Configuring Apache Access Control
Limited Time Offer!
For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly.
Master DevOps, SRE, DevSecOps Skills!
Controlling Access Based on User Identity
Access to parts of a site can be restricted
Require authentication and authorization of the user
User account information can be kept in several places
Plain text files
DBM files
MySQL database
Here, we’ll restrict access to the “admin” section of our site to the
librarians Jim and Carla Since the number of users is small, we’ll store them in a plain text file
Managing the User Account File
1 Enable headers module
You need to enable headers module to enable CORS in Apache.
Ubuntu/Debian
In ubuntu/debian linux, open terminal & run the following command to enable headers module.
$ sudo a2emod headers
CentOS/Redhat/Fedora
In CentOS/Redhat/Fedora linux, open the Apache configuration file httpd.conf and uncomment the following line by removing # in front of them.
LoadModule headers_module modules/mod_headers.so
2 Enable CORS in Apache
Next, add the “Header add Access-Control-Allow-Origin *” directive to either your Apache config file, or .htaccess file, or Virtual Host configuration file, depending on your requirement. If you add it to your main configuration file, CORS will be enabled to all websites on your server. If you add it to .htaccess file or virtual host configuration file, then it will be enabled for only that file’s website. Here are examples of how to add this directive in different files. You can use any one of them.
Directory Tag in Main Configuration File
<Directory /var/www/html> ... Header set Access-Control-Allow-Origin "*" ... </Directory>
Anywhere in .htaccess file
... Header add Access-Control-Allow-Origin "*" ...
VirtualHost Tag in Virtual Host Configuration File
<VirtualHost *:443> ... Header add Access-Control-Allow-Origin "*" ... </VirtualHost>
Enable CORS from all websites
If you want to enable CORS for all websites, that is, accept cross domain requests from all websites, add the following
Header add Access-Control-Allow-Origin *;
In the above statement, we use wildcard (*) for Apache Access-Control-Allow-Origin directive
Enable CORS from one domain
If you want to enable CORS for one website domain (e.g example.com), specify that domain in place of wildcard character *.
Header add Access-Control-Allow-Origin "example.com";
Enable CORS from multiple domains
If you want to enable CORS for multiple domains (e.g example1.com, example2.com,example3.com), specify them separately one after another
Header add Access-Control-Allow-Origin "example1.com"; Header add Access-Control-Allow-Origin "example2.com"; Header add Access-Control-Allow-Origin "example3.com";
Enable CORS from localhost
If you want to enable CORS from localhost, add 127.0.0.1 or localhost in place of domain name
Header add Access-Control-Allow-Origin "localhost";
3. Restart Apache Server
Restart Apache web server to apply changes
-------------- On Debian/Ubuntu -------------- # apache2 -t # systemctl restart apache2.service -------------- On RHEL/CentOS/Fedora -------------- # httpd -t # systemctl restart httpd.service