% % & ' % ' ' ( ) ' ' * )+' ', " '' % & )+ $ '" % & -./ $ '$ 0&) ) $ '1 0 23 4 '1 ) 4 '1 &,3 5

Transcription

1

2 % % & ' % ' ' ( ) ' ' * )+' ', " '' % & )+ $ '" % & -./ $ '$ 0&) ) $ '1 0 2*3 4 '1 ) 4 '1 *&,3 5 '4 /,) '4 &) '4 /,) '4 /,). '4' /,), '5 0&) '5 '5 - '5 0, ' 6 ' ' / ' ' & ' ' ( 7 " '' 6 *& " '" 0 " '$ /+ 66! $ '1!) $ " 6 66! 1 ", 1 " 0&) 1 " 0&) 4 $ ).8. 1, 4 0 2*) 4 %.. 4 %/" 5 6,*, 9:,&) * *3 " % % " % ;##<= " % ;##) = ",& "!& $ 9:,&) 66! 1 8& 1 %& 1 %&66! 2*3& 1 %&66! 4 8<.8.>:, 5 8? "#$# #

3 1. Préambule 0,!;>##<<<) 0, ) A% % B,, C! 0, DE* B? *,!,*& : %,??, &).,, F@,G:H), 2. A.N.F.A.!*%.-!IJ0 I%&? ;<<<& )=,*&,?J0%&? ) 3. Définition 7?, ) & 7!* ) 7;,,/+9= & ;),),,@,?F,)& ) = 0&, 8JJ.;8@ J:J &. = - 0$$F$45'";>##<<<&? )# &# &$$,=! 8JJ. J0.#. & 4,,? "#$# #

4 4. Apache 4.1. Origines % 7(, ;$K,, 7?B &,=,3 & 55" :,06%;0 & 6,) %?*),, ) 7>/= %, %6&< &555? A& & & F) ) 7%! A& 7 F&F&&&?,, ),&, %A *?,I&,), :! *% ''? L 1? 3 A L?! *?), L, %ML*,) 4.2. Installation avec l archive tgz % /usr/local/apache,!?f&),, 6?*,F J ) *% &, )+ )#<) ;G1 )+=F & *) ; :=F, ; N+:&=F % G1F 9:,,>./configure --prefix=/usr/local/apache?,f 0,,,makeF 6? ;=F,,make installf - &, )> ln s /usr/local/apache/bin/apachectl /etc/init.d/httpdf, <,,service httpd start, 6 F "#$# '#

5 J < ) <;>##1>44#F &, 44 :@= -,?>7 %,*% 4.3. Installation avec les rpms 6?*,F J ),*% >##,&> o I1I,O"4$, o I,,I1I,O"4$, o I&I1I,O"4$, o I,I1I,O"4$, o I,I1I,O"4$,;= o II1I,O"4$,;=F o II$4$,;.8.=F o,g II4$,;. =F o,gi4i,o,; 66!=F & *) -./; : =F 6? ;=F,> Rpm ivh apache mdk.i586.rpm \ apache-common mdk.i586.rpm \ apache-conf mdk.i586.rpm \ apache-modules mdk.i586.rpm \ mod_perl i386.rpm \ mod_ssl mdk.rpm "#$# "#

6 , <,,service httpd start, 6 F J < ) <;>##1>44#F &, 44 :@= 4.4. Arborescence des fichiers en installation tgz /usr/local/apache/bin > : cgi-bin > & ),,) de )@,?0 conf >&) htdocs > &<,* icons >A*2 & )< include >& *,) libexec > *:*;,,= logs >& A : man >,, proxy >, :@?, 4.5. Arborescence des fichiers en installation RPM /etc/httpd/conf>&) /usr/bin> : /sbin> : /lib/apache> *:% /share/man>,, /share/doc>, /var/log/apache>& A : /www/>racin< &,8J/! /www/cgi-bin > & ),,) 4.6. Configuration générale!& &) *,"> &>& &) F &>& & 2*3:<F,,@>&@,, ;@ & :F >##<<<I,I )& #PQ#//9, :,,=F,)>&,*&@,,*& ;@ &:=F,&>& &)?*A *! &,& &0I &,*& :,,> (.J(%!9- R690J(STR#690J(S U,, "#$# $#

