SlideShare a Scribd company logo

Apache2 BootCamp : Restricting Access

Wildan Maulana
Wildan Maulana
Technology
1 of 35
Download to read offline
#7 Day #2 Restricting Access Wildan Maulana wildan.m@openthinklabs.com http://workshop.openthinklabs.com
Overview ● How to restrict access based on the user, client IP address, domain name, and browser version ● How to enable and configure Apache authentication modules ● How to use the user management tools provided with Apache
Authentication ● Authentication : establishes the identity of parties in a communication ● Authentication in the Context of the Web : – Use of passwords – Use of certificates ● Authorization : deals with protecting access to resources, we can authorize based on : ● IP address the user is coming from ● The user’s browser ● The content ● The user is trying to access ● Who the user is
Client Authentication ● The HTTP specification provides two authentication mechanisms: basic and digest The username and password are transmitted in clear text The username and password are transmitted in digest
Client Authentication User Management File-based Database-based authentication mechanisms authentication mechanisms Supported in Apache Bundles Supported in Third-party modules LDAP (Lightweight Directory Access Protocol) NIS (Network Information Services)
Apache Authentication Modules Authentication modules bundled with Apache mod_auth mod_auth_dbm mod_auth_digest mod_auth_anon
Apache Authentication Modules Common Functionality Apache provides three built-in directives related to authentication that will be used with any of the authentication modules AuthName AuthType Require Example Require user joe bob Require group employee contractor Require valid-user
Apache Authentication Modules Module Functionality Backend storage User management Authoritative information Provide text or database files containing the username and groups information Supply tools for creating and managing users and groups in the backend storage Specify whether the results of the module are authoritative
File-Based Authentication mod_auth Provides basic authentication via text files containing usernames and passwords, similar to how traditional Unix authentication works with the /etc/passwd and /etc/groups files.
File-Based Authentication Backend Storage Directives AuthUserFile Take a path argument, pointing to the users file AuthGroupFile Take a path argument, pointing to the users file /etc/apache.passwords Examples /etc/apache.groups Examples admin:iFrlxqg0Q6RQ6 web: admin umar abdul aziz
File-Based Authentication User Management htpasswd -c file userid htpasswd -c /usr/local/apache2/conf/htusers admin Don't use -c options if you want to add users to an existing password file
File-Based Authentication Authoritative Directive AuthAuthoritative on|off
File-Based Authentication Using mod_auth <directory /usr/local/apache2/htdocs/private> AuthType Basic AuthName “Private Area” AuthUserFile /usr/local/apache2/conf/htusers AuthAuthoritative on Require valid-user </directory>
Database File-Based Access Control mod_auth_dbm More scalable and faster with because of indexed database files
Database File-Based Access Control Backend Storage mod_auth_dbm modules AuthDBMUserFile Directives AuthDBMGroupFile
Database File-Based Access Control User Management On Windows On Unix If you are using ActiveState Perl, start the Perl package manager and type install Crypt-PasswdMD5 ./dbmmanage dbfile adduser userid perl ./dbmmanage.pl dbfile adduser userid htdbm Examples dbmmanage /usr/local/apache2/conf/dbmusers adduser daniel employee,engineering dbmmanage dbfile delete daniel
Database File-Based Access Control Authoritative AuthDBMAuthoritative on|off
Database File-Based Access Control Using mod_auth_dbm <directory /home/*/public_html> AuthType Basic AuthName “Private Area” AuthDBMUserFile /usr/local/apache2/conf/dbmusers AuthDBMGroupFile /usr/local/apache2/conf/dbmusers AuthDBMAuthoritative on Require group student faculty </directory>
Digest-Based Authentication mod_auth_digest
Digest-Based Authentication Backend Storage mod_auth_digest modules Directives AuthDigestFile AuthDigestGroupFile
Digest-Based Authentication User Management On Windows On Unix htdigest.exe htdigest
Digest-Based Authentication User Management AuthDigestAuthoritative on|off
Digest-Based Authentication Additional Directives AuthDigestDomain Takes a list of URLs that share the same realm and username password protection
Digest-Based Authentication Using mod_auth_digest <Location /private> AuthType Digest AuthName “Private Area” AuthDigestFile /usr/local/apache2/conf/digestusers AuthDigestDomain /private /private2 /private3 AuthDigestAuthoritative on Require valid-user </Location>
Additional Authentication Modules mod_auth_anon
Access Control ● Access Rules ● IP Addresses – A Partial IP Address – A Network/Mask Pair ● Domain Name ● Environment Variables ● All Clients
Access Rules IP Addresses IP Addresses Allow from 10.0.0.1 10.0.0.2 10.0.0.3 A Partial IP Address Allow from 10.0.0.0/255.255.255.0 Deny from 10.0 Allow from 10.0.0.0/24 A Network/Mask Pair
Access Rules Domain Name Allow from example.com Enabling access rules based on domain names will force Apache to do a reverse DNS lookup on the client address, bypassing the settings of the HostNameLookups directive
Access Rules Environment Variables BrowserMatch MSIE iexplorer Deny from env=iexplorer
Access Rules All Clients Allow from all Deny from all
Access Rules Evaluation Deny,Allow <location /private> Order Deny,Allow Allow from 10.0.0.0/255.255.255.0 example.com Deny from all </location> Allow,Deny <location /some/location/> Order Allow,Deny Allow from all Deny from host.example.com </location>
Combining Access Methods <Location /restricted> Allow from 10.0.0.0/255.255.255.0 AuthType Basic AuthName “Intranet” AuthUserFile /usr/local/apache2/conf/htusers AuthAuthoritative on Require valid-user Satisfy any </Location>
Limiting Access Based on HTTP Methods HTTP Methods : GET,POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, and UNLOCK. <Directory /home/*/public_html> AllowOverride FileInfo AuthConfig Limit Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec <Limit GET POST OPTIONS PROPFIND> Order allow,deny Allow from all </Limit> <LimitExcept GET POST OPTIONS PROPFIND> Order deny,allow Deny from all </LimitExcept> </Directory>
Q&A http://workshop.openthinklabs.com
Reference ● Daniel Lopez Ridruezo; SAMS Teach Yourself Apache2 in 24 Hours, SAMS Publishing, 2002 (Buy this book on Amazon)

