Difference: WebAccessControl (1 vs. 3)

Revision 32016-04-26 - GordonStewart

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Web Access Control

Changed:
<
<
Any set of page(s) can be protected by a simple password by using an .htaccess file. This file should be placed in the directory containing the files or directories that need to be protected. For example:
>
>
You can add simple password protection to a set of pages by adding a file named .htaccess to the containing directory. Be aware that unless pages are served using HTTPS, usernames and passwords will be sent unencrypted, and so this should not be relied upon for anything requiring actual security.
 
Changed:
<
<
>
>
A basic .htaccess file might look like the following:


 order deny,allow deny from all allow from 194.36.1

AuthType Basic

Changed:
<
<
AuthUserFile /data/www01/somearea/htpasswd.users
>
>
AuthUserFile PATHNAME/htpasswd.users
 AuthName "Internal User" require valid-user satisfy any
Changed:
<
<
>
>
<Files htpasswd.users>
 deny from all satisfy all
Changed:
<
<
>
>
</Files>
  Options All
Changed:
<
<

In this example any user from the subnet 194.36.1.x is allowed access to the file(s) or directories in the directory where the .htaccess file is placed. If any user not within the 194.36.1.x subnet tries to browse this area then they will receive a dialog box entitled Internal User asking for a username and password. If the user name and password matches one in the file /data/www01/somearea/htpasswd.users then the user will be allowed to view the web pages.

Notice that the /data/www01/somearea/htpasswd.users in this example is assumed to be in the same directory as the .htaccess file such that the .htaccess protects the htpasswd.users file. The htpasswd.users can be created with the LINUX command htpasswd. This command is available on all LINUX desktops. When generating this file, DO NOT pick a user name which suggests users should use their LINUX username and password. The username and password exchanged during authentication is not encrypted, and therefore could be sniffed.

>
>
 
Added:
>
>
This refers to a password file named htpasswd.users, which is assumed to be in the same directory as the .htaccess file (hence the inclusion of a <Files> block to protect this file). In this example, users with IP addresses starting 194.36.1 are allowed to access without providing a password, while all other users will be prompted for a username and password which will be tested against the contents of the htpasswd.users file.
 
Deleted:
<
<
-- AndrewPickford - 25 Jan 2009
 \ No newline at end of file
Added:
>
>
The htpasswd.users file can be created using the LInux htpasswd command (more information can be found in the htpasswd documentation). You should not use PPE usernames and passwords when creating this file; as there is no real security, passwords should be considered disposable.

Revision 22009-02-27 - AndrewPickford

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Web Access Control

Line: 9 to 9
 deny from all allow from 194.36.1
Changed:
<
<
~AