1
00:00:04,610 --> 00:00:10,280
In the previous lesson we saw how to slow down brute force attacks or even denial of service attacks

2
00:00:10,640 --> 00:00:17,540
by means of rate limiting but let's say you have an area of your website not intended for users but

3
00:00:17,540 --> 00:00:21,360
rather for administrators or contributors of the site.

4
00:00:21,810 --> 00:00:25,730
You quite simply want to deny any unauthorized requests.

5
00:00:25,730 --> 00:00:33,590
A great solution for this is basic authentication or basic AWF basic or provides a simple username and

6
00:00:33,590 --> 00:00:39,600
password layer to any part of your site and is relatively straightforward to implement.

7
00:00:39,680 --> 00:00:43,340
To demonstrate I'll add it to this demo site home page.

8
00:00:43,580 --> 00:00:50,000
But before we can add all th indication we'll have to generate a simple password file in the HD password

9
00:00:50,000 --> 00:00:51,060
format.

10
00:00:51,290 --> 00:00:57,650
To do this will again be using that same suite of tools we installed to get the Apache bench tools.

11
00:00:57,680 --> 00:01:08,750
Get install apache to use tools or yum install HTP de tools on centos but of course I already have this

12
00:01:08,750 --> 00:01:20,120
installed so the command we're going to use is h t pass w d or HD password setting a C flag to indicate

13
00:01:20,120 --> 00:01:29,350
that we want to generate a password written to a file at EDC slash engine X dot HD password.

14
00:01:29,450 --> 00:01:39,050
So ahead in file then with that prefixed dot for a given user name I'll just make it user one enter

15
00:01:39,420 --> 00:01:44,330
were prompted for a password or make this no secret.

16
00:01:44,330 --> 00:01:46,670
Enter and confirm.

17
00:01:47,340 --> 00:01:56,710
Done adding password for user use of one check that newly generated password file cat iti see engine

18
00:01:56,720 --> 00:02:05,010
x h.t. Password and there we have it a very simple password file containing that user we created user

19
00:02:05,010 --> 00:02:08,550
one and its corresponding password hash.

20
00:02:08,890 --> 00:02:15,390
So now having a password file we can implement basic auth with access granted as per the contents of

21
00:02:15,390 --> 00:02:19,370
that file in this default static location.

22
00:02:19,540 --> 00:02:27,600
Oh get rid of the rate limit implementation adding auth underscore basic so enabling basic or for any

23
00:02:27,600 --> 00:02:33,960
request to this location with the value being the message that will get displayed to the user when prompted

24
00:02:33,960 --> 00:02:37,440
to authenticate secure area.

25
00:02:37,710 --> 00:02:41,940
And secondly tell engine x way to find the password file.

26
00:02:42,240 --> 00:02:52,950
AUTH basic user file iti see slash engine X slash dot HD password save this.

27
00:02:53,620 --> 00:02:55,780
Reloader configuration.

28
00:02:56,550 --> 00:02:59,630
And now we know reload this page in the browser.

29
00:03:00,760 --> 00:03:06,600
We get this native dialogue prompting us to authenticate with the message secure area.

30
00:03:07,000 --> 00:03:08,570
Enter those credentials.

31
00:03:08,590 --> 00:03:11,110
User 1 and my password.

32
00:03:11,140 --> 00:03:15,700
No secret which works and we are granted access.

33
00:03:15,700 --> 00:03:21,010
Or more specifically the request for indexed Odd h.t. email is served with most browsers giving you

34
00:03:21,010 --> 00:03:25,150
the option to store these credentials for automatic future Loggins.

35
00:03:25,390 --> 00:03:30,820
That's all there is to adding basic authentication and as you can see this is a quick and easy solution

36
00:03:30,820 --> 00:03:33,670
to block or secure areas of your site.