��(Authentication), ��Ѻο�(Authorization), ��(Access Control)

�� þ�

��õ� ��	��õ� ��þ�
`mod_auth_basic` `mod_authn_file` `mod_authz_groupfile` `mod_authz_host`	`Allow` `AuthGroupFile` `AuthName` `AuthType` `AuthUserFile` `Deny` `Options` `Require`

�Ұ�

�� Ʈ�� ִ� �� Ҽ�� 鸸�� ̰ų� �̵鸸�� , �� ۿ�� ϴ� �� Ͽ� �� ϴ� �� ִ�.

�� Ʈ�� Ϻθ� ��ȣ�ϱ�� ϴ� "ǥ��" �� ٷ��.

�⺻ ��

�� ۿ�� ٷ�� þ�� ּ��(�Ϲ�� <Directory> ��)�̳� ��丮�� (.htaccess ��)�� Ѵ�.

.htaccess �� Ϸ�� Ͽ� �ִ� �� þ ��ϵ�� ؾ� �Ѵ�. �̸� �� 丮�� Ͽ� � ��þ �� ִ�� ϴ� AllowOverride ��þ ��Ѵ�.

��⼭�� ٷ�� , �� AllowOverride ��þ �ʿ��ϴ�.

AllowOverride AuthConfig

Ȥ�� þ �� ּ��Ͽ� ��´ٸ�, �� Ͽ� �� ־�� Ѵ�.

�׸�� ȣ�� ִ�� ˱�� 丮 �� ˾ƾ��Ѵ�. �� ʰ�, �� ڼ�� ̴�.

�⺻�� ϱ�

�� 丮�� ȣ�� ȣ�ϴ� �⺻�� Ѵ�.

�� ȣ�� Ѵ�. �� ־�� Ѵ�. �ٸ�� ȣ�� ٿ�ε�� ϰ��ϱ� ��ؼ��. �� , �� /usr/local/apache/htdocs�� ִٸ� ��ȣ��(��)�� /usr/local/apache/passwd�� д�.

��ġ�� Ե� htpasswd �� Ͽ� ��ȣ�� . �� α׷�� ġ�� ġ�� bin ��丮�� ִ�. �� Է��Ѵ�.

htpasswd -c /usr/local/apache/passwd/passwords rbowen

htpasswd�� ȣ�� ��, Ȯ�� ȣ�� ٽ� �Է��϶�� û�Ѵ�.

# htpasswd -c /usr/local/apache/passwd/passwords rbowen New password: mypassword Re-type new password: mypassword Adding password for user rbowen

�� htpasswd�� ο� ��ٸ� �� ü ��θ� �Է��ؾ� �Ѵ�. �� ϴ� �� /usr/local/apache/bin/htpasswd�� ִ�.

�� ȣ�� û�ϵ�� ϰ�, ��  �� ˷�� Ѵ�. apache2.conf�� ϰų� .htaccess �� Ͽ� ��Ѵ�. �� , /usr/local/apache/htdocs/secret ��丮�� ȣ�Ϸ��, �Ʒ� ��þ /usr/local/apache/htdocs/secret/.htaccess ��̳� apache2.conf�� <Directory /usr/local/apache/apache/htdocs/secret> ��ǿ� �� Ѵ�.

AuthType Basic AuthName "Restricted Files" AuthUserFile /usr/local/apache/passwd/passwords Require user rbowen

��þ �ϳ�� 캸��. AuthType ��þ�� ڸ� �� Ѵ�. �� Ϲ�� Basic��, mod_auth_basic�� Ѵ�. �׷�� Basic �� ȣ�� ȣȭ�� ʰ� ��. �׷��Ƿ� �� ڷḦ ��ȣ�ϱ�� ϸ� �ȵȴ�. ��ġ�� AuthType Digest�� Ѵ�. �� mod_auth_digest�� ϸ�, �ſ� ��ϴ�. �� ֱ� Ŭ��̾�Ʈ�鸸�� Digest �� Ѵٰ� �Ѵ�.

AuthName ��þ�� (realm)�� Ѵ�. �� ΰ�� Ѵ�. ù��°�� Ŭ��̾�Ʈ�� ȣ ��ȭâ�� ش�. �ι�°�� Ͽ� Ŭ��̾�Ʈ�� Ư��  ��ȣ�� Ѵ�.

�� , �ϴ� Ŭ��̾�Ʈ�� "Restricted Files" �� Ͽ��ٸ�, Ŭ��̾�Ʈ�� ڵ�� "Restricted Files" �� ǥ�õ� �� ȣ�� õ��Ѵ�. �׷�� ϸ� ��ڰ� �� ȣ�� Է�� ʾƵ� �ȴ�. �� Ȼ� �� Ŭ��̾�Ʈ�� ȣ��Ʈ�� ٸ�� ׻� �� ȣ�� ��.

AuthUserFile ��þ�� 츮�� htpasswd�� ȣ�� θ� ��Ѵ�. ��ڰ� ��ٸ� ��û�� Ź� ��ڸ� ��ϱ�� Ϲ� �� ˻��ϴµ� �ð�� ɸ� �� ִ�. ��ġ�� Ÿ��̽� ��Ͽ� �� ִ�. mod_authn_dbm �� AuthDBMUserFile ��þ ��Ѵ�. dbmmanage ��α׷�� Ͽ� ��ȣ�� ٷ��. ��ġ �� Ÿ��̽�� ٸ� �� ϴ� ��ڰ� �� ִ�.

