Changes

=== Solution ===

=== Solution ===

The recommended way to implement custom access controls or web server directives on an SME server is to add those controls to the main web server configuration file using custom template fragments.  This method allows the system administrator to keep control of the web server security settings, and ensures that other system users will not inadvertently (or deliberately) compromise the web server's security.

The recommended way to implement custom access controls or web server directives on an SME server is to add those controls to the main web server configuration file using custom template fragments.  This method allows the system administrator to keep control of the web server security settings, and ensures that other system users will not inadvertently (or deliberately) compromise the web server's security.

Various examples on this page show how to implement secure authorised access to folders/subfolders in your SME Server ibays. The default settings in SME Server allow you to secure the ibays using the Information Bay panel in server manager, by creating an ibay password which is used to allow authorised access to the ibay from the Internet, but this does not control access to individual folders.

The [http://httpd.apache.org/docs/current/howto/htaccess.html Apache web server documentation] recommends avoiding use of .htaccess files when possible, for both performance and security reasons.

 

 

The alternative commonly used method of implementing access controls or custom directives on a Linux-based server is to create a file called .htaccess in the directory you want to control, and include your instructions in that file.  

===Enabling .htaccess on SME server===

===Enabling .htaccess on SME server===