Local Access Control.

What is it? The LACF allows different access controls for directory or subdirectory of the tree, the file is usually called. Htaccess.

One can deny the use of potentially hazardous SSI which cause the server to execute commands from outside each time a page is accessed that contains, in the pages of the user.

You can prevent potential security problems caused by symbolic links.

How is this done?

An example:

An example: A file named. Htaccess in the subdirectory personal / executive.

AuthType Basic

AuthName Only Ana

AuthUserFile / usr / local / etc / httpd / userpw (full path of the password file)

AuthGroupFile / usr / local / etc / httpd / ourgroup

Requires user ana

This limits access to a single Executive Subdirectory user.

The problem is that basic authentication information exchanged between the browser and the server is not encrypted in any way. This figure not only encodes the authentication session. Anyone who can intercept and decode your session may use the information to access their material. To solve this problem the method Autentication Digest. has been introduced.

Advanced Authentication:

IP addresses

What it is: In the context of programming in cgi-bin, each request for a document by a browser or other application for the intranet contains the IP address of the computer that made the request, which it could be used by any another person for purposes harmful to the institution.

How is this done?

order deny, allow

deny from all

allow from personal.mycompany.com

allow from 132.1.250

The problem here is that some offenders in the network can configure their computers to pretend to be someone you know.

For additional security is necessary to enable compile-DMAXIMUM_DNS while the server software. (HostnameLookups in Apache 1.1 does the same). the server makes a reverse lookup on the client IP address for your name, the name after it is received, the server asks the DNS for your IP address, if different access is denied.

Combined authentication

How is this done?

AuthType Basic

Only staff AuthName

AuthUserFile / usr / local / etc / httpd / userpw (full path of the password file)

AuthGroupFile / usr / local / etc / httpd / ourgroup

order deny, allow

deny from all

allow from personal.mycompany.com

allow from 132.1.250

Require group staff


Like it on Facebook, Tweet it or share this article on other bookmarking websites.

No comments