Navigate
X

mod_auth_token Installation In Apache

mod_auth_token is a apache module that can be used to sign URLs,  using this it can create time based urls that expire after a certain amount of time. It will prevent hot linking as the URLs will expire. This is particularly useful with video and image sharing.

To get started you will need to have an Apache installation already present. If you need to set this up please set Compile Apache 2.4 From Source.

Install mod_auth_token:

First ssh into the server and get the required packages:

cd /usr/src; wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/mod-auth-token/mod_auth_token-1.0.5.tar.gz

Un-compress the archive:

tar xfvz mod_auth_token-1.0.5.tar.gz

Go into the directory

cd mod_auth_token-1.0.5

Configure it:

./buildconf && ./configure

Install It:

make && make install

Restart Apache to make sure it loads without a error:

service httpd restart

Make sure the module is loaded:

# httpd -M 2>&1|grep auth_token
 auth_token_module (shared)

You should see auth_token_module in the results

Configure Apache for mod_auth_token

You will need to edit the apache configuration and add the following to the domain you want protected by mod_auth_token:

<Location /download/>
# Secret key, can be anything random
 AuthTokenSecret "randomstring"
# directory to protect
 AuthTokenPrefix /protected/
# Timeout length, this is in seconds
 AuthTokenTimeout 300
# limit requsts by IP
 AuthTokenLimitByIp off
</Location>

Restart Apache again:

service httpd restart

To test that it is working create a php file to generate a URL

<?PHP

$secret = "randomstring"; // AuthTokenSecret
$directory = "/[protected/"; // AuthTokenPrefix
$hexTime = dechex(time()); // Time in Hexadecimal 
$url = "http://www.example.com"; // Replace this with the domain
$filename = "/$filename";  // Filename
 
$token = md5($secret . $filename. $hexTime);
 
$url = $domainname . $protectedPath . $token. "/" . $hexTime . $filename;
print $url;

?>

Go ahead and run that php script and it will output the URL, if you are able to access it. The module is working correctly. You can read more about mod_auth_token on code.google.com

LinuxAdmin.io
0 0 votes
Article Rating
Tags: centoslinuxsysadmin
LinuxAdmin.io:
Related Post
  1. Laravel Installation Guide For CentOS

    How to install Laravel on CentOS One of the most popular frameworks of PHP is…

  2. OSSEC Intrusion Detection Installation On Centos 7

    OSSEC (Open Source HIDS SECurity) is an open source host-based intrusion detection system (HIDS).  It performs…

  3. Mod_Expires Configuration In Apache

    mod_expires is a module which runs on the Apache web server. It allows manipulation of…