kaisjy
> does anyone have an rpm or a way to use .htaccess with mod_rwright etc on SME 7.0 alpha4?
What about using custom templates ?
Here is a draft howto I wrote based on a post by Charlie Brady. Let me know if it works OK with 7.0aplpha.
htaccess configuration with custom templates for sme server
Release supported: sme 5.5, 6.0, 6.0.1, 6.5
Author: Ray Mitchell
Updated: 17 February 2005 v1
Problem:
You want to implement secure authorised access to folders in your sme servers ibays.
The default settings in sme server allow you to secure the ibays using the Information Bay panel in server manager, by creating an ibay password which is used to allow authorised access to the ibay from the Internet, but this does not control access to individual folders.
Solution:
The use of a .htaccess file and associated password file can control the security of subfolders within ibays by username and password. .htaccess is not enabled by default and requires the installation of a rpm.
.htaccess files are inherently exposed to the Internet and require the correct permissions to be applied to ensure that unauthorised access is not allowed, therefore creating a security risk.
The better way to implement .htaccess in sme server is to use custom templates, which are only under the control of the administrator and cannot be tampered with by anonymous Internet users.
Additional Information:
See these resources for further information about creating and using htaccess although much of that information us not applicable to the method outlined in this HOWTO.
It will assist you to determine the contents of the htaccess file that will be placed into the custom template fragment.
http://support.shaw.ca/business/webspace/htaccess.htmhttp://www.freewebmasterhelp.com/tutorials/htaccess/http://www.crazygrrl.com/weav/htaccess.php3http://www.its.queensu.ca/network/policy/htaccess.shtmlhttp://www.washington.edu/computing/web/publishing/htaccess.htmlhttp://www.htmlite.com/HTA003.phphttp://www.antionline.com/showthread.php?s=&threadid=231380http://www.cs.hmc.edu/qref/web/htaccess.htmlThanks:
This how to is based on forum posts and my own investigations, thanks particularly to Charlie Brady.
Procedure:
This method involves creating a httpd.conf custom template fragment with the required information.
Initially you will need to determine the contents of your .htacess file to be used in the fragment. Refer to the .htaccess links above for more details but a basic .htaccess file would contain the following:
AuthUserFile /etc/passwordfilename
AuthGroupFile /dev/null
AuthName "My Site Security Group"
AuthType Basic
<Limit GET>
order deny,allow
require valid-user
</Limit>
The AuthUserName will be the location on your sme server of the htaccess password file. You can choose whichever name and location you want, but the password file SHOULD NOT be placed in a publicly accessible are ie NOT in web site folders. Note that this file is created using the htpasswd command (see steps later).
The AuthName can be any name you want.
The rest of the details are basic and can be amended to suit your particular requirements. The contents shown will suffice for standard situations.
Next you need to create the custom template.
Log on to your server command prompt as root or with root privileges and do:
Create a fragment with a name of your choice in
cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
pico 50AddSecureIbayFolder
Using the htaccess file contents example from above, and assuming we want to secure an ibay subfolder called
/home/e-smith/files/ibays/ibayname/htm/foldername/subfoldername
edit the fragment file to contain the following
<Directory /home/e-smith/files/ibays/ibayname/htm/foldername/subfoldername >
AuthUserFile /etc/passwordfilename
AuthGroupFile /dev/null
AuthName "My Site Security Group"
AuthType Basic
<Limit GET>
order deny,allow
require valid-user
</Limit>
</Directory>
then do
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
/etc/e-smith/events/actions/restart-httpd-graceful
Now you need to create the password file
do
cd /etc
(or cd /location_you_want_password_file_in)
then do
htpasswd -c passwordfilename user1
then you will be asked for the password
and then asked to confirm the password
the user name and password will be encoded into the password file
To add additional users and passwords do
Htpasswd passwordfilename user2
Htpasswd passwordfilename user2
Etc
If you use the -c switch you will overwrite the password file completely and only have the one user entry there.
Now you can test the web site access.
Browse to your newly secured location ie
www./yourdomain.com/ibayname/foldername/subfoldername
You will be asked for a user Id and password.
Enter any combination that is in your password file to gain access.
4 Replies
3669 Views