Recommended

Running the Apache Web Server
Running the Apache Web ServerRunning the Apache Web Server
Running the Apache Web Server
webhostingguy
 
Java Security Manager Reloaded - jOpenSpace Lightning Talk
Java Security Manager Reloaded - jOpenSpace Lightning TalkJava Security Manager Reloaded - jOpenSpace Lightning Talk
Java Security Manager Reloaded - jOpenSpace Lightning Talk
Josef Cacek
 
Java Security Manager Reloaded - Devoxx 2014
Java Security Manager Reloaded - Devoxx 2014Java Security Manager Reloaded - Devoxx 2014
Java Security Manager Reloaded - Devoxx 2014
Josef Cacek
 
WordPress Security Fundamentals - WordCamp Biratnagar 2018
WordPress Security Fundamentals - WordCamp Biratnagar 2018WordPress Security Fundamentals - WordCamp Biratnagar 2018
WordPress Security Fundamentals - WordCamp Biratnagar 2018
Abul Khayer
 
Java secure development part 3
Java secure development part 3Java secure development part 3
Java secure development part 3
Rafel Ivgi
 
Install ldap server
Install ldap serverInstall ldap server
Install ldap server
Mawardi 12
 
12 core technologies you should learn, love, and hate to be a 'real' technocrat
12 core technologies you should learn, love, and hate to be a 'real' technocrat12 core technologies you should learn, love, and hate to be a 'real' technocrat
12 core technologies you should learn, love, and hate to be a 'real' technocrat
linoj
 
Hadoop Security in Detail__HadoopSummit2010
Hadoop Security in Detail__HadoopSummit2010Hadoop Security in Detail__HadoopSummit2010
Hadoop Security in Detail__HadoopSummit2010
Yahoo Developer Network
 

Recommended

Running the Apache Web Server
Running the Apache Web ServerRunning the Apache Web Server
Running the Apache Web Server
webhostingguy
 
Java Security Manager Reloaded - jOpenSpace Lightning Talk
Java Security Manager Reloaded - jOpenSpace Lightning TalkJava Security Manager Reloaded - jOpenSpace Lightning Talk
Java Security Manager Reloaded - jOpenSpace Lightning Talk
Josef Cacek
 
Java Security Manager Reloaded - Devoxx 2014
Java Security Manager Reloaded - Devoxx 2014Java Security Manager Reloaded - Devoxx 2014
Java Security Manager Reloaded - Devoxx 2014
Josef Cacek
 
WordPress Security Fundamentals - WordCamp Biratnagar 2018
WordPress Security Fundamentals - WordCamp Biratnagar 2018WordPress Security Fundamentals - WordCamp Biratnagar 2018
WordPress Security Fundamentals - WordCamp Biratnagar 2018
Abul Khayer
 
Java secure development part 3
Java secure development part 3Java secure development part 3
Java secure development part 3
Rafel Ivgi
 
Install ldap server
Install ldap serverInstall ldap server
Install ldap server
Mawardi 12
 
12 core technologies you should learn, love, and hate to be a 'real' technocrat
12 core technologies you should learn, love, and hate to be a 'real' technocrat12 core technologies you should learn, love, and hate to be a 'real' technocrat
12 core technologies you should learn, love, and hate to be a 'real' technocrat
linoj
 
Hadoop Security in Detail__HadoopSummit2010
Hadoop Security in Detail__HadoopSummit2010Hadoop Security in Detail__HadoopSummit2010
Hadoop Security in Detail__HadoopSummit2010
Yahoo Developer Network
 
Drupal Security Hardening
Drupal Security HardeningDrupal Security Hardening
Drupal Security Hardening
Gerald Villorente
 
