Securing Apache directory (109 Views)
Reply
Honored Contributor
Alex Lavrov.
Posts: 1,270
Registered: ‎11-16-2002
Message 1 of 3 (109 Views)

Securing Apache directory

Hello,

I have several pages in apache that I want to secure with user and password. Securing it with basic authentication in Apache is not enough.

Can you please suggest a good and relatively not very complicated ways to do it? Also, link to how-to guide will be more than appriciated :)

Alex.
I don't give a damn for a man that can only spell a word one way. (M. Twain)
Esteemed Contributor
Vibhor Kumar Agarwal
Posts: 787
Registered: ‎04-05-2005
Message 2 of 3 (109 Views)

Re: Securing Apache directory

Try the crypt command.
Vibhor Kumar Agarwal
Regular Advisor
Robert Fritz
Posts: 132
Registered: ‎07-27-2003
Message 3 of 3 (109 Views)

Re: Securing Apache directory

Note that Unix crypt is a poor encryption scheme.

I'd suggest HTTPS, using client and server side certificate checking vs. basic_auth (which is the native username/password scheme). HTTPS has been done a lot, so there are plenty of examples / libraries out there to help.

Alternatively, if you really want to use user/pass, you could *not* check the client cert (still checking server cert to avoid man-in-the middle), and then use basic auth over HTTPS.
Those Who Would Sacrifice Liberty for Security Deserve Neither." - Benjamin Franklin
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.