RHEL7: Configure Apache access restrictions on directories.

Share this link

Note: This is an RHCE 7 exam objective. It has been renamed in June 2016 from “Configure private directories” to “Configure access restrictions on directories” without any particular change.

Prerequisites

First, follow the instructions to install an Apache web server.

Then, create a private directory (called here private):

# cd /var/www/html 
# mkdir private
# echo "This is a test." > private/index.html
# restorecon -R .

There are several ways to restrict access to this directory:

1) host-based private directories

To only allow the test.example.com host (add the name/IP address in the /etc/hosts file if necessary) to access a specific directory (here private), edit the /etc/httpd/conf/httpd.conf file and paste the following lines at the end:

<Directory "/var/www/html/private">
AllowOverride None
Options None
Require host test.example.com
</Directory>

Check the configuration file:

# apachectl configtest
Syntax OK

2) user-based private directories

To only allow me to access a specific directory (here private), edit the /etc/httpd/conf/httpd.conf file and paste the following lines at the end:

<Directory "/var/www/html/private">
AuthType Basic
AuthName "Password protected area"
AuthUserFile /etc/httpd/conf/passwd
Require user me
</Directory>

Check the configuration file:

# apachectl configtest
Syntax OK

Create the passwd file and store me‘s password:

# htpasswd -c /etc/httpd/conf/passwd me
New password: your password
Re-type new password: your password
Adding password for user me
# chmod 600 /etc/httpd/conf/passwd
# chown apache:apache /etc/httpd/conf/passwd

Note: The .htpasswd file can be used locally instead of the httpd.conf file in 1) and 2) for the same purpose.

Whatever the option chosen, restart the httpd service:

# systemctl restart httpd

Configuration Check

Check the httpd service:

# yum install -y curl
# curl -u user:password http://localhost

or

# yum install -y elinks
# elinks http://localhost/private

Useful Tip

If you forget the syntax of some Apache directives, install the httpd-manual package and browse the documentation in the /usr/share/httpd/manual/howto directory:

# yum install -y httpd-manual
# elinks /usr/share/httpd/manual/howto/auth.html

Thanks to Jeromeza for this tip.

1 Star2 Stars3 Stars4 Stars5 Stars (5 votes, average: 4.20 out of 5)
Loading...

Leave a Reply

19 Comments on "RHEL7: Configure Apache access restrictions on directories."

Notify of
Sort by:   newest | oldest
abu3lia
Member
abu3lia

Hi,
I’ve tried the command [# htpasswd -c passwd user01] but this didn’t create the [passwd] file until I entered the full path for the destination location.

Regards.

nariman1064
Member
nariman1064
If during the exam or real life, you have to create the webserver directory under any location other than /var/www/, It will certainly take more time to reconfigure everything: If you look at “/etc/httpd/conf/httpd.conf” you will notice there are several lines in that file that point to “/var/www/” to set or call different things. If in an actual work case, you have to point to a different directory, then there are no issues with taking your time and changing all the paths in httpd.conf to the new location. However, during the exam you have little time to play with these… Read more »
jeromeza
Member
jeromeza

I’ve found that elinks doesn’t seem to handle the auth properly and I don’t get through to the private content.

Curl seems to a) actually work for me b) be quicker:

curl -u me:password http://localhost

jeromeza
Member
jeromeza

yum install -y httpd-manual
less /usr/share/httpd/manual/howto/auth.html

This helps greatly if you forget the syntax for the auth based directives.

sumon1142
Member
sumon1142

Hi, how to create the Access Restricted Directory with virtual host configuration? I wrote the Directory stanza in /etc/httpd/conf.d/private.conf and create passwd file. below is my private.conf configuration:

AuthType Basic
AuthName “Secret Files”
AuthUserFile “/etc/httpd/passwd”
Require user sam

DocumentRoot /var/www/html/private

when I am trying to connect using http://localhost/private, it returns ‘not found’ error.

Can you please explain, What am i missing?

asifshabir
Member
asifshabir

How can we restrict a whole domain.
e.g
*.example.local.

I am trying this without dns but it does not seem to work.

Options None
AllowOverride None

Require all granted
Require not host *.example.local

Lisenet
Member

Your configuration will cause Apache to perform a reverse DNS lookup on the client IP address, therefore if you don’t have a reverse DNS zone configured, it will not work.

Sam
Member
Sam

I suspect you will need a DNS for this.

RHCSA7: Task of the day

Allowed time: 10 minutes.
Archive and compress the content of the /opt directory (create files if none exists).
Uncompress and unarchive the resulting file in /root

RHCE7: Task of the day

Allowed time: 15 minutes.
Configure a Samba server called MYSERVER, belonging to the MYGROUP group, sharing the /shared directory with the name "shared".

Follow me on Twitter

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...