Drupal and Security: What You Need to Know
Drupal and Security: What You Need to KnowDrupal and Security: What You Need to Know
Drupal and Security: What You Need to Know
Acquia
 
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)Hack Into Drupal Sites (or, How to Secure Your Drupal Site)
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)
nyccamp
 
Securing Apache Web Servers
Securing Apache Web ServersSecuring Apache Web Servers
Securing Apache Web Servers
webhostingguy
 
Introduction to MariaDb
Introduction to MariaDbIntroduction to MariaDb
Introduction to MariaDb
BehzadDara
 
1 hadoop security_in_details_hadoop_summit2010
1 hadoop security_in_details_hadoop_summit20101 hadoop security_in_details_hadoop_summit2010
1 hadoop security_in_details_hadoop_summit2010
Hadoop User Group
 
Java Web Programming [9/9] : Web Application Security
Java Web Programming [9/9] : Web Application SecurityJava Web Programming [9/9] : Web Application Security
Java Web Programming [9/9] : Web Application Security
IMC Institute
 
Is Drupal secure?
Is Drupal secure?Is Drupal secure?
Is Drupal secure?
Four Kitchens
 
Drupal security
Drupal securityDrupal security
Drupal security
Techday7
 
Security and performance designs for client-server communications
Security and performance designs for client-server communicationsSecurity and performance designs for client-server communications
Security and performance designs for client-server communications
WO Community
 
CRESTCon Asia 2018 - Config Password Encryption Gone Wrong
CRESTCon Asia 2018 - Config Password Encryption Gone WrongCRESTCon Asia 2018 - Config Password Encryption Gone Wrong
CRESTCon Asia 2018 - Config Password Encryption Gone Wrong
Keith Lee
 
Role based access control
Role based access controlRole based access control
Role based access control
Peter Edwards
 
Apache Cookbook - TekX Chicago 2010
Apache Cookbook - TekX Chicago 2010Apache Cookbook - TekX Chicago 2010
Apache Cookbook - TekX Chicago 2010
Rich Bowen
 
Web application security (eng)
Web application security (eng)Web application security (eng)
Web application security (eng)
Anatoliy Okhotnikov
 
Html5 Application Security
Html5 Application SecurityHtml5 Application Security
Html5 Application Security
chuckbt
 
Apache2 BootCamp : Using Apache to Serve Static Content
Apache2 BootCamp : Using Apache to Serve Static ContentApache2 BootCamp : Using Apache to Serve Static Content
Apache2 BootCamp : Using Apache to Serve Static Content
Wildan Maulana
 
Apache2 BootCamp : Logging and Monitoring
Apache2 BootCamp : Logging and MonitoringApache2 BootCamp : Logging and Monitoring
Apache2 BootCamp : Logging and Monitoring
Wildan Maulana
 
Apache2 BootCamp : Getting Started With Apache
Apache2 BootCamp : Getting Started With ApacheApache2 BootCamp : Getting Started With Apache
Apache2 BootCamp : Getting Started With Apache
Wildan Maulana
 
How to installation and configure apache2
How to installation and configure apache2How to installation and configure apache2
How to installation and configure apache2
VCP Muthukrishna
 
Apache2 BootCamp : Overview
Apache2 BootCamp : OverviewApache2 BootCamp : Overview
Apache2 BootCamp : Overview
Wildan Maulana
 
Makefile Generation From Autotools
Makefile Generation From AutotoolsMakefile Generation From Autotools
Makefile Generation From Autotools
Waqqas Jabbar
 
Using Nagios with Chef
Using Nagios with ChefUsing Nagios with Chef
Using Nagios with Chef
Bryan McLellan
 

More Related Content

What's hot

Drupal and Security: What You Need to Know
Drupal and Security: What You Need to KnowDrupal and Security: What You Need to Know
Drupal and Security: What You Need to Know
Acquia
 
Securing Apache Web Servers
Securing Apache Web ServersSecuring Apache Web Servers
Securing Apache Web Servers
webhostingguy
 
1 hadoop security_in_details_hadoop_summit2010
1 hadoop security_in_details_hadoop_summit20101 hadoop security_in_details_hadoop_summit2010
1 hadoop security_in_details_hadoop_summit2010
Hadoop User Group
 
Security and performance designs for client-server communications
Security and performance designs for client-server communicationsSecurity and performance designs for client-server communications
Security and performance designs for client-server communications
WO Community
 
Role based access control
Role based access controlRole based access control
Role based access control
Peter Edwards
 

What's hot (15)

Drupal Security Hardening
Drupal Security HardeningDrupal Security Hardening
Drupal Security Hardening
 
Drupal and Security: What You Need to Know
Drupal and Security: What You Need to KnowDrupal and Security: What You Need to Know
Drupal and Security: What You Need to Know
 
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)Hack Into Drupal Sites (or, How to Secure Your Drupal Site)
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)
 
Securing Apache Web Servers
Securing Apache Web ServersSecuring Apache Web Servers
Securing Apache Web Servers
 
Introduction to MariaDb
Introduction to MariaDbIntroduction to MariaDb
Introduction to MariaDb
 
1 hadoop security_in_details_hadoop_summit2010
1 hadoop security_in_details_hadoop_summit20101 hadoop security_in_details_hadoop_summit2010
1 hadoop security_in_details_hadoop_summit2010
 
Java Web Programming [9/9] : Web Application Security
Java Web Programming [9/9] : Web Application SecurityJava Web Programming [9/9] : Web Application Security
Java Web Programming [9/9] : Web Application Security
 
Is Drupal secure?
Is Drupal secure?Is Drupal secure?
Is Drupal secure?
 