7 9,&& F&) B ),, service http reload ou service http restart!&) <*% & ;>##1>44#= 0??! > > &> >44> &,0 &.,0!,,*,4, B, *.0! >&>, <. J0.0,,); = >@>)*?B : * =%F& )!*? 3 :)7& )?I *??V<V User web >@>,B,?, )?*:% >,H,GG >, <, 0 && )* >,G6GG>, ;<<<,,,= &,0 W,8 ># ###>0, &CO< ># ##> 0, C 0,&)!" >, & &?* 0 2*3 #$>)# G)> A ) A ) &1@)9& 3 XF &: ) ),,? 3 3 X %&'>)#O> ),, "#$# 1#

8 &'>)#> CO, 3 *%0& )@3,, **%@ ): &'> )#G>,, && *% (> * *%> O & )*% ($># ###)#G),,>?B chemin_vers_le_fichier règle_de_formatage_des_traces!&,) & 3)!), &,,), && 4.7. Contrôle d accès Directives générales! ),& & 3 && )*>:,:,>*)*&&?, & ) &??B ;<<<,,,# <<<,,,#:,=9 )?& 9, &? & * F +>& F*,& 2*3,& & 9 > %>&/<F <6@,!O>*@,?F 9:0> *:0F I6IF (9L90 >,, 0 U: UF :> * )*& ; =F /<>.,& ) &@,, I?, &,,3 ;, :=.F 6@,O&(< / >, <6@,!O, &? &,B, '',+>&?,3 B,& 7 Y& ; %,= )0 > %>,& F >& ) F "#$# 4#

9 %0&)>% Z) % +?,, & ; %Q/ F %Q/ F % F %,F %J@F % F -? F, *%=F &> % Z) 2 Z3 ; %9)F %!))F %J@F &J@F :>.,& *: *&&) )*:; % 8,F :) F :(F -,,F,*%=F!,>% Z) 23 2;<F@ = (>% Z) 2 &&? ; ) (,% LQ8O= &' > >, & &? * Directives d authentification et de limitation des accès! B I & & 3 F & *??*? '',"-%<&,% > &, *3 & ;%< &,,,=F &F?* W < F %<F@>*3? &F?* W <? /I& > 0, %<F@! *&,3 &&) *% > > :? *? *& 0,) W &B )#,&* *?) *),*,)*&, ),.> Q> &, *&! Q )!*&Q)$' *&) /"9 3)) F*Q&& "#$# 5#

10 &'>##G >&?,? 0&, ),,<; =!& B &'> ##G) > &? )? &&! ), B &!& B %!@: & > > > -? > & F -? ) ) > ) & F -? I > & F -? &I< >* B & & F -? &I) >,&I<,) & ) ),, < ; * %=> 0 & > htpasswd c /etc/apache_users username > & G,,,, %A* #,&*,> htpasswd /etc/apache_users username >A*,, 6 * > & ;=, ) *!& * :? :, 2*3 : 4.8. Multihoming Directives de configuration!,,) ),B, )! > '>%#,G GG& >,& * J?B>##<<<,,# ),G GG& "#$# #

11 '>6 %,,[,,>,&, J?B&,, ) &)?)3,,9, 8 0'1>, 81>4>,* ),,) &,<.!& J0.*) * AO [,,). 0'1 2)-!"0'1 > & * *.!*.B, [ ;,,),= 33> &) ).,3 ) Multihoming par arborescence!&& ),B,.,B,,,&& 0&) &?)3 2 *3 & &> Alias /site1 /meswebs/site1 Alias /site2 /meswebs/site2 Alias /site3 /home/user_site Multihoming par adresse IP ou par port!&& &&.#! 8 Listen :80 Listen :443 Listen :80 <VirtualHost :80> ServerName DocumentRoot /mesweb/mondomaine.com </VirtualHost> <VirtualHost :443> ServerName DocumentRoot /mesweb/mondomaine_secure.com </VirtualHost> <VirtualHost :80> ServerName DocumentRoot /mesweb/tructmuche.com </VirtualHost>! >! <<<,,, * 5$4F & #,<#,,,F "#$# #

