From Wsms

previous next
GO TO:
Linux Class Notes
The apache web server
Complementary notes from George

Wednesday Dec 06 2006

Contents 1 We will have a "potluck" on friday 2 The Satisfy directive 2.1 Securing a folder with Password & IP protection 3 More apropiate ways of generate password files 4 A couple of facitities built in to the apache server when it generates web pages

We will have a "potluck" on friday

At break time we will have this little meeting, and Joe will not schedule anything after it. If we want to stay doing our final project after the party, we are more than welcome.(hmmm)

Of course Joe can't stand a week without a quiz, so the quiz will have place tomorrow. We will have to study!!

The Satisfy directive

Asociated with authentication, there is an apache directive called Satisfy all | any. If it is set to any, the server will answer to any attempt from any IP address. If it is set to all, it means that the server will see if the user is valid to get information from the webpage.

We also have two kinds of protection that are called Password and IP protection.

Securing a folder with Password & IP protection

1. Joe logs in in our server, and open usermin.
2. Creates a folder in his public_html directory, called "secure2"
3. Adds a web page in the folder.
4. Adds an options file to the new directory using Usermin (webmin->aplications->apache->Per-directory options file->access control). The radio button "Clients must satisfy", will generate the Satisfy directive. We will have to pick the all access controls
5. Then we will set the restrict access to deny and then allow (this order must be like this because we will deny all ip addresses, and then will make an exception).. we say that deny from all in the hang menu.
6. We save the options and go back to access control, and we will have a second line in the hang menu, and we say allow from the address we like.
7. In the command line of windows, he types ipconfig, and finds out his ip address (which is 10.101.20.80) that is the address we like.

More apropiate ways of generate password files

The htpasswd command is useful to generate passwords to access the web site, but it generates a very insecure text file.

Luckly there is a module called mod_authdbm, that is useful to implement a database with the information of the valid users.

It is concibable for a system to have both ways of saving the information of users and passwords (a text file, or a database). The question is you could have both of the systems protecting the same directory, and if yes (as a matter of fact, the answer is yes) if yes, we are saying, which one will have precedence?.

The answer is that you as an administrator have to establish which of that have priority.

A couple of facitities built in to the apache server when it generates web pages

Server_status (module mod_status)

Tells about the status of the server.

Server_Info (mod_info)

Gives data about what apache is doing

Joe vi's the http.conf file, and uncoments the piece of code related to mod_status. For this example, we can allow anybody, going to the container <Location /server-status> piece of code, and adding the appropiate lines, wich are put order allow,deny and allow from all. We don't want to do this in real life, this is only an example.

We go to our internet explorer, and go to the site 10.101.1.200/server-status, and voila: we see the status of the server.

Since this is not what we want (to give access to everybody to our server status), Joe fixes it using webmin.===webmin-->default server-->location server-status-->request access deny then allow, deny from all, allow only from the classroom.