Difference: WebAccessControl (2 vs. 3)
Revision 32016-04-26 - GordonStewart
| Line: 1 to 1 | ||||||||
|---|---|---|---|---|---|---|---|---|
Web Access Control | ||||||||
| Changed: | ||||||||
| < < | Any set of page(s) can be protected by a simple password by using an .htaccess file. This file should be placed in the directory containing the files or directories that need to be protected. For example: | |||||||
| > > | You can add simple password protection to a set of pages by adding a file named .htaccess to the containing directory. Be aware that unless pages are served using HTTPS, usernames and passwords will be sent unencrypted, and so this should not be relied upon for anything requiring actual security. | |||||||
| Changed: | ||||||||
| < < | ||||||||
| > > | A basic .htaccess file might look like the following:
| |||||||
| order deny,allow deny from all allow from 194.36.1 AuthType Basic | ||||||||
| Changed: | ||||||||
| < < | AuthUserFile /data/www01/somearea/htpasswd.users | |||||||
| > > | AuthUserFile PATHNAME/htpasswd.users | |||||||
| AuthName "Internal User" require valid-user satisfy any | ||||||||
| Changed: | ||||||||
| < < | ||||||||
| > > | <Files htpasswd.users> | |||||||
| deny from all satisfy all | ||||||||
| Changed: | ||||||||
| < < | ||||||||
| > > | </Files> | |||||||
| Options All | ||||||||
| Changed: | ||||||||
| < < |
In this example any user from the subnet 194.36.1.x is allowed access to the file(s) or directories in the directory where the .htaccess file is placed. If any user not within the 194.36.1.x subnet tries to browse this area then they will receive a dialog box entitled Internal User asking for a username and password. If the user name and password matches one in the file /data/www01/somearea/htpasswd.users then the user will be allowed to view the web pages.
Notice that the /data/www01/somearea/htpasswd.users in this example is assumed to be in the same directory as the .htaccess file such that the .htaccess protects the htpasswd.users file. The htpasswd.users can be created with the LINUX command htpasswd. This command is available on all LINUX desktops. When generating this file, DO NOT pick a user name which suggests users should use their LINUX username and password. The username and password exchanged during authentication is not encrypted, and therefore could be sniffed. | |||||||
| > > | ||||||||
| Added: | ||||||||
| > > | This refers to a password file named htpasswd.users, which is assumed to be in the same directory as the .htaccess file (hence the inclusion of a <Files> block to protect this file). In this example, users with IP addresses starting 194.36.1 are allowed to access without providing a password, while all other users will be prompted for a username and password which will be tested against the contents of the htpasswd.users file. | |||||||
| Deleted: | ||||||||
| < < | -- AndrewPickford - 25 Jan 2009 | |||||||
| \ No newline at end of file | ||||||||
| Added: | ||||||||
| > > | The htpasswd.users file can be created using the LInux htpasswd command (more information can be found in the htpasswd documentation ). You should not use PPE usernames and passwords when creating this file; as there is no real security, passwords should be considered disposable. | |||||||
View topic | History: r3 < r2 < r1 | More topic actions...
Copyright © 2008-2025 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback