Give access to authenticated users

Question

I have this in my configuration file:

Require all granted

Im running apache 2 on a windows.

I dont want to give everyone permission - How can i invoke authentication form when someone trying to access the server?

It is an intranet application and i want that anyone who can get access to the machine will get access to the sever too.

something like

Require valid-user

I did try to google it but no luck.

Answer 1

The info you are looking for is here Apache Authentication and Authorization.

This is what I have on my apache conf for each dir I want users to use a password for.

I have to put the username of each user I want to give access to here, there is another way to manage users though, using the AuthGroupFile, but I don't have many since I use this for a simple file server for a yum repository.

<Directory "your_dir" >
  AuthType Basic
  AuthName "Restricted Access"
  # Optional line:
  AuthBasicProvider file
  AuthUserFile /usr/local/apache/passwd/passwords
  # AuthGroupFile /usr/local/apache/passwd/groups
  Require user username1 username2 username3
</Directory>

The syntax of the password file is something like:

username1:$apr1$fdafdsafdafdafsafda
username2:$apr1$fdafdsafdafdafsafda

But that file shouldn't be manually created, there is a tool for that, htpasswd.

I have this in my code when adding new users:

def add_password(passwords_file,user,password)
  if File.exists? passwords_file
    unless File.readlines(passwords_file).grep(/#{user}/).size > 0
      %x[htpasswd -b #{passwords_file} #{user} #{password}]
    end
  else
    %x[htpasswd -c -b #{passwords_file} #{user} #{password}]
  end
end

Hope this helps!