Restricting Access with HTTP Basic Authentication in Apache and Nginx

You can restrict access to your website or some parts of it by implementing a username/password authentication. Usernames and passwords are taken from a file created and populated by a password file creation tool, for example, apache2-utils.

Creating a Password File

sudo htpasswd -c /etc/httpd/.htpasswd admin
or
sudo htpasswd -c /etc/nginx/.htpasswd admin

Create additional user-password pairs. Omit the -c flag because the file already exists

Nginx configuration

server {
    ...
    auth_basic           "Administrator’s Area";
    auth_basic_user_file /etc/nginx/.htpasswd;

    location /public/ {
        auth_basic off;
    }
}

Apache/httpd basic configuration

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    <Directory "/var/www/html">
        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /etc/httpd/.htpasswd
        Require valid-user
    </Directory>
</VirtualHost>

Apache/httpd with proxypass

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ProxyPass / http://localhost:990/
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    <Location />
        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /etc/httpd/.htpasswd
        Require valid-user
    </Location>
</VirtualHost>

apache2/httpd – IP based restriction to a virtual host

The Require provides a variety of different ways to allow or deny access to resources. In conjunction with the RequireAll, RequireAny, and RequireNone directives, these requirements may be combined in arbitrarily complex ways, to enforce whatever your access policy happens to be.

example:

<VirtualHost *:80>

ServerName example.net
Documentroot /var/www/html/

<Location />
      Require ip 192.168.0.0/24  10.0.0.2
</Location>

</VirtualHost>

How to Redirect HTTP to HTTPS in apache

Install modules

yum install -y mod_ssl  mod_rewrite

Enable modules

a2enmod rewrite
a2enmod ssl

Method 1

using rewrite module

<VirtualHost *:80>
ServerName www.yourdomain.com
  
RewriteEngine On 
RewriteCond %{HTTPS} !=on 
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>

Method 2

using redirect method

<VirtualHost *:80>
ServerName www.yourdomain.com 
  
Redirect permanent / https://www.yourdomain.com/
</VirtualHost>

How to set up Reverse Proxy in Apache/httpd

Install and enable apache2 proxy modules

sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_balancer
sudo a2enmod lbmethod_byrequests
sudo systemctl restart apache2

proxies all requests (“/”) to a single backend:

ProxyPass "/"  "http://www.example.com/"

to point to the reverse proxy, instead of back to itself, the ProxyPassReverse directive is most often required:

ProxyPass "/"  "http://www.example.com/"
ProxyPassReverse "/"  "http://www.example.com/"

Only specific URIs can be proxied

ProxyPass "/images"  "http://www.example.com/"
ProxyPassReverse "/images"  "http://www.example.com/"

Example

<VirtualHost *:80>

ServerName example.net
Documentroot /var/www/html/

ProxyPass "/"  "http://www.example.com/"
ProxyPassReverse "/"  "http://www.example.com/"

</VirtualHost>

How To Redirect www to non-www OR non-www to www with Apache

1. Configure DNS Records

In order to set up the desired redirect, www.example.com to example.com or vice versa, you must have an A record for each name.

2. Enable the mod_rewrite module

 a2enmod rewrite

3.1 Update site.conf or .htaccess file ( www to non-www)

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.yoursite.com 
RewriteRule (.*) http://yoursite.com/$1 [R=301,L]

3.2 Update site.conf or .htaccess file ( non-www to www)

RewriteEngine on
RewriteCond %{HTTP_HOST} ^yoursite.com 
RewriteRule (.*) http://www.yoursite.com/$1 [R=301,L]

Example

<VirtualHost *:80>

ServerName example.net
Documentroot /var/www/html/

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.yoursite.com 
RewriteRule (.*) http://yoursite.com/$1 [R=301,L]

</VirtualHost>