12 ! <<<,, * 5$4F & #,<#,,! <<<,,, * 5$466!; ''=F & #,<#,,G, %>,?6,B Multihoming par nom!&& ),B,.,B,,&&,& & &) ), 8& 8 NameVirtualHost * <VirtualHost *> ServerName DocumentRoot /mesweb/mondomaine.com </VirtualHost> <VirtualHost *> ServerName DocumentRoot /mesweb/trucmuche.com </VirtualHost> <VirtualHost *> ServerName ServerAlias bazaar.com *.bazar.com DocumentRoot /mesweb/bazar.com </VirtualHost>! >! <<<,,, 3 : & #,<#,,,F! <<<,, 3 : & #,<#,,F J[+,3:& #,<#+, %>,?6,B 6 -,?>, & ) *F, Configuration avancée Directives 1%>&&>, & 6? & &?,& *.0)3 & )6*?? ; A &&?* *3,, =F "#$# #

13 4*>>&, &? B :?B!?*@ &?FA?* 4>">&,,,, &? *?B 4*('>"$>,,:,,?B,? B,,:,, &?,B,,!?B, 4*/('>,,:,,?B?* & %F 0,*, & Y%, )3, &! 5 '>>,\% 8JJ.?,?B:J0.&*, &, 4*5 '/>>&,,:,,?B? *,B,\%!,.+>>&,,:,,?% * 4'>!/,G, :# >, &!& : *% 9:,>!/,G :#,G!, *%/ 4'>%/,G,>, *, );, %F )!/! ('4',,, ) )64' '7!")64' >, & &) **, Répertoires utilisateurs, %, G I>AddModule mod_userdir.c &?CO), > RIfModule mod_userdir.c> UserDir public_html </IfModule>!?B >##<<<,,#P # 3 :& O P #G, Compilation avancée! *,;#&) =F B > 886*9""''">,& C %] "#$# #

14 88'8'9'7> *,] 88'89'7 >, &, 888'988'8>3), %] 88'8'9'7> *,&*%] 88'8*> ),, :?, % ) * *:;) :F = A ) ; F, F?)&? B,*) = Modules à désactiver! ),@F,:*F&,:,,,, * -disable-module * *, -disable-module=all?, *,,,?, &? ; B &=>,G,&*-!,G < 7 =,G: &) ;:=,G 6 6;66=,G) 0,,<@ &;0=;&+.8.=,G 0&,) ^ *%;,=,G,*&, *,G,,)?2 & ),, 7 &;,? <<< )= Droits sur les fichiers %* :&?*,F&* ) *? F &?*?: % )**3 &?,,B, &Y ) 7 B # %; :,) I< =*?*, F*:?? )F)7B : "#$# '#

15 ! *% ; = B,& *?:%!, &,, * 3 #: %,F+ *3 *:*%F&?I ) < F* %,* : F <III:II: mkdir /usr/local/apache cd /usr/local/apache mkdir bin conf logs chown 0. bin conf logs chgrp 0. bin conf logs chmod 755. bin conf logs #Suivez la procédure d installation chown 0 /usr/local/apache/bin/httpd chgrp 0 /usr/local/apache/bin/httpd chmod 511 /usr/local/apache/bin/httpd Options sur le site Web 6& : F & %<(??,3 &),&) B,&, & &? *3&? &? +? )> <Directory /> AllowOverride None Order Deny,Allow Deny from all </Directory>. <Directory /usr/local/apache/htdocs> AllowOverride None Order Deny,Allow Allow from all </Directory> /< &!:F <@,OB, )? ) & Support de l authentification 6 )C F&,,, *& 2* CGIs! 0 : 3, 0*?F 3 B "#$# "#

16 6F &+ ),,?*, && I &<, 3) 2,3 &&;0 66 ) :,= 6F ) +??, *:?*, Mettez en place le support de SSL ! A Utilisez 2 )= %+,*AddModule mod_security.c ; 0&), & > <IfModule mod_security.c> AddHandler application/x-httpd-php.php SecAuditEngine On SecAuditLog logs/audit_log SecFilterScanPOST On SecFilterEngine On </IfModule> +R#&/S), & *?066> SecFilterDefaultAction "deny,log,status:500" SecFilter "<(. \n)+>" 0*?*:,&) A Logs *+ *, A : & 3) O)F * ) *@ 0:I+ +*: Chroot! ) *%,, *: *%!:!)%* 3?*:&?,, * & : & *% 0, * ) * *,@3, 0 # #< "#$# $#

