Apache > HTTP Server > Documentation > Version 2.4 > How-To / Tutorials

Authentication and Authorization

Available Languages:  en  |  fr  |  ja  |  ko  |  tr 

Authentication is any process by which you verify that someone is who they claim they are. Authorization is any process by which someone is allowed to be where they want to go, or to have information that they want to have.

For general access control, see the Access Control How-To.


Related Modules and Directives

There are three types of modules involved in the authentication and authorization process. You will usually need to choose at least one module from each group.

In addition to these modules, there are also mod_authn_core and mod_authz_core. These modules implement core directives that are core to all auth modules.

The module mod_authnz_ldap is both an authentication and authorization provider. The module mod_authz_host provides authorization and access control based on hostname, IP address or characteristics of the request, but is not part of the authentication provider system. For backwards compatibility with the mod_access, there is a new module mod_access_compat.

You probably also want to take a look at the Access Control howto, which discusses the various ways to control access to your server.



If you have information on your web site that is sensitive or intended for only a small group of people, the techniques in this article will help you make sure that the people that see those pages are the people that you wanted to see them.

This article covers the "standard" way of protecting parts of your web site that most of you are going to use.


If your data really needs to be secure, consider using mod_ssl in addition to any authentication.


The Prerequisites

The directives discussed in this article will need to go either in your main server configuration file (typically in a <Directory> section), or