Apache服務(wù)器的用戶(hù)認(rèn)證 (轉(zhuǎn))
Jun 21, 2016 am 09:14 AMapache|服務(wù)器
經(jīng)常上網(wǎng)的讀者會(huì)遇到這種情況:訪(fǎng)問(wèn)一些網(wǎng)站的某些資源時(shí),瀏覽器彈出一個(gè)對(duì)話(huà)框,要求輸入用戶(hù)名和密碼來(lái)獲取對(duì)資源的訪(fǎng)問(wèn)。這就是用戶(hù)認(rèn)證的一種技術(shù)。用戶(hù)認(rèn)證是保護(hù)網(wǎng)絡(luò)系統(tǒng)資源的第一道防線(xiàn),它控制著所有登錄并檢查訪(fǎng)問(wèn)用戶(hù)的合法性,其目標(biāo)是僅讓合法用戶(hù)以合法的權(quán)限訪(fǎng)問(wèn)網(wǎng)絡(luò)系統(tǒng)的資源?;镜挠脩?hù)認(rèn)證技術(shù)是“用戶(hù)名+密碼”。
Apache是目前流行的Web服務(wù)器,可運(yùn)行在Linux、Unix、Windows等操作系統(tǒng)下,它可以很好地解決“用戶(hù)名+密碼”的認(rèn)證問(wèn)題。Apache用戶(hù)認(rèn)證所需要的用戶(hù)名和密碼有兩種不同的存貯方式:一種是文本文件;另一種是MSQL、Oracle、MySQL等數(shù)據(jù)庫(kù)。下面以L(fǎng)inux的Apache為例,就這兩種存貯方式,分別介紹如何實(shí)現(xiàn)用戶(hù)認(rèn)證功能,同時(shí)對(duì)Windows的Apache用戶(hù)認(rèn)證作簡(jiǎn)要的說(shuō)明。
采用文本文件存儲(chǔ)
這種認(rèn)證方式的基本思想是:Apache啟動(dòng)認(rèn)證功能后,就可以在需要限制訪(fǎng)問(wèn)的目錄下建立一個(gè)名為.htaccess的文件,指定認(rèn)證的配置命令。當(dāng)用戶(hù)第一次訪(fǎng)問(wèn)該目錄的文件時(shí),瀏覽器會(huì)顯示一個(gè)對(duì)話(huà)框,要求輸入用戶(hù)名和密碼,進(jìn)行用戶(hù)身份的確認(rèn)。若是合法用戶(hù),則顯示所訪(fǎng)問(wèn)的頁(yè)面內(nèi)容,此后訪(fǎng)問(wèn)該目錄的每個(gè)頁(yè)面,瀏覽器自動(dòng)送出用戶(hù)名和密碼,不用再輸入了,直到關(guān)閉瀏覽器為止。以下是實(shí)現(xiàn)的具體步驟:
以超級(jí)用戶(hù)root進(jìn)入Linux,假設(shè)Apache 1.3.12已經(jīng)編譯、安裝到了/usr/local/apache目錄中。缺省情況下,編譯Apache時(shí)自動(dòng)加入mod_auth模塊,利用此模塊可以實(shí)現(xiàn)“用戶(hù)名+密碼”以文本文件為存儲(chǔ)方式的認(rèn)證功能。
1.修改Apache的配置文件/usr/local/apache/conf/httpd.conf,對(duì)認(rèn)證資源所在的目錄設(shè)定配置命令。下例是對(duì)/usr/local/apache/htdocs/members目錄的配置:
?。糄irectory /usr/local/apache/htdocs /members>
Options Indexes FollowSymLinks
allowoverride authconfig
order allow,deny
allow from all
?。?Directory>
其中,allowoverride authconfig一行表示允許對(duì)/usr/local/apache/htdocs/ members目錄下的文件進(jìn)行用戶(hù)認(rèn)證。
2.在限制訪(fǎng)問(wèn)的目錄/usr/local/apache/htdocs/members下建立一個(gè)文件.htaccess,其內(nèi)容如下:
AuthName "會(huì)員區(qū)"
AuthType basic
AuthUserFile/usr/local/apache/members.txt
require valid-user
說(shuō)明:文件.htaccess中常用的配置命令有以下幾個(gè):
1) AuthName命令:指定認(rèn)證區(qū)域名稱(chēng)。區(qū)域名稱(chēng)是在提示要求認(rèn)證的對(duì)話(huà)框中顯示給用戶(hù)的(見(jiàn)附圖)。
2)AuthType命令:指定認(rèn)證類(lèi)型。在HTTP1.0中,只有一種認(rèn)證類(lèi)型:basic。在HTTP1.1中有幾種認(rèn)證類(lèi)型,如:MD5。
