624
edits
Changes
Jump to navigation
Jump to search
Line 13:
Line 13: − + + − + Line 39:
Line 40: − + + + + + + + − + Line 80:
Line 87: − + Line 117:
Line 124: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 128:
Line 205: − + − + Line 138:
Line 215: − − It is recommended practise to check that the service did actually restart and is running, with Line 162:
Line 237: − === Old Howto === − − This is a link to an earlier Howto that is still applicable to sme7.x − http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/howto/htaccess%20configuration%20with%20custom%20templates%20HOWTO%20for%20sme%20server.htm − − The Howto refers to a deprecated command − /etc/e-smith/events/actions/restart-httpd-graceful − − Instead of the above, please use the following commands to restart & check the httpd-e-smith service − − sv t /service/httpd-e-smith − sv s /service/httpd-e-smith
added sections for authentication against valid sme users
The recommended way to implement .htaccess on a SME server, is to use custom templates, which are only under the control of the administrator and cannot be tampered with by anonymous Internet users. Using this method you do NOT need to install any contrib rpm.
The recommended way to implement .htaccess on a SME server, is to use custom templates, which are only under the control of the administrator and cannot be tampered with by anonymous Internet users. Using this method you do NOT need to install any contrib rpm.
=== Procedure ===
==== Determining contents of htaccess fragment ====
This method involves creating a httpd.conf custom template fragment with the required information.
This method involves creating a httpd.conf custom template fragment with the required information.
Initially you will need to determine the contents of your .htacess file to be used in the fragment. Refer to the .htaccess web site links below for more details but a basic .htaccess file would contain the following:
Initially you will need to determine the contents of your .htacess file to be used in the fragment. Refer to the .htaccess web site links below for more details but a basic .htaccess file would contain the following (see specific examples in following sections):
AuthUserFile /etc/passwordfilename
AuthUserFile /etc/passwordfilename
The AuthName can be any name you want.
The AuthName can be any name you want.
The rest of the details are basic and can be amended to suit your particular requirements. The contents shown will suffice for standard situations.
The rest of the details are basic and can be amended to suit your particular requirements.
==== Procedure - authentication against a user password file ====
Determine the contents of your .htacess file to be used in the fragment, as mentioned previously.
The contents shown below will suffice for standard situations.
==== Custom template creation ====
===== Custom template creation =====
Next you need to create the custom template.
Next you need to create the custom template.
sv s /service/httpd-e-smith
sv s /service/httpd-e-smith
==== Password file creation ====
===== Password file creation =====
Now you need to create the password file, change to the location you want the password file in
Now you need to create the password file, change to the location you want the password file in
If you use the -c switch when entering additional user details you will overwrite the password file completely and only have the one user entry there.
If you use the -c switch when entering additional user details you will overwrite the password file completely and only have the one user entry there.
==== Procedure - authentication against all sme users ====
Determine the contents of your .htacess file to be used in the fragment, as mentioned previously.
The contents shown below will suffice for standard situations.
===== Custom template creation =====
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
pico -w 50AddSecureIbayFolder
Assuming we want to secure an ibay subfolder called
/home/e-smith/files/ibays/ibayname/html/foldername/subfoldername
edit the fragment file to contain the following
<Directory /home/e-smith/files/ibays/ibayname/html/foldername/subfoldername>
AuthName "My Site Security Group"
AuthType Basic
AuthExternal pwauth
<Limit GET>
order deny,allow
require valid-user
</Limit>
</Directory>
(the "valid-user" setting will allow any valid sme user to gain access)
then do
expand-template /etc/httpd/conf/httpd.conf
sv t /service/httpd-e-smith
sv s /service/httpd-e-smith
==== Procedure - authentication against specified sme users ====
Determine the contents of your .htacess file to be used in the fragment, as mentioned previously.
The contents shown below will suffice for standard situations.
===== Custom template creation =====
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
pico -w 50AddSecureIbayFolder
Assuming we want to secure an ibay subfolder called
/home/e-smith/files/ibays/ibayname/html/foldername/subfoldername
edit the fragment file to contain the following
<Directory /home/e-smith/files/ibays/ibayname/html/foldername/subfoldername>
AuthName "My Site Security Group"
AuthType Basic
AuthExternal pwauth
<Limit GET>
order deny,allow
require user admin smeusername1 smeusername2 smeusername3 smeusername4
</Limit>
</Directory>
(where admin, smeusername1, smeusername2 etc are valid users on the sme server)
then do
expand-template /etc/httpd/conf/httpd.conf
sv t /service/httpd-e-smith
sv s /service/httpd-e-smith
=== Testing ===
=== Testing ===
You will be asked for a user Id and password.
You will be asked for a user Id and password.
Enter any combination that is in your password file to gain access.
Enter any combination that is allowed by your configuration to gain access, ie is in your password file, is any sme user, or is a specfied sme user.
=== Deletion procedure ===
=== Deletion procedure ===
To delete or reverse any changes you make using this method, do the following, replacing filenames with those actually used
To undo any changes you make using this method, do the following, replacing filenames with those actually used
rm /etc/passwordfilename
rm /etc/passwordfilename
expand-template /etc/httpd/conf/httpd.conf
expand-template /etc/httpd/conf/httpd.conf
sv t /service/httpd-e-smith
sv t /service/httpd-e-smith
sv s /service/httpd-e-smith
sv s /service/httpd-e-smith
http://wiki.contribs.org/SME_Server:Documentation:Developers_Manual
http://wiki.contribs.org/SME_Server:Documentation:Developers_Manual
----
----
[[Category:Howto]]
[[Category:Howto]]