Drupal security
Drupal securityDrupal security
Drupal security
 
Security and performance designs for client-server communications
Security and performance designs for client-server communicationsSecurity and performance designs for client-server communications
Security and performance designs for client-server communications
 
CRESTCon Asia 2018 - Config Password Encryption Gone Wrong
CRESTCon Asia 2018 - Config Password Encryption Gone WrongCRESTCon Asia 2018 - Config Password Encryption Gone Wrong
CRESTCon Asia 2018 - Config Password Encryption Gone Wrong
 
Role based access control
Role based access controlRole based access control
Role based access control
 
Apache Cookbook - TekX Chicago 2010
Apache Cookbook - TekX Chicago 2010Apache Cookbook - TekX Chicago 2010
Apache Cookbook - TekX Chicago 2010
 
Web application security (eng)
Web application security (eng)Web application security (eng)
Web application security (eng)
 
Html5 Application Security
Html5 Application SecurityHtml5 Application Security
Html5 Application Security
 

Viewers also liked

Apache2 BootCamp : Using Apache to Serve Static Content
Apache2 BootCamp : Using Apache to Serve Static ContentApache2 BootCamp : Using Apache to Serve Static Content
Apache2 BootCamp : Using Apache to Serve Static Content
Wildan Maulana
 
Apache2 BootCamp : Logging and Monitoring
Apache2 BootCamp : Logging and MonitoringApache2 BootCamp : Logging and Monitoring
Apache2 BootCamp : Logging and Monitoring
Wildan Maulana
 
Apache2 BootCamp : Getting Started With Apache
Apache2 BootCamp : Getting Started With ApacheApache2 BootCamp : Getting Started With Apache
Apache2 BootCamp : Getting Started With Apache
Wildan Maulana
 
Apache2 BootCamp : Overview
Apache2 BootCamp : OverviewApache2 BootCamp : Overview
Apache2 BootCamp : Overview
Wildan Maulana
 

Viewers also liked (7)

Apache2 BootCamp : Using Apache to Serve Static Content
Apache2 BootCamp : Using Apache to Serve Static ContentApache2 BootCamp : Using Apache to Serve Static Content
Apache2 BootCamp : Using Apache to Serve Static Content
 
Apache2 BootCamp : Logging and Monitoring
Apache2 BootCamp : Logging and MonitoringApache2 BootCamp : Logging and Monitoring
Apache2 BootCamp : Logging and Monitoring
 
Apache2 BootCamp : Getting Started With Apache
Apache2 BootCamp : Getting Started With ApacheApache2 BootCamp : Getting Started With Apache
Apache2 BootCamp : Getting Started With Apache
 
How to installation and configure apache2
How to installation and configure apache2How to installation and configure apache2
How to installation and configure apache2
 
Apache2 BootCamp : Overview
Apache2 BootCamp : OverviewApache2 BootCamp : Overview
Apache2 BootCamp : Overview
 
Makefile Generation From Autotools
Makefile Generation From AutotoolsMakefile Generation From Autotools
Makefile Generation From Autotools
 
Using Nagios with Chef
Using Nagios with ChefUsing Nagios with Chef
Using Nagios with Chef
 

Similar to Apache2 BootCamp : Restricting Access

Apache server configuration & optimization
Apache server configuration & optimizationApache server configuration & optimization
Apache server configuration & optimization
Gokul Muralidharan
 
Lesson 9. The Apache Web Server
Lesson 9. The Apache Web ServerLesson 9. The Apache Web Server
Lesson 9. The Apache Web Server
webhostingguy
 
Setting Up Security on Apache
Setting Up Security on ApacheSetting Up Security on Apache
Setting Up Security on Apache
elliando dias
 
ProxySQL Tutorial - PLAM 2016
ProxySQL Tutorial - PLAM 2016ProxySQL Tutorial - PLAM 2016
ProxySQL Tutorial - PLAM 2016
Derek Downey
 
Utosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptUtosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.ppt
webhostingguy
 
Utosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptUtosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.ppt
webhostingguy
 
Utosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptUtosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.ppt
webhostingguy
 
Hive contributors meetup apache sentry
Hive contributors meetup apache sentryHive contributors meetup apache sentry
Hive contributors meetup apache sentry
Brock Noland
 
apresentacao_apache2..
apresentacao_apache2..apresentacao_apache2..
apresentacao_apache2..
webhostingguy
 
apresentacao_apache2..
apresentacao_apache2..apresentacao_apache2..
apresentacao_apache2..
webhostingguy
 

