Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The "FAQ" page has been changed by jmcg. The comment on this change is: some auth->authn/z. http://wiki.apache.org/httpd/FAQ?action=diff&rev1=28&rev2=29 -------------------------------------------------- This will cause Apache to be very paranoid about making sure a particular host address is really assigned to the name it claims to be. Note that this can incur a significant performance penalty, however, because of all the name resolution requests being sent to a nameserver. == How do I set up Apache to require a username and password to access certain documents? == - There are several ways to do this; some of the more popular ones are to use the mod_auth, mod_auth_db, or mod_auth_dbm modules. + There are several ways to do this; some of the more popular ones are to use the [[http://httpd.apache.org/docs/current/mod/mod_authn_file.html|mod_authn_file]], [[http://httpd.apache.org/docs/current/mod/mod_authn_dbd.html|mod_authn_dbd]], or [[http://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html|mod_authnz_ldap]] modules. - For an explanation on how to implement these restrictions, see Apache Week's articles on [[http://www.apacheweek.com/features/userauth|Using User Authentication]] or [[http://www.apacheweek.com/features/dbmauth|DBM User Authentication]], or see [[http://httpd.apache.org/docs/current/howto/auth.html|the authentication tutorial in the Apache documentation]]. + For an explanation on how to implement these restrictions, see [[http://httpd.apache.org/docs/current/howto/auth.html|the authentication tutorial in the Apache HTTP Server documentation]]. == How do I set up Apache to allow access to certain documents only if a site is either a local site or the user supplies a password and username? == Use the Satisfy directive, in particular the Satisfy Any directive, to require that only one of the access restrictions be met. For example, adding the following configuration to a .htaccess or server configuration file would restrict access to people who either are accessing the site from a host under domain.com or who can supply a valid username and password: @@ -552, +552 @@ Require valid-user Satisfy any }}} - See the user authentication question and the mod_access module for details on how the above directives work. + See the user authentication question and the [[http://httpd.apache.org/docs/current/mod/mod_authz_host.html|mod_authnz_host module]] for details on how the above directives work. == Why does my authentication give me a server error? == Under normal circumstances, the Apache access control modules will pass unrecognized user IDs on to the next access control module in line. Only if the user ID is recognized and the password is validated (or not) will it give the usual success or "authentication failed" messages. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
