唉,博客又長滿了雜草,又該寫點什麼了~
前些天在網上溜達,遇到一個網站需要口令才能登錄,我很感興趣.故又去翻APACHE的文檔瞭解下,終於我也弄出一個需要口令認證的網站,故寫下筆記分享下~
APACHE的安裝就另搜索吧,不在此再寫了.下面來看下HTTPD.CONF文檔,默認的文檔裏有這麼一段話
------------------------------------------------------------------------------------------------------------------------
.......
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
......
-----------------------------------------------------------------------------------------------------------------------------
其中有一行:
AllowOverride None
AllowOverride None
AllowOverride爲何物?有何用?下面我們來看下官方文檔的解釋:
AllowOverride 指令
說明 確定允許存在於.htaccess文件中的指令類型
語法 AllowOverride All|None|directive-type [directive-type] ...
默認值 AllowOverride All
作用域 directory
狀態 核心(C)
模塊 core
說明 確定允許存在於.htaccess文件中的指令類型
語法 AllowOverride All|None|directive-type [directive-type] ...
默認值 AllowOverride All
作用域 directory
狀態 核心(C)
模塊 core
.htaccess文件(或者"分佈式配置文件")提供了針對每個目錄改變配置的方法,即在一個特定的目錄中放置一個包含指令的文件,其中的指令作用於此目錄及其所有子目錄。
OK,也就是說,可以在某一目錄下配置.htaccess文件,然後通過AllowOverride 開關,我們就可以創建一個口令認證的網站了
這裏我以網站的根目錄爲例,如下
<Directory />
AllowOverride all //啓用.htaccess
AuthType Basic //Basic認證方法,明文傳送
AuthName "my web" //服務器標識
AuthUserFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/passwds" //密碼文件
Require valid-user //允許所有用戶訪問
</Directory>
AllowOverride all //啓用.htaccess
AuthType Basic //Basic認證方法,明文傳送
AuthName "my web" //服務器標識
AuthUserFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/passwds" //密碼文件
Require valid-user //允許所有用戶訪問
</Directory>
下面要配置密碼文件C:/Program Files/Apache Software Foundation/Apache2.2/conf/passwds
這個文檔可通過記事本錄入,格式爲[username]:[password];也可通過bin下的一個htpasswd.exe小程序生成的,可支持MD5,CRYPT和SHA三種方式加密.下面就用htpasswd.exe創建一個帳號
C:\Program Files\Apache Software Foundation\Apache2.2\bin\htpasswd.exe -c "C:/Program Files/Apache Software Foundation/Apache2.2/conf/passwds" motu
Automatically using MD5 format.
New password: ***
Re-type new password: ***
Adding password for user motu
Automatically using MD5 format.
New password: ***
Re-type new password: ***
Adding password for user motu
//創建C:/Program Files/Apache Software Foundation/Apache2.2/conf/passwds文檔,用戶名是motu,默認啓用MD5加密.
當你需要創建第二個用戶時,只要將"-c"參數去掉就行了,否則就會刪除之前的信息.
效果如圖:
關於口令認證的更多信息,請參考APACHE的相關手冊.