3) AuthUserFile命令:指定一個(gè)包含用戶(hù)名和密碼的文本文件,每行一對(duì)。
4) AuthGroupFile命令:指定包含用戶(hù)組清單和這些組的成員清單的文本文件。組的成員之間用空格分開(kāi),如:
managers:user1 user2
5) require命令:指定哪些用戶(hù)或組才能被授權(quán)訪(fǎng)問(wèn)。如:
require user user1 user2(只有用戶(hù)user1和user2可以訪(fǎng)問(wèn))
requiresgroupsmanagers (只有組managers中成員可以訪(fǎng)問(wèn))
require valid-user (在AuthUserFile指定的文件中任何用戶(hù)都可以訪(fǎng)問(wèn))
3.利用Apache附帶的程序htpasswd,生成包含用戶(hù)名和密碼的文本文件:/usr/local/apache/members.txt,每行內(nèi)容格式為“用戶(hù)名:密碼”。
#cd /usr/local/apache/bin
#htpasswd -bc ../members.txt user1 1234
#htpasswd -b ../members.txt user2 5678
文本文件members.txt含有兩個(gè)用戶(hù):user1,口令為1234;user2,口令為5678。注意,不要將此文本文件存放在Web文檔的目錄樹(shù)中,以免被用戶(hù)下載。
欲了解htpasswd程序的幫助,請(qǐng)執(zhí)行htpasswd -h。
當(dāng)用戶(hù)數(shù)量比較少時(shí),這種方法對(duì)用戶(hù)的認(rèn)證是方便、省事的,維護(hù)工作也簡(jiǎn)單。但是在用戶(hù)數(shù)量有數(shù)萬(wàn)人,甚至數(shù)十萬(wàn)人時(shí),會(huì)在查找用戶(hù)上花掉一定時(shí)間,從而降低服務(wù)器的效率。這種情形,應(yīng)采用數(shù)據(jù)庫(kù)方式。
采用數(shù)據(jù)庫(kù)存儲(chǔ)
目前,Apache、PHP4、MySQL三者是Linux下構(gòu)建Web網(wǎng)站的最佳搭檔,這三個(gè)軟件都是免費(fèi)軟件。將三者結(jié)合起來(lái),通過(guò)HTTP協(xié)議,利用PHP4和MySQL,實(shí)現(xiàn)Apache的用戶(hù)認(rèn)證功能。
只有在PHP4以Apache的模塊方式來(lái)運(yùn)行的時(shí)候才能進(jìn)行用戶(hù)認(rèn)證。為此,在編譯Apache時(shí)需要加入PHP4模塊一起編譯。假設(shè)PHP4作為Apache的模塊,編譯、安裝Apache到/usr/local/apache目錄,編譯、安裝MySQL到/usr/local/mysql目錄。然后進(jìn)行下面的步驟:
1.在MySQL中建立一個(gè)數(shù)據(jù)庫(kù)member,在其中建立一個(gè)表users,用來(lái)存放合法用戶(hù)的用戶(hù)名和密碼。
1)用vi命令在/tmp目錄建立一個(gè)SQL腳本文件auth.sql,內(nèi)容為:
drop database if exists member;
create database member;
use member;
create table users (
username char(20) not null,
password char(20) not null,
);
insertsintosusers values("user1",password("1234"));
insertsintosusers values("user2",password("5678"));
2)啟動(dòng)MySQL客戶(hù)程序mysql,執(zhí)行上述SQL腳本文件auth.sql的命令,在表users中增加兩個(gè)用戶(hù)的記錄。
#mysql -u root -pmypwd</tmp/auth.sql
2.編寫(xiě)一個(gè)PHP腳本頭文件auth.inc,程序內(nèi)容為:
?。?php
function authenticate() {
Header('WWW-authenticate: basic realm="會(huì)員區(qū)"');
Header('HTTP/1.0 401 Unauthorized');
echo "你必須輸入正確的用戶(hù)名和口令。 ";
exit;
}
function CheckUser(, ) {
if ( == "" || == "") return 0;
= "SELECT username,password FROM usersswheresusername='' and password=password('')";