Similar to Apache2 BootCamp : Restricting Access (20)

Apache Web Server Setup 4
Apache Web Server Setup 4Apache Web Server Setup 4
Apache Web Server Setup 4
 
Apache server configuration & optimization
Apache server configuration & optimizationApache server configuration & optimization
Apache server configuration & optimization
 
Squid
SquidSquid
Squid
 
Apache Server Tutorial
Apache Server TutorialApache Server Tutorial
Apache Server Tutorial
 
Lesson 9. The Apache Web Server
Lesson 9. The Apache Web ServerLesson 9. The Apache Web Server
Lesson 9. The Apache Web Server
 
Introduction to Flow3
Introduction to Flow3Introduction to Flow3
Introduction to Flow3
 
Setting Up Security on Apache
Setting Up Security on ApacheSetting Up Security on Apache
Setting Up Security on Apache
 
Version Control With CVS
Version Control With CVSVersion Control With CVS
Version Control With CVS
 
ProxySQL Tutorial - PLAM 2016
ProxySQL Tutorial - PLAM 2016ProxySQL Tutorial - PLAM 2016
ProxySQL Tutorial - PLAM 2016
 
Apache
ApacheApache
Apache
 
Presentation (PPT)
Presentation (PPT)Presentation (PPT)
Presentation (PPT)
 
Utosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptUtosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.ppt
 
Utosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptUtosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.ppt
 
Utosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptUtosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.ppt
 
Apache Presentation
Apache PresentationApache Presentation
Apache Presentation
 
Hive contributors meetup apache sentry
Hive contributors meetup apache sentryHive contributors meetup apache sentry
Hive contributors meetup apache sentry
 
apresentacao_apache2..
apresentacao_apache2..apresentacao_apache2..
apresentacao_apache2..
 
apresentacao_apache2..
apresentacao_apache2..apresentacao_apache2..
apresentacao_apache2..
 
Durkee apache 2009_v7
Durkee apache 2009_v7Durkee apache 2009_v7
Durkee apache 2009_v7
 
Hadoop security
Hadoop securityHadoop security
Hadoop security
 

More from Wildan Maulana

Double for Nothing? Experimental Evidence on an Unconditional TeacherSalary I...
Double for Nothing? Experimental Evidence on an Unconditional TeacherSalary I...Double for Nothing? Experimental Evidence on an Unconditional TeacherSalary I...
Double for Nothing? Experimental Evidence on an Unconditional TeacherSalary I...
Wildan Maulana
 
Pengembangan OpenThink SAS 2013-2014
Pengembangan OpenThink SAS 2013-2014Pengembangan OpenThink SAS 2013-2014
Pengembangan OpenThink SAS 2013-2014
Wildan Maulana
 
ICA – AtoM : Retensi Arsip
ICA – AtoM : Retensi ArsipICA – AtoM : Retensi Arsip
ICA – AtoM : Retensi Arsip
Wildan Maulana
 
OpenThink Labs Workshop : Ketahanan Pangan Skala RT/RW
OpenThink Labs Workshop : Ketahanan Pangan Skala RT/RWOpenThink Labs Workshop : Ketahanan Pangan Skala RT/RW
OpenThink Labs Workshop : Ketahanan Pangan Skala RT/RW
Wildan Maulana
 
OpenThink Labs : Dengar Pendapat Komunitas ciliwung dengan kemen pu dan kemen...
OpenThink Labs : Dengar Pendapat Komunitas ciliwung dengan kemen pu dan kemen...OpenThink Labs : Dengar Pendapat Komunitas ciliwung dengan kemen pu dan kemen...
OpenThink Labs : Dengar Pendapat Komunitas ciliwung dengan kemen pu dan kemen...
Wildan Maulana
 
PostgreSQL BootCamp : Manajemen Master Data dengan SkyTools
PostgreSQL BootCamp : Manajemen Master Data dengan SkyToolsPostgreSQL BootCamp : Manajemen Master Data dengan SkyTools
PostgreSQL BootCamp : Manajemen Master Data dengan SkyTools
Wildan Maulana
 
Mensetup Google Apps sebagai IdP jenis openID dan Aplikasi Berbasis CakePHP ...
Mensetup Google Apps sebagai IdP jenis openID dan Aplikasi Berbasis CakePHP ...Mensetup Google Apps sebagai IdP jenis openID dan Aplikasi Berbasis CakePHP ...
Mensetup Google Apps sebagai IdP jenis openID dan Aplikasi Berbasis CakePHP ...
Wildan Maulana
 
Mensetup Google Apps sebagai IdP jenis openID dan Wordpress sebagai Sp
Mensetup Google Apps sebagai IdP jenis openID dan Wordpress sebagai SpMensetup Google Apps sebagai IdP jenis openID dan Wordpress sebagai Sp
Mensetup Google Apps sebagai IdP jenis openID dan Wordpress sebagai Sp
Wildan Maulana
 