17 cd /chroots/web mkdir bin dev etc sbin tmp usr var usr/lib usr/share usr/share/local usr/share/zoneinfo chmod +rwxogu tmp chmod +t tmp 0 & &, *%,;,F &,?FA+,,N=> #création d un device /dev/null mknod m 666 dev/null c 1 3 #paramétrage de la zone cp pi /usr/share/zoneinfo/[votrezone] usr/share/zoneinfo cd etc #paramétrage de l heure ln s../usr/share/zoneinfo/[votrezone] localtime cd.. cp a /usr/share/locale/[votrelocale] usr/share/locale #copie de quelques libs utiles cp -pi /lib/libtermcap.so.2 /lib/ld-linux.so.2 /lib/libc.so.6 lib/ #copie d un shell cp -pi /bin/sh /bin/cat bin/ #création des fichiers d utilisateurs touch etc/passwd etc/group etc/shadow chmod 400 etc/shadow #creation d un utilisateur pour l exécution d Apache (aucun utilisateur root ne sera créé) echo 'www:x:888:888:web Account:/webhome:/usr/bin/false' > etc/passwd echo 'www:x:888:' > etc/group echo 'www:*:10882:-1:99999:-1:-1:-1: ' > etc/shadow cp pi /bin/false bin #les fichiers binaires sont en exécution seule chmod 111 bin/* chmod 111 usr/local/apache/bin/* #libs nécessaires au DNS cp -pi /lib/libnss_files.so.2 lib/ cp -pi /lib/libnss_dns.so.2 lib/ 0&) 6F +& > #<& passwd: files shadow: files group: files hosts: files dns # & domain mondomaine.com # adresse du DNS (ici un cache local) nameserver # localhost loopback #adresse IP interne du serveur ns.mondomaine.com ns www 0 & *%> Cp pi /usr/local/apache usr/local/apache #quelques libs nécessaires au fonctionnement d Apache cp -pi /lib/libdl.so.2 /lib/libm.so.6 /lib/libcrypt.so.1 /lib/libdb.so.3 lib/ cp -pi lib/ 0 7 > & &?? 7/messites/webF /chroots/web/messites/web "#$# 1#

18 , % *, ;?*% # #<# ##= > chroot /chroots/web /usr/local/apache/bin/apachectl start ,@6M! F *.8. O# #,#,@?O,@6M!& *: *,. 3,+:> 6, # ># #,#,@?O # #<# #,#,@?O 6F+&).8.,@6M!.? &),@6M!.; & < = -,?> &) F & *% 9 ) ;= B,F *,? &?? 3?, &,?+ "#$# 4#

19 5. Sécurité avec SSL 5.1. Installation de modssl &* O)(66!; <<< )= &,66!,G;<<<, )= 6 J ) &,GI4I1)+ <<<, ) & ), & *%;#,= %,G> cd mod_ssl &),G>./configure --with-apache=../apache_ with-ssl=chemin_openssl \ --with-crt=/usr/local/apache/conf/ssl.crt/server.crt \ --with-key=/usr/local/apache/conf/ssl.key/server.key \ --prefix=/usr/local/apache. **% -,?>,, *,, <<<, ) 5.2. Configuration du serveur && 66!&) *%. F,66! % &) ) 66!;:,&) & := AddType application/x-x509-ca-cert.crt AddType application/x-pkcs7-crl.crl 0,% W &,,& ) &66! '$>>?%C ; =? 3)& 7!*??*,, )*% (>,># ###)#G>&, & C O 66! (.>> 4*> file:/usr/local/apache/logs/ssl_mutex : &, & C O,? 3)3 66! > ) Q ) (66! 0 B &), ) *% ;66!-,6 =: ;66!-,6= $>V# ###)#G)G)V>& A, 66!;&,,66!= $'>&>A, 66! "#$# 5#

20 !&? <?66! B 8? &?)366! J0.'' #$>>66!J: & 66! (66&'># ###&# # >&? & (65&'> # ###&#O@# O@ > &? & (6(&'> # ###&# # > &? W,3 & ( (6># ###&# >, *3 & *% 0 &?)3 ( (6&'># ###&# # > &? & *% 0 &?)3 ( ># ###&# >,? )3 &,!*,, )/ &> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response Configuration des répertoires!*&) & & &. > / > >, *3 66! * 0 *?*66! 06('> > #? >, * *&66!? & 2?*), (,* &?* -? :* &;?) 0% = +>`69 >,& &,66!! ;:=> `69 > & *,?,,? : 0 *66! `6 -? & 2 * 66!? 66!-? 66!, "#$# #