= mysql_connect('localhost', 'root', 'mypwd');
mysql_select_db('member',);
= mysql_query(, );
=mysql_num_rows();
mysql_close();
if (>0) {
return 1; //有效登錄
} else {
return 0; //無(wú)效登錄
}
}
?>
函數(shù)Authenticate()的作用是利用函數(shù)Header('WWW-authenticate: basic realm="會(huì)員區(qū)"'),向?yàn)g覽器發(fā)送一個(gè)認(rèn)證請(qǐng)求消息,使瀏覽器彈出一個(gè)用戶(hù)名/密碼的對(duì)話(huà)框。當(dāng)用戶(hù)輸入用戶(hù)名和密碼后,包含此PHP腳本的URL將自動(dòng)地被再次調(diào)用,將用戶(hù)名、密碼、認(rèn)證類(lèi)型分別存放到PHP4的三個(gè)特殊變量:、、,在PHP程序中可根據(jù)這三個(gè)變量值來(lái)判斷是否合法用戶(hù)。Header()函數(shù)中,basic表示基本認(rèn)證類(lèi)型,realm的值表示認(rèn)證區(qū)域名稱(chēng)。
函數(shù)Header('HTTP/1.0 401 Unauthorized')使瀏覽器用戶(hù)在連續(xù)多次輸入錯(cuò)誤的用戶(hù)名或密碼時(shí)接收到HTTP 401錯(cuò)誤。
函數(shù)CheckUser()用來(lái)判斷瀏覽器用戶(hù)發(fā)送來(lái)的用戶(hù)名、密碼是否與MySQL數(shù)據(jù)庫(kù)的相同,若相同則返回1,否則返回0。其中mysql_connect('localhost', 'root', 'mypwd')的數(shù)據(jù)庫(kù)用戶(hù)名root和密碼mypwd,應(yīng)根據(jù)自己的MySQL設(shè)置而改變。
3.在需要限制訪(fǎng)問(wèn)的每個(gè)PHP腳本程序開(kāi)頭增加下列程序段:
?。?php
require('auth.inc');
if (CheckUser(,)==0) {
authenticate();
} else {
echo "這是合法用戶(hù)要訪(fǎng)問(wèn)的網(wǎng)頁(yè)。"; //將此行改為向合法用戶(hù)輸出的網(wǎng)頁(yè)
}
?>
把需要向合法用戶(hù)顯示的網(wǎng)頁(yè)內(nèi)容放到else子句中,取代上述程序段的一行:
echo "這是合法用戶(hù)要訪(fǎng)問(wèn)的網(wǎng)頁(yè)。";
這樣,當(dāng)用戶(hù)訪(fǎng)問(wèn)該P(yáng)HP腳本程序時(shí),需要輸入用戶(hù)名和密碼來(lái)確認(rèn)用戶(hù)的身份。
Windows的Apache用戶(hù)認(rèn)證
1.采用文本文件存放用戶(hù)名和密碼時(shí),其方法同前,但需要注意的是表示路徑的目錄名之間、目錄名與文件名之間一律用斜線(xiàn)“/”分開(kāi),而不是反斜線(xiàn)“”。
2.采用MySQL數(shù)據(jù)庫(kù)存放用戶(hù)名和密碼時(shí),首先按下列方法將PHP 4.0.3作為Apache的模塊來(lái)運(yùn)行,然后按上述“采用數(shù)據(jù)庫(kù)存儲(chǔ)用戶(hù)名和密碼的用戶(hù)認(rèn)證”的方法完成。
1)下載Windows版的Apache 1.3.12、PHP 4.0.3、MySQL 3.2.32,將三個(gè)軟件分別解壓、安裝到C:pache、C:PHP4、C:mysql目錄。
2) C:PHP4SAPI目錄有幾個(gè)常用Web服務(wù)器的PHP模塊文件,將其中php4apache.dll拷貝到Apache的modules子目錄(C:pachemodules)。
3)修改Apache的配置文件C:pachenfhttpd.conf,增加以下幾行:
LoadModule php4_module modules/ php4apache.dll
AddType application/x-httpd-php .php3
AddType application/x-httpd-php-source .phps
AddType application/x-httpd-php .php
第一行使PHP4以Apache的模塊方式運(yùn)行,這樣才能進(jìn)行用戶(hù)認(rèn)證,后三行定義PHP腳本程序的擴(kuò)展名。
4)在autoexec.bat文件的PATH命令中增加PHP4所在路徑“C:PHP4”,重新啟動(dòng)電腦。
經(jīng)我測(cè)試,2.0版本的apache不成