Konfigurasi simpleSAMLphp dengan Google Apps Sebagai Identity Provider
Konfigurasi simpleSAMLphp dengan Google Apps Sebagai Identity ProviderKonfigurasi simpleSAMLphp dengan Google Apps Sebagai Identity Provider
Konfigurasi simpleSAMLphp dengan Google Apps Sebagai Identity Provider
Wildan Maulana
 
Instalasi simpleSAMLphp sebagai Identity Provider (IdP)
Instalasi simpleSAMLphp sebagai Identity Provider (IdP)Instalasi simpleSAMLphp sebagai Identity Provider (IdP)
Instalasi simpleSAMLphp sebagai Identity Provider (IdP)
Wildan Maulana
 
Instalasi dan Konfigurasi simpleSAMLphp
Instalasi dan Konfigurasi simpleSAMLphpInstalasi dan Konfigurasi simpleSAMLphp
Instalasi dan Konfigurasi simpleSAMLphp
Wildan Maulana
 
River Restoration in Asia and Connection Between IWRM and River Restoration
River Restoration in Asia and Connection Between IWRM and River RestorationRiver Restoration in Asia and Connection Between IWRM and River Restoration
River Restoration in Asia and Connection Between IWRM and River Restoration
Wildan Maulana
 
Penilaian Siswa di Finlandia - Pendidikan Dasar
Penilaian Siswa di Finlandia - Pendidikan DasarPenilaian Siswa di Finlandia - Pendidikan Dasar
Penilaian Siswa di Finlandia - Pendidikan Dasar
Wildan Maulana
 
Proyek Al-'Alaq : Electric Bicycles ; History, Characteristics, and Uses
Proyek Al-'Alaq : Electric Bicycles ; History, Characteristics, and UsesProyek Al-'Alaq : Electric Bicycles ; History, Characteristics, and Uses
Proyek Al-'Alaq : Electric Bicycles ; History, Characteristics, and Uses
Wildan Maulana
 
OpenThink SAS : Interaksi Antara Sekolah, Wali Kelas, Siswa dan Orang Tua
OpenThink SAS : Interaksi Antara Sekolah, Wali Kelas, Siswa dan Orang TuaOpenThink SAS : Interaksi Antara Sekolah, Wali Kelas, Siswa dan Orang Tua
OpenThink SAS : Interaksi Antara Sekolah, Wali Kelas, Siswa dan Orang Tua
Wildan Maulana
 

More from Wildan Maulana (20)

Hasil Pendataan Potensi Desa 2018
Hasil Pendataan Potensi Desa 2018Hasil Pendataan Potensi Desa 2018
Hasil Pendataan Potensi Desa 2018
 
Double for Nothing? Experimental Evidence on an Unconditional TeacherSalary I...
Double for Nothing? Experimental Evidence on an Unconditional TeacherSalary I...Double for Nothing? Experimental Evidence on an Unconditional TeacherSalary I...
Double for Nothing? Experimental Evidence on an Unconditional TeacherSalary I...
 
Ketahanan Pangan #1 : Gerakan Sekolah Menanam Melon
Ketahanan Pangan #1 : Gerakan Sekolah Menanam MelonKetahanan Pangan #1 : Gerakan Sekolah Menanam Melon
Ketahanan Pangan #1 : Gerakan Sekolah Menanam Melon
 
Pengembangan OpenThink SAS 2013-2014
Pengembangan OpenThink SAS 2013-2014Pengembangan OpenThink SAS 2013-2014
Pengembangan OpenThink SAS 2013-2014
 
ICA – AtoM : Retensi Arsip
ICA – AtoM : Retensi ArsipICA – AtoM : Retensi Arsip
ICA – AtoM : Retensi Arsip
 
OpenThink Labs Workshop : Ketahanan Pangan Skala RT/RW
OpenThink Labs Workshop : Ketahanan Pangan Skala RT/RWOpenThink Labs Workshop : Ketahanan Pangan Skala RT/RW
OpenThink Labs Workshop : Ketahanan Pangan Skala RT/RW
 
OpenThink Labs : Dengar Pendapat Komunitas ciliwung dengan kemen pu dan kemen...
OpenThink Labs : Dengar Pendapat Komunitas ciliwung dengan kemen pu dan kemen...OpenThink Labs : Dengar Pendapat Komunitas ciliwung dengan kemen pu dan kemen...
OpenThink Labs : Dengar Pendapat Komunitas ciliwung dengan kemen pu dan kemen...
 
PostgreSQL BootCamp : Manajemen Master Data dengan SkyTools
PostgreSQL BootCamp : Manajemen Master Data dengan SkyToolsPostgreSQL BootCamp : Manajemen Master Data dengan SkyTools
PostgreSQL BootCamp : Manajemen Master Data dengan SkyTools
 
Mensetup Google Apps sebagai IdP jenis openID dan Aplikasi Berbasis CakePHP ...
Mensetup Google Apps sebagai IdP jenis openID dan Aplikasi Berbasis CakePHP ...Mensetup Google Apps sebagai IdP jenis openID dan Aplikasi Berbasis CakePHP ...
Mensetup Google Apps sebagai IdP jenis openID dan Aplikasi Berbasis CakePHP ...
 
