BladeSystem Forums Have Moved here
To make BladeSystem information easier to find, we have moved the BladeSystem forums here, to Servers and Operating Systems.
Showing results for 
Search instead for 
Do you mean 

Securing Apache directory

Highlighted
Honored Contributor

Securing Apache directory

Hello,

I have several pages in apache that I want to secure with user and password. Securing it with basic authentication in Apache is not enough.

Can you please suggest a good and relatively not very complicated ways to do it? Also, link to how-to guide will be more than appriciated :)

Alex.
I don't give a damn for a man that can only spell a word one way. (M. Twain)
2 REPLIES
Esteemed Contributor

Re: Securing Apache directory

Try the crypt command.
Vibhor Kumar Agarwal
Regular Advisor

Re: Securing Apache directory

Note that Unix crypt is a poor encryption scheme.

I'd suggest HTTPS, using client and server side certificate checking vs. basic_auth (which is the native username/password scheme). HTTPS has been done a lot, so there are plenty of examples / libraries out there to help.

Alternatively, if you really want to use user/pass, you could *not* check the client cert (still checking server cert to avoid man-in-the middle), and then use basic auth over HTTPS.
Those Who Would Sacrifice Liberty for Security Deserve Neither." - Benjamin Franklin