Hot AI Tools

Undress AI Tool
Undress images for free

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

Notepad++7.3.1
Easy-to-use and free code editor

SublimeText3 Chinese version
Chinese version, very easy to use

Zend Studio 13.0.1
Powerful PHP integrated development environment

Dreamweaver CS6
Visual web development tools

SublimeText3 Mac version
God-level code editing software (SublimeText3)

Hot Topics

To safely handle PHP file uploads, you need to verify the source and type, control the file name and path, set server restrictions, and process media files twice. 1. Verify the upload source to prevent CSRF through token and detect the real MIME type through finfo_file using whitelist control; 2. Rename the file to a random string and determine the extension to store it in a non-Web directory according to the detection type; 3. PHP configuration limits the upload size and temporary directory Nginx/Apache prohibits access to the upload directory; 4. The GD library resaves the pictures to clear potential malicious data.

InPHP,variablesarepassedbyvaluebydefault,meaningfunctionsorassignmentsreceiveacopyofthedata,whilepassingbyreferenceallowsmodificationstoaffecttheoriginalvariable.1.Whenpassingbyvalue,changestothecopydonotimpacttheoriginal,asshownwhenassigning$b=$aorp

MySQL supports transaction processing, and uses the InnoDB storage engine to ensure data consistency and integrity. 1. Transactions are a set of SQL operations, either all succeed or all fail to roll back; 2. ACID attributes include atomicity, consistency, isolation and persistence; 3. The statements that manually control transactions are STARTTRANSACTION, COMMIT and ROLLBACK; 4. The four isolation levels include read not committed, read submitted, repeatable read and serialization; 5. Use transactions correctly to avoid long-term operation, turn off automatic commits, and reasonably handle locks and exceptions. Through these mechanisms, MySQL can achieve high reliability and concurrent control.

Character set and sorting rules issues are common when cross-platform migration or multi-person development, resulting in garbled code or inconsistent query. There are three core solutions: First, check and unify the character set of database, table, and fields to utf8mb4, view through SHOWCREATEDATABASE/TABLE, and modify it with ALTER statement; second, specify the utf8mb4 character set when the client connects, and set it in connection parameters or execute SETNAMES; third, select the sorting rules reasonably, and recommend using utf8mb4_unicode_ci to ensure the accuracy of comparison and sorting, and specify or modify it through ALTER when building the library and table.

The most direct way to find the last occurrence of a substring in PHP is to use the strrpos() function. 1. Use strrpos() function to directly obtain the index of the last occurrence of the substring in the main string. If it is not found, it returns false. The syntax is strrpos($haystack,$needle,$offset=0). 2. If you need to ignore case, you can use the strripos() function to implement case-insensitive search. 3. For multi-byte characters such as Chinese, the mb_strrpos() function in the mbstring extension should be used to ensure that the character position is returned instead of the byte position. 4. Note that strrpos() returns f

The most direct way to connect to MySQL database is to use the command line client. First enter the mysql-u username -p and enter the password correctly to enter the interactive interface; if you connect to the remote database, you need to add the -h parameter to specify the host address. Secondly, you can directly switch to a specific database or execute SQL files when logging in, such as mysql-u username-p database name or mysql-u username-p database name

To design a reliable MySQL backup solution, 1. First, clarify RTO and RPO indicators, and determine the backup frequency and method based on the acceptable downtime and data loss range of the business; 2. Adopt a hybrid backup strategy, combining logical backup (such as mysqldump), physical backup (such as PerconaXtraBackup) and binary log (binlog), to achieve rapid recovery and minimum data loss; 3. Test the recovery process regularly to ensure the effectiveness of the backup and be familiar with the recovery operations; 4. Pay attention to storage security, including off-site storage, encryption protection, version retention policy and backup task monitoring.

Use the installation media to enter the recovery environment; 2. Run the bootrec command to repair the boot records; 3. Check for disk errors and repair system files; 4. Disable automatic repair as a temporary means. The Windows automatic repair loop is usually caused by system files corruption, hard disk errors or boot configuration abnormalities. The solution includes troubleshooting by installing the USB flash drive into the recovery environment, using bootrec to repair MBR and BCD, running chkdsk and DISM/sfc to repair disk and system files. If it is invalid, the automatic repair function can be temporarily disabled, but the root cause needs to be checked later to ensure that the hard disk and boot structure are normal.
