The Apache server has a built-in user authentication mechanism. As long as you set it appropriately, you can control certain parts of the website to require user authentication. As long as you follow me step by step, you should be able to easily implement user verification.
Preparation: Apache must be installed.
Step 1:
We create a test directory under /var/www (apache's homepage root directory).
mkdir /var/www/test
Step 2:
Then we edit httpd.conf
Add to
Alias /test"/var/www/test" <Directory "/var/www/test"> Options Indexes MultiViews AllowOverride AuthConfig #Indicates authentication Order allow,deny Allow from all </Directory> #AllowOverride AuthConfig means authenticating which is a critical setting
Step 3:
Create .htaccess file in /var/www/test
vi /var/www/test/.htaccess
AuthName "frank share web"
AuthType Basic
AuthUserFile /var/www/test/.htpasswd
require valid-user
#AuthName description, write whatever you want
#AuthUserFile /var/www/test/.htpasswd
#require valid-user or require user frank restricts all legal users or specified users
#It is recommended to use .htpasswd for password files, because the default system of Apache does not allow external reading of files starting with ".ht" by default, so the security factor will be higher.
Step 4:
Just create a verified user for apache
htpasswd -c /var/www/test/.htpasswd frank
#When creating a user for the first time, you need to use the -c parameter. When you add a user for the second time, you do not need the -c parameter.
If you want to change your password, you can do the following
htpasswd -m .htpasswd frank
Step 5:
ok, restart the apache service, and then visit http://your website address/test. If everything goes well, you should see a pop-up window for user verification. Just fill in the username and password created in step 4.
For the sake of server performance, it is generally not recommended to use AllowOverride AuthConfig or AllowOverride ALL, because this will cause the server to constantly search for .htaccess, thus affecting the performance of the server. Generally, we may need to verify this for some background management interfaces or other special directories. need.