21 ` OQ%>,&Q *&66! & 2*3 2*3 %; =. F&A & % ) &!, *,, & V0a #(a/0%#(a/#,% a H,,V!,* B V< V />Kb66!G0!9JG6GG0cbV Vc>,& &?*&66!*:,F0,,, &B :,: "#$# #

22 6. Intégration PHP! 3 <<< =B,3 > 6 J ) 3.8. <<< & *) * ), *.,.8../configure --with-apache=../${src_apache} --with-mysql=/usr/, :,B ).8.?,,@? with-mysql=/usr ;?/@6M! -./ =.8. *&, *) ) 0,,,,O 6.8.,,,O %.8.%>,& & & A > o LoadModule php4_module libexec/libphp4.so > )3?.8. o AddModule mod_php4.c>, o IfModule mod_mime.cfa VAddType application/x-httpdphp.php.php3.php4v?&) /,&.8. 6 I 0&) *.8.,0> <Directory /monsiteweb/scriptsphp> #Directives générales DirectoryIndex index.php index.php3 #charge par défaut la page index.php <IfModule mod_php4.c> #configuration spécifique au module PHP php_value include_path '/usr/local/lib/php:.' # répertoires dans lesquels sont stockés des bilbiothèques de scripts php php_flag magic_quotes_gpc Off #pour la sécurité php_flag track_vars On #pour la sécurité </IfModule> </Directory> J < ;& :,?.8.:= 7. Documentation '-,,,::$ 6 ),,>>##<<<, - 0>>##<<<&? )# &#.8.><<< (66!><<< ) /66!><<<, ) /,>>##<<<I,I )& #PQ#//9,,& Y> >## 5:&,@ )#:#:'d)a,!%/.> >##<<<:& )# #, # ) "#$# #

23 8. Contrôle de l intégrité des sources 8.1. Avec PGP J ) &..*%;>##<<< )###\9e6= J ) ) FI 1> -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1i iqa/awuapzrvg4s6yb8iyxxleqkkpgceoxsbexlgyuzewf6mlzd/5+sjrpcaonn6 q7jvnn1yvfn4t3jooy2xm9zg =JeQp -----END PGP SIGNATURE----- & ) &,B,?C+ > % pgpk -a KEYS % pgpv apache_ tar.gz.asc % pgp -ka KEYS % pgp apache_ tar.gz.asc % gpg --import KEYS % gpg --verify apache_ tar.gz.asc 8.2. Avec MD5 9:,,% md5sum apache_ tar.gz 0, *0I 1> $"45$"$"1'''4$ "#$# #

24 9. Script de compilation d apache avec php et modssl! I, F,F?*, ;=,@?;?B +F A)F ) ); B = %,,@,?,,G,&*-!,G < 7 =,G: &) ;:=,G 6 6;66=,G) 0,,<@ &;0=,G 0&,) ^ *%,G,*&, *,G,,)?2 #!/bin/sh #repertoires ou telecharger les sources # # # #ftp://ftp.cac.washington.edu/mail/ # BUILD_OPENSSL=1 CONFIG_MODSSL=1 CONFIG_APACHE=1 BUILD_IMAP=1 BUILD_PHP=1 BUILD_APACHE=1 SRC_APACHE=apache_ SRC_OPENSSL=openssl SRC_MODSSL=mod_ssl SRC_IMAP=imap-2002 SRC_PHP=php DST_APACHE=/usr/local/apache DST_OPENSSL=/usr/local/ssl DST_MODSSL=mod_ssl DST_IMAP=imap-2002 DST_PHP=php APACHE_DISABLED_MODULES=--disable-module=proxy \ --disable-module=mod_alias \ --disable-module=mod_rewrite \ --disable-module=mod_userdir \ --disable-module=mod_autoindex \ --disable-module=mod_include \ --disable-module=mod_status \ --disable-module=mod_imap "#$# '#

