有些网站为了增加安全性,在你打开网站时,要输入用户名和密码,这里的用户名和密码还不是你自己能注册的,得管理员给你权限。通常这样的做法不多,但是有这样一种可能,打开网站时不需要认证,但你打开某个特定的页面时,通常是只允许内部人员打开,就要用户认证。
想要进行用户认证,就要对虚拟主机的配置文件进行编辑,如下:
<VirtualHost *:80> DocumentRoot "/data/wwwroot/www.123.com" ServerName www.123.com 用户认证 <Directory /data/wwwroot/www.123.com> //指定认证的目录 AllowOverride AuthConfig //这个相当于打开认证的开关 AuthName "123.com user auth" //自定义认证的名字,作用不大 AuthType Basic //认证的类型,一般为Basic,其他类型阿铭没用过 AuthUserFile /data/.htpasswd //指定密码文件所在位置 require valid-user //指定需要认证的用户为全部可用用户 </Directory> </VirtualHost>进行整个网站的用户认证
编辑虚拟主机配置文件
[root@shuai-01 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf <VirtualHost *:80> DocumentRoot "/data/wwwroot/111.com" ServerName 111.com ServerAlias www.111.com www.example.com <Directory /data/wwwroot/111.com> AllowOverride AuthConfig AuthName "111.com user auth" AuthType Basic AuthUserFile /data/.htpasswd require valid-user </Directory> ErrorLog "logs/111.com-error_log" CustomLog "logs/111.com-access_log" common </VirtualHost>生成用户名密码:
[root@shuai-01 ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd shuai New password: Re-type new password: Adding password for user shuai [root@shuai-01 ~]# /usr/local/apache2.4/bin/htpasswd -m /data/.htpasswd aoli New password: Re-type new password: Adding password for user aoli [root@shuai-01 ~]# cat /data/.htpasswd shuai:$apr1$nFOYpbK0$rCD.Yamunrac2ZRrhP4Yr1 aoli:$apr1$ICctgglv$JgpwNfsP8VHH6/PSxFXFs/-c 创建文件的 -m 是用md5加密的
检查配置文件语法,重新加载配置文件
[root@shuai-01 ~]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@shuai-01 ~]# /usr/local/apache2.4/bin/apachectl graceful打开网站:
用curl打开
[root@shuai-01 ~]# curl -x127.0.0.1:80 111.com <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Unauthorized</title> </head><body> <h1>Unauthorized</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> </body></html>显示特征号401 访问需要用户认证
[root@shuai-01 ~]# curl -x127.0.0.1:80 -ushuai:111111 111.com -I HTTP/1.1 200 OK Date: Wed, 20 Dec 2017 07:44:52 GMT Server: Apache/2.4.29 (Unix) PHP/5.6.30 X-Powered-By: PHP/5.6.30 Content-Type: text/html; charset=UTF-8在Windows端登录:
问题1:在Windows端登录,可能会出错,无法显示,请看这一篇的问题三http://blog.csdn.net/aoli_shuai/article/details/78847700
指定某一个特定的页面进行用户认证
<FilesMatch 123.php> AllowOverride AuthConfig AuthName "111.com user auth" AuthType Basic AuthUserFile /data/.htpasswd require valid-user </FilesMatch>指定得是123.php文件
配置虚拟主机配置文件
[root@shuai-01 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf <VirtualHost *:80> DocumentRoot "/data/wwwroot/111.com" ServerName 111.com ServerAlias www.111.com www.example.com # <Directory /data/wwwroot/111.com> <FilesMatch 123.php> AllowOverride AuthConfig AuthName "111.com user auth" AuthType Basic AuthUserFile /data/.htpasswd require valid-user </FilesMatch> # </Directory> ErrorLog "logs/111.com-error_log" CustomLog "logs/111.com-access_log" common </VirtualHost>检查配置文件语法,重新加载配置文件
[root@shuai-01 ~]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@shuai-01 ~]# /usr/local/apache2.4/bin/apachectl graceful编辑一个123.php文件
[root@shuai-01 ~]# vim /data/wwwroot/111.com/123.php <?php echo "123.php"; ?>登录:
[root@shuai-01 ~]# curl -x127.0.0.1:80 111.com -I HTTP/1.1 200 OK Date: Wed, 20 Dec 2017 07:59:09 GMT Server: Apache/2.4.29 (Unix) PHP/5.6.30 X-Powered-By: PHP/5.6.30 Content-Type: text/html; charset=UTF-8 [root@shuai-01 ~]# curl -x127.0.0.1:80 111.com/123.php -I HTTP/1.1 401 Unauthorized Date: Wed, 20 Dec 2017 07:59:23 GMT Server: Apache/2.4.29 (Unix) PHP/5.6.30 WWW-Authenticate: Basic realm="111.com user auth" Content-Type: text/html; charset=iso-8859-1 [root@shuai-01 ~]# curl -x127.0.0.1:80 -ushuai:111111 111.com/123.php -I HTTP/1.1 200 OK Date: Wed, 20 Dec 2017 07:59:45 GMT Server: Apache/2.4.29 (Unix) PHP/5.6.30 X-Powered-By: PHP/5.6.30 Content-Type: text/html; charset=UTF-8问题2:
如果要修改网站用户认证的密码,怎么操作?
htpasswd 重新给这个用户设置密码即可。