Mensetup Google Apps sebagai IdP jenis openID dan Wordpress sebagai Sp
Mensetup Google Apps sebagai IdP jenis openID dan Wordpress sebagai SpMensetup Google Apps sebagai IdP jenis openID dan Wordpress sebagai Sp
Mensetup Google Apps sebagai IdP jenis openID dan Wordpress sebagai Sp
 
Konfigurasi simpleSAMLphp dengan Google Apps Sebagai Identity Provider
Konfigurasi simpleSAMLphp dengan Google Apps Sebagai Identity ProviderKonfigurasi simpleSAMLphp dengan Google Apps Sebagai Identity Provider
Konfigurasi simpleSAMLphp dengan Google Apps Sebagai Identity Provider
 
Instalasi simpleSAMLphp sebagai Identity Provider (IdP)
Instalasi simpleSAMLphp sebagai Identity Provider (IdP)Instalasi simpleSAMLphp sebagai Identity Provider (IdP)
Instalasi simpleSAMLphp sebagai Identity Provider (IdP)
 
Instalasi dan Konfigurasi simpleSAMLphp
Instalasi dan Konfigurasi simpleSAMLphpInstalasi dan Konfigurasi simpleSAMLphp
Instalasi dan Konfigurasi simpleSAMLphp
 
River Restoration in Asia and Connection Between IWRM and River Restoration
River Restoration in Asia and Connection Between IWRM and River RestorationRiver Restoration in Asia and Connection Between IWRM and River Restoration
River Restoration in Asia and Connection Between IWRM and River Restoration
 
Optimasi Limpasan Air Limbah Ke Kali Surabaya (Segmen Sepanjang – Jagir) De...
Optimasi Limpasan Air Limbah Ke Kali Surabaya (Segmen Sepanjang – Jagir) De...Optimasi Limpasan Air Limbah Ke Kali Surabaya (Segmen Sepanjang – Jagir) De...
Optimasi Limpasan Air Limbah Ke Kali Surabaya (Segmen Sepanjang – Jagir) De...
 
Penilaian Siswa di Finlandia - Pendidikan Dasar
Penilaian Siswa di Finlandia - Pendidikan DasarPenilaian Siswa di Finlandia - Pendidikan Dasar
Penilaian Siswa di Finlandia - Pendidikan Dasar
 
Statistik Listrik
Statistik ListrikStatistik Listrik
Statistik Listrik
 
Proyek Al-'Alaq : Electric Bicycles ; History, Characteristics, and Uses
Proyek Al-'Alaq : Electric Bicycles ; History, Characteristics, and UsesProyek Al-'Alaq : Electric Bicycles ; History, Characteristics, and Uses
Proyek Al-'Alaq : Electric Bicycles ; History, Characteristics, and Uses
 
OpenThink SAS : Interaksi Antara Sekolah, Wali Kelas, Siswa dan Orang Tua
OpenThink SAS : Interaksi Antara Sekolah, Wali Kelas, Siswa dan Orang TuaOpenThink SAS : Interaksi Antara Sekolah, Wali Kelas, Siswa dan Orang Tua
OpenThink SAS : Interaksi Antara Sekolah, Wali Kelas, Siswa dan Orang Tua
 
Menggunakan AlisJK : Equating
Menggunakan AlisJK : EquatingMenggunakan AlisJK : Equating
Menggunakan AlisJK : Equating
 

Recently uploaded

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Recently uploaded (20)

MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

Apache2 BootCamp : Restricting Access

  • 1. #7 Day #2 Restricting Access Wildan Maulana wildan.m@openthinklabs.com http://workshop.openthinklabs.com
  • 2. Overview ● How to restrict access based on the user, client IP address, domain name, and browser version ● How to enable and configure Apache authentication modules ● How to use the user management tools provided with Apache
  • 3. Authentication ● Authentication : establishes the identity of parties in a communication ● Authentication in the Context of the Web : – Use of passwords – Use of certificates ● Authorization : deals with protecting access to resources, we can authorize based on : ● IP address the user is coming from ● The user’s browser ● The content ● The user is trying to access ● Who the user is
  • 4. Client Authentication ● The HTTP specification provides two authentication mechanisms: basic and digest The username and password are transmitted in clear text The username and password are transmitted in digest
  • 5. Client Authentication User Management File-based Database-based authentication mechanisms authentication mechanisms Supported in Apache Bundles Supported in Third-party modules LDAP (Lightweight Directory Access Protocol) NIS (Network Information Services)
  • 6. Apache Authentication Modules Authentication modules bundled with Apache mod_auth mod_auth_dbm mod_auth_digest mod_auth_anon
  • 7. Apache Authentication Modules Common Functionality Apache provides three built-in directives related to authentication that will be used with any of the authentication modules AuthName AuthType Require Example Require user joe bob Require group employee contractor Require valid-user
  • 8. Apache Authentication Modules Module Functionality Backend storage User management Authoritative information Provide text or database files containing the username and groups information Supply tools for creating and managing users and groups in the backend storage Specify whether the results of the module are authoritative
  • 9. File-Based Authentication mod_auth Provides basic authentication via text files containing usernames and passwords, similar to how traditional Unix authentication works with the /etc/passwd and /etc/groups files.
  • 10. File-Based Authentication Backend Storage Directives AuthUserFile Take a path argument, pointing to the users file AuthGroupFile Take a path argument, pointing to the users file /etc/apache.passwords Examples /etc/apache.groups Examples admin:iFrlxqg0Q6RQ6 web: admin umar abdul aziz
  • 11. File-Based Authentication User Management htpasswd -c file userid htpasswd -c /usr/local/apache2/conf/htusers admin Don't use -c options if you want to add users to an existing password file
  • 12. File-Based Authentication Authoritative Directive AuthAuthoritative on|off
  • 13. File-Based Authentication Using mod_auth <directory /usr/local/apache2/htdocs/private> AuthType Basic AuthName “Private Area” AuthUserFile /usr/local/apache2/conf/htusers AuthAuthoritative on Require valid-user </directory>
  • 14. Database File-Based Access Control mod_auth_dbm More scalable and faster with because of indexed database files
  • 15. Database File-Based Access Control Backend Storage mod_auth_dbm modules AuthDBMUserFile Directives AuthDBMGroupFile
  • 16. Database File-Based Access Control User Management On Windows On Unix If you are using ActiveState Perl, start the Perl package manager and type install Crypt-PasswdMD5 ./dbmmanage dbfile adduser userid perl ./dbmmanage.pl dbfile adduser userid htdbm Examples dbmmanage /usr/local/apache2/conf/dbmusers adduser daniel employee,engineering dbmmanage dbfile delete daniel
  • 17. Database File-Based Access Control Authoritative AuthDBMAuthoritative on|off
  • 18. Database File-Based Access Control Using mod_auth_dbm <directory /home/*/public_html> AuthType Basic AuthName “Private Area” AuthDBMUserFile /usr/local/apache2/conf/dbmusers AuthDBMGroupFile /usr/local/apache2/conf/dbmusers AuthDBMAuthoritative on Require group student faculty </directory>
  • 19. Digest-Based Authentication mod_auth_digest
  • 20. Digest-Based Authentication Backend Storage mod_auth_digest modules Directives AuthDigestFile AuthDigestGroupFile
  • 21. Digest-Based Authentication User Management On Windows On Unix htdigest.exe htdigest
  • 22. Digest-Based Authentication User Management AuthDigestAuthoritative on|off
  • 23. Digest-Based Authentication Additional Directives AuthDigestDomain Takes a list of URLs that share the same realm and username password protection
  • 24. Digest-Based Authentication Using mod_auth_digest <Location /private> AuthType Digest AuthName “Private Area” AuthDigestFile /usr/local/apache2/conf/digestusers AuthDigestDomain /private /private2 /private3 AuthDigestAuthoritative on Require valid-user </Location>
  • 26. Access Control ● Access Rules ● IP Addresses – A Partial IP Address – A Network/Mask Pair ● Domain Name ● Environment Variables ● All Clients
  • 27. Access Rules IP Addresses IP Addresses Allow from 10.0.0.1 10.0.0.2 10.0.0.3 A Partial IP Address Allow from 10.0.0.0/255.255.255.0 Deny from 10.0 Allow from 10.0.0.0/24 A Network/Mask Pair
  • 28. Access Rules Domain Name Allow from example.com Enabling access rules based on domain names will force Apache to do a reverse DNS lookup on the client address, bypassing the settings of the HostNameLookups directive
  • 29. Access Rules Environment Variables BrowserMatch MSIE iexplorer Deny from env=iexplorer
  • 30. Access Rules All Clients Allow from all Deny from all
  • 31. Access Rules Evaluation Deny,Allow <location /private> Order Deny,Allow Allow from 10.0.0.0/255.255.255.0 example.com Deny from all </location> Allow,Deny <location /some/location/> Order Allow,Deny Allow from all Deny from host.example.com </location>
  • 32. Combining Access Methods <Location /restricted> Allow from 10.0.0.0/255.255.255.0 AuthType Basic AuthName “Intranet” AuthUserFile /usr/local/apache2/conf/htusers AuthAuthoritative on Require valid-user Satisfy any </Location>
  • 33. Limiting Access Based on HTTP Methods HTTP Methods : GET,POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, and UNLOCK. <Directory /home/*/public_html> AllowOverride FileInfo AuthConfig Limit Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec <Limit GET POST OPTIONS PROPFIND> Order allow,deny Allow from all </Limit> <LimitExcept GET POST OPTIONS PROPFIND> Order deny,allow Deny from all </LimitExcept> </Directory>
  • 35. Reference ● Daniel Lopez Ridruezo; SAMS Teach Yourself Apache2 in 24 Hours, SAMS Publishing, 2002 (Buy this book on Amazon)