Re: Securing Apache directory (71 Views)
Reply
Honored Contributor
Alex Lavrov.
Posts: 1,270
Registered: ‎11-16-2002
Message 1 of 3 (71 Views)

Securing Apache directory

Hello,

I have several pages in apache that I want to secure with user and password. Securing it with basic authentication in Apache is not enough.

Can you please suggest a good and relatively not very complicated ways to do it? Also, link to how-to guide will be more than appriciated :)

Alex.
I don't give a damn for a man that can only spell a word one way. (M. Twain)
Please use plain text.
Esteemed Contributor
Vibhor Kumar Agarwal
Posts: 787
Registered: ‎04-05-2005
Message 2 of 3 (71 Views)

Re: Securing Apache directory

Try the crypt command.
Vibhor Kumar Agarwal
Please use plain text.
Regular Advisor
Robert Fritz
Posts: 132
Registered: ‎07-27-2003
Message 3 of 3 (71 Views)

Re: Securing Apache directory

Note that Unix crypt is a poor encryption scheme.

I'd suggest HTTPS, using client and server side certificate checking vs. basic_auth (which is the native username/password scheme). HTTPS has been done a lot, so there are plenty of examples / libraries out there to help.

Alternatively, if you really want to use user/pass, you could *not* check the client cert (still checking server cert to avoid man-in-the middle), and then use basic auth over HTTPS.
Those Who Would Sacrifice Liberty for Security Deserve Neither." - Benjamin Franklin
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation