apache ordnerschutz per db-user/passwort

11. Dezember 2020

Linux

Der htaccess geschützte Bereich wird mit Usern aus der DB abgeglichen.

a2enmod authn_dbd
apt-get install libaprutil1-dbd-mysql
service apache2 restart

In DB:

mysql -u root -p
CREATE DATABASE htaccessuser;
use htaccessuser 
GRANT ALL PRIVILEGES ON user.* TO 'htaccessuser'@'localhost' IDENTIFIED BY 'passwort'; 
FLUSH PRIVILEGES;

In apache2.conf bzw. http.conf

   
<IfModule mod_dbd.c>
 DBDriver mysql
 DBDParams "host=127.0.01 dbname=htaccessuser user=user pass=passwort"
 DBDMin 1
 DBDKeep 8
 DBDMax 20
 DBDExptime 300
</IfModule>
 
<Directory /web/wp-admin>
 Options Indexes FollowSymLinks
 AllowOverride AuthConfig FileInfo Indexes Limit Options

--> AllowOverride All

 AuthType Basic
 AuthName "Logging gestartet" 
 AuthBasicProvider dbd
 AuthDBDUserPWQuery "SELECT password FROM adminuser u WHERE u.user = %s"
 Require valid-user 
</Directory>

<Files wp-login.php>
 AuthType Basic
 AuthName "Logging gestartet" 
 AuthBasicProvider dbd
 AuthDBDUserPWQuery "SELECT password FROM adminuser u WHERE u.user = %s"
 Require valid-user 
</Files>

Username und sha-Passwort
htpasswd -bns user test

Comments are closed.

Gute Information

Sammlung einiger IT Notizzettel

apache ordnerschutz per db-user/passwort