25 if [! -d./logs ]; then mkdir./logs fi if [ $BUILD_OPENSSL -eq 1 ]; then echo Openssl cd ${SRC_OPENSSL} echo " Config"./config --prefix=${dst_openssl} shared >&../Logs/openssl_config.log exit 1 echo " Fin : Config" echo " Compil" ; make >&../Logs/openssl_compil.log exit 1 echo " Fin : Compil" echo " Install" ; make install >&../Logs/openssl_install.log exit 1 echo " Fin : Install" echo "Openssl fin" cd.. else echo Openssl : ignore fi if [ $CONFIG_MODSSL -eq 1 ]; then echo mod_ssl cd ${SRC_MODSSL} echo " Config"./configure --with-apache=../${src_apache} \ --with-ssl=${dst_openssl} \ --with-crt=${dst_apache}/conf/ssl.crt/server.crt \ --with-key=${dst_apache}/conf/ssl.key/server.key \ --prefix=${dst_apache} >&../Logs/modssl_config.log exit 1 echo " Fin : Config" echo "mod_ssl fin" cd.. else echo mod_ssl : ignore fi if [ $CONFIG_APACHE -eq 1 ]; then echo "Apache (preparation)" cd ${SRC_APACHE} echo " Config"./configure --prefix=${dst_apache} >&../Logs/apache.log exit 1 echo " Fin : Config" echo "Apache fin" cd.. else echo "Apache (preparation) : ignore" fi if [ $BUILD_IMAP -eq 1 ]; then echo imap cd ${SRC_IMAP} echo " Compil" make slx >&../Logs/imap-compil.log exit 1 echo " Fin : Compil" echo "imap fin" cd.. else echo imap : ignore fi if [ $BUILD_PHP -eq 1 ]; then echo PHP cd ${SRC_PHP} "#$# "#

26 CFLAGS='-O2 -I${DST_OPENSSL}/include' echo " Config"./configure --with-apache=../${src_apache} \ --with-gettext \ --with-freetype-dir \ --with-mysql=/usr/ \ --enable-memory-limit=yes \ --with-imap=../${src_imap} \ --with-zlib-dir=/usr \ --with-jpeg-dir \ --with-png-dir \ --with-gd >&../Logs/php_config.log exit 1 echo " Fin : Config" echo " Compil" ; make >&../Logs/php_compil.log exit 1 echo " Fin : Compil" echo " Install" ; make install >&../Logs/php_install.log exit 1 echo " Fin : Install" echo PHP fin cd.. else echo PHP : ignore fi if [ $BUILD_APACHE -eq 1 ]; then echo Apache cd ${SRC_APACHE} SSL_BASE=${DST_OPENSSL}/include/ EAPI_MM=../mm-1.1.x echo " Config"./configure --enable-module=ssl \ --enable-shared=ssl \ --prefix=${dst_apache} \ --activate-module=src/modules/php4/libphp4.a \ --enable-shared=php4 \ ${APACHE_DISABLES_MODULES} >&../Logs/apache_config.log (exit 1) echo " Fin : Config" echo " Compil" ; make >&../Logs/apache_compil.log exit 1 echo " Fin : Compil" echo " Install" ; make install >&../Logs/apache_install.log exit 1 echo " Fin : Install" echo "Apache fin" echo Fin cd.. else echo Apache : ignore fi "#$# $#

27 10. Exemple de configuration d une restriction d accès Fichiers AuthUserFile et AuthGroupFile. :,F& *& > AuthUserFile LLL! V#0a -#6Ja1"TV &66! ; :, 66!= joe:xxx bob:xxx alice:xxx /C=FR/ST=75/O=Maison/OU=Maison Users/CN=homme/ [email protected]:XXX /C=FR/ST=75/O=Maison/OU=Maison Users/CN=femme/ [email protected]:XXX root:xxx AuthGroupFile (/etc/htgroups) Utilisateurs_ssl: "/C=FR/ST=75/O=Maison/OU=Maison Users/CN=homme/ Address=ho [email protected]" "/C=FR/ST=75/O=Maison/OU=Maison Users/CN=femme/ Address=femme@ home.com" Utilisateurs_web1: "/C=FR/ST=75/O=Maison/OU=Maison Users/CN=homme/ Address=h [email protected]" alice joe Utilisateurs_misc: joe bob Globalement dans access.conf - *3 A> <Directory /usr/local/apache/htdocs/secure> AllowOverride None DirectoryIndex index.htm Order allow,deny Allow from all AuthName "Acces restreint" AuthType Basic AuthUserFile /etc/htpasswd require user joe bob alice </Directory>!@:,B, <Directory /usr/local/apache/htdocs/secure> AllowOverride None DirectoryIndex index.htm Order allow,deny Allow from all AuthName "Acces restreint" AuthType Basic AuthUserFile /etc/htpasswd AuthGroupFile /etc/htgroups require user alice require group Utilisateurs_misc </Directory>!@:, < > "#$# 1#

