod_auth_dbm uses Berkeley DB files instead of text for user authentication files.
mod_auth_digestmod_auth_digest builds upon the mod_auth module, and sends authentication data via the MD5 Digest Authentication process as defined in RFC 2617. Compared to using Basic Authentication, this is a much more secure way of sending user data over the Internet. Unfortunately, not all web browsers support this authentication scheme.
To create password files for use with mod_auth_dbm, you must use the htdigest utility. It has more or less the same functionality as the htpasswd utility. See the man page of htdigest for further information.
mod_autoindexThe mod_autoindex module dynamically creates a file list for directory indexing. The list is rendered in a user-friendly manner similar to those lists provided by FTP's built-in ls command.
mod_cgimod_cgi allows execution of CGI programs on your server. CGI programs are executable
