Como configurar directorios protegidos en su cuenta de Hosting en Linux

There is an advantage to controlling access to certain parts of your domain. If, for instance, you wanted to make general information public, but only wanted to make specific information available to your customers you could use a feature of NCSA-based httpd servers commonly referred to as HTACCESS.

Using this access control method you can limit access to certain branches of the directory tree. If you want to really understand how this works, nothing is better than reading the manual.

You can control access to your webpage two different ways, by host filtering or user authentication. But keep in mind that neither method is fullproof. This should be considered as secure as a courtesy lock on a restroom door; nice, but ultimately ineffective.

The default name of the access control file is .htaccess but that is not written in stone. In the server configuration overview we looked at a file called srm.conf. This file had the following entry:

AccessFileName .htaccess

This is the default value, but any specified filename can be used. For the purposes of this chapter I will refer to the .htaccess file by name, but your server may use a different file name.

The method of control is very simple. Place a correctly formated file called .htaccess in a directory and you can restrict access via the web to that directory. Here is a simple example of an .htacess file:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "This is NOT a restricted directory"
AuthType Basic

<Limit GET>
order allow,deny
allow from all
</Limit>

The first two lines refer to files that contain lists of users and groups. I will cover the specific format of the files and their use later. The AuthName entry is displayed in the message box if the browser needs to request a username / password. AuthType is always Basic because the advanced authorization methods based on Kerberos or MD5 are detailed enough for books themselves.

The important parts for now are contained in the familiar looking <Limit> tag. GET is the only widely supported method. PUT was under developement to allow uploading and while POST is partially supported, its use is too complex for this document. Basically, to retrieve ANY document from this directory via the web, the web server will evaluate the .htaccess file and allow or deny access based on the outcome. The above example file is wide open and will allow anyone access. Let’s look at a more restrictive <Limit> rule.

<Limit GET>
order deny,allow
deny from all
allow from mangohosting.com
</Limit>

This rule will cause everyone to be denied EXCEPT hosts from mangohosting.com. The server processes the rules in order and the first exception case is returned. Here is another way to look at it.

<Limit GET>
order allow,deny
deny from mangohosting.com
</Limit>

By changing the order to allow,deny and changing the allow entry to deny we have created a ban list. Everyone EXCEPT mangohosting.com hosts can get documents from the directory.

<Limit GET>
order deny,allow
allow from all
deny from mangohosting.com 192.168.10.
</Limit>

This rule set is evaluated the same as the one above it, but includes an additional deny rule for the 192.168.10. domain. The drawback to using a DNS name can be illustrated if the web server can not resolve an IP address to a domain name. If you rely completely on DNS names and DNS ever fails, you may find yourself locked out of your own site!

Host access control is the simplest way to control access, but what if you have a different ip address every time you log in and you don’t want to allow everyone from your domain access to the directory tree? I’m glad I asked that.

The most effective method of access restriction is the use of a username and password. By using two additional files, people can be granted acc