28 <Directory /usr/local/apache/htdocs/secure> AllowOverride None DirectoryIndex index.htm Order allow,deny Allow from all AuthName "Acces restreint" AuthType Basic AuthUserFile /etc/htpasswd require valid-user </Directory> & ; = <Directory /usr/local/apache/htdocs/secure> AllowOverride AuthConfig # activation du support de fichier htaccess DirectoryIndex index.htm Order allow,deny Allow from all #il est possible de definir un controle d acces qui pourra etre modifier par un fichier htaccess s il existe </Directory> Locale via un fichier.htaccess 0,B,?& &, C>. :, A F & > Order allow,deny Allow from all AuthName "Acces restreint" AuthType Basic AuthUserFile /etc/htpasswd AuthGroupFile /etc/htgroups require group Utilisateurs_misc "#$# 4#

29 11. Exemple de configuration SSL Httpd.conf?*&?* &) = <IfDefine SSL> AddType application/x-x509-ca-cert.crt AddType application/x-pkcs7-crl.crl </IfDefine> <IfModule mod_ssl.c> SSLPassPhraseDialog builtin SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/usr/local/apache/logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLLog /usr/local/apache/logs/ssl_engine_log SSLLogLevel info </IfModule> <IfDefine SSL> Listen 443 <VirtualHost *:443> DocumentRoot "/usr/local/htdocs" ServerName ServerAdmin [email protected] ErrorLog /usr/local/apache/logs/www_ssl_error_log TransferLog /usr/local/apache/logs/www_ssl_access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/apache/conf/ssl.crt/ SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/ SSLCertificateChainFile /usr/local/apache/conf/ssl.crt/ca.crt SSLCACertificatePath /usr/local/apache/conf/ssl.crt SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca.crt SSLCARevocationPath /usr/local/apache/conf/ssl.crl <Files ~ "\.(cgi shtml phtml php php3?)$"> SSLOptions +StdEnvVars </Files> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /usr/local/apache/logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> </IfDefine> Access.conf Authentification SSL avec contrôle d accès dans des fichiers.htaccess <Directory /usr/local/apache/htdocs/secure AllowOverride AuthConfig DirectoryIndex index.htm Order allow,deny "#$# 5#

30 Allow from all <IfDefine SSL> SSLRequireSSL SSLVerifyClient optional # il est possible de se connecter sans certificats pour de simples utilisateurs declares dans htacccess par exemple SSLOptions +StdEnvVars +StrictRequire +FakeBasicAuth </IfDefine> </Directory> & & % A & ) > CN=root/O=MaCA/OU=Maison/ [email protected]:xxj31ZMTZzkVA! ::Af/Jf+O%, D< & % &&* 3&,,> Order allow,deny Allow from all AuthName "Acces restreint" AuthType Basic AuthUserFile /etc/htpasswd require user "CN=root/O=MaCA/OU=Maison/ [email protected]" Authentification SSL avec contraintes *3 * &F ` OQ% *. &) 0% 7,* <Directory /usr/local/apache/htdocs/secure> AllowOverride None DirectoryIndex index.php # pages dynamiques générées par PHP Order allow,deny Allow from all <IfModule mod_php4.c> # configuration de PHP php_value include_path '/usr/local/lib/php:.' php_flag magic_quotes_gpc Off php_flag track_vars On </IfModule> <IfDefine SSL> SSLRequireSSL SSLVerifyClient require # il n est pas possible de se connecter sans certificat SSLOptions +StdEnvVars +StrictRequire SSLRequire %{SSL_CLIENT_S_DN_CN} in {"root"} # le Common Name doit être root </IfDefine> </Directory> "#$# #

31 12. Helloworld PHP : index.html <html> <head> <title>exemple</title> </head> <body> <?php write "Bonjour, je suis un script PHP!"?> </body> </html> "#$# #

32 13. Historique des version F'##>.,3! F##>, &*: "#$# #