�� Require ��þ�� Ư�� ִ� ��ڸ� ��Ͽ� ��Ѻο�� Ѵ�. �� require ��þ ��ϴ� �پ�� Ѵ�.

�� 鿩��

�� þ�� 丮�� (��ڸ�� rbowen��) �� 鿩��. ��κ�� 鿩�� ̴�. �� AuthGroupFile�� .

�� 鿩�� ʹٸ� �׷�� ׷쿡 � ��ڵ�� ִ�� ˷��ִ� �׷�� ʿ��ϴ�. �� ſ� ��Ͽ�, �ƹ� ��γ� �� ִ�. ��ϳ�� .

GroupName: rbowen dpitts sungo rshersey

�׳� �� ׷� �� ̴�.

�� ȣ��Ͽ� ��ڸ� �߰��Ϸ�� Է��Ѵ�

htpasswd /usr/local/apache/passwd/passwords dpitts

�� , �� ʰ� �� Ͽ� ��ڸ� �߰��Ѵ�. (-c �ɼ�� ȣ�� ).

�� .htaccess �� Ѵ�.

AuthType Basic AuthName "By Invitation Only" AuthUserFile /usr/local/apache/passwd/passwords AuthGroupFile /usr/local/apache/passwd/groups Require group GroupName

�׷�� GroupName �׷쿡 ��ϸ� password ��Ͽ� �׸�� ִ� ��ڰ� �ùٸ� ��ȣ�� Է��ϸ� �� Ѵ�.

�� Ϲ� ��ڸ� �鿩�� ٸ� �� ִ�. �׷�� ʿ�� þ ��ϱ⸸ �ϸ� �ȴ�.

Require valid-user

Require user rbowen �� þ ��ϸ� ��ȣ��Ͽ� �ִ� �� ùٸ� ��ȣ�� Է��ϱ⸸ �ϸ� �� Ѵ�. �׷캰�� ٸ� ��ȣ�� Ͽ� �׷�� ȿ�� ִ�. �� ġ�� ΰ�(��ȣ��ϰ� �׷��)�� ƴ� �� Ѱ�(��ȣ��)�� ˻��ϸ� �ȴٴ� �� ̴�. �׷�� ȣ�� ؾ� �ϰ�, AuthUserFile ��þ ��Ȯ�� ȣ�� ؾ� �ϴ� �� ̴�.

�߻�� ִ� ��

Basic �� û�� ڸ�� ȣ�� Ȯ��Ѵ�. �� ħ�� (�׸�� ȣ�� ȣ�ϴ� ��丮�� ִ� ��) �� ִ� �� ׸�� ٽ� Ȯ��Ѵ�. ��ϵ�� ӵ�� . ��ȣ��  ��ڸ�� ã�� ϱ⶧�� ȣ�� ũ�Ⱑ Ŀ�� . �׸�� ۾�� û�� Ѵ�.

�׷�� ȣ��Ͽ� �� ִ� ��ڼ�� Ѱ谡 �ִ�. �� Ѱ�� ϴ� �� ɿ� �� ٸ��, �׸�� 鰳�� Ѵ´ٸ� ��ٰ� ��ϰ� �ٸ� �� ؾ� �Ѵ�.

�ٸ� �� Ѱ�?

��ڸ�� ȣ�� ٰ� �ƴϴ�. �� ҿ� �� ٸ� �� ڸ� �鿩�� ִ�.

Allow�� Deny ��þ�� û�� ǻ�� ȣ��Ʈ�� Ȥ�� ȣ��Ʈ �ּҸ� �� ϰų� �ź��Ѵ�. Order ��þ�� þ�� Ͽ�, ��ġ��  �� Ģ�� ˸��.

�̵� ��þ� �� .

Allow from address

��⼭ address�� IP �ּ�(Ȥ�� IP �ּ� �Ϻ�)�� θ�(Ȥ�� θ� �Ϻ�)�̴�. ��Ѵٸ� �� ּҳ� ��θ�� ִ�.

�� , �� Խ��ǿ� �� ø�� ִٸ� �� ִ�.

Deny from 205.252.46.165

�� ּҿ�� 湮�ڴ� �� þ ��ȣ�ϴ� �� . IP �ּ� �� ǻ�͸�� ִ�.

Deny from host.example.com

��, ��ü �� ּҳ� ��θ�� Ϻθ� ��Ѵ�.

Deny from 192.101.205 Deny from cyberthugs.com moreidiots.com Deny from ke

Order�� Deny�� Allow ��þ�� Ͽ� �� ϴ� �� ִ�.

Order deny,allow Deny from all Allow from dev.example.com

Allow ��þ ��ϸ�, �ش� ȣ��Ʈ�� ڸ� ��ϰ� �ű⿡ �߰�� ϹǷ� ��ϴ� �� Ѵ�. �� Ư�� ϱ� ��Ѵ�.

��

mod_auth_basic�� mod_authz_host ��  ��ϴ� �� ִ�.

����(Authentication), ���Ѻο�(Authorization), ��������(Access Control)

����

��(Authentication), ��Ѻο�(Authorization), ��(Access Control)

��