Digest认证是一种基于哈希算法的 HTTP 认证方法,用于提高用户认证的安全性。与基本认证(Basic Authentication)不同,Digest 认证在传输过程中不会发送明文密码,而是通过加密方式将密码保护起来,从而有效减少密码泄露的风险
1.确保 Apache 已安装并启用了 mod_digest 模块
httpd -M |grep auth_digest
2.创建密码文件
sudo htdigest -c /etc/httpd/.htdigest "Protected Area" aws
输入 aws 用户的密码
3.配置 Apache
在 conf.d 目录下创建一个新的配置文件 secret.conf,用于设置 Digest 认证
sudo vim /etc/httpd/conf.d/secret.conf
<Directory "/var/www/html/secret">
AuthType Digest
AuthName "Protected Area"
AuthDigestDomain /secret
AuthUserFile /etc/httpd/.htdigest
Require valid-user
</Directory>
创建/var/www/html/secret/index.html作为返回认证成功的页面,并写入SUCCESS
sudo mkdir -p /var/www/html/secret
sudo vim /var/www/html/secret/index.html
SUCCESS
4.检查文件权限
确保 .htdigest 文件的权限正确,以便 Apache 可以读取它:
sudo chmod 640 /etc/httpd/.htdigest
sudo chown ec2-user:apache /etc/httpd/.htdigest
5.重启 Apache
保存配置后,重启 Apache 服务使配置生效:
sudo systemctl restart httpd
6.测试认证
#认证失败,返回401
curl http://xx.xx.xx.xx/secret
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
# 认证成功,返回SUCCESS
curl -L --digest -u aws:candidate http://xx.xx.xx.xx/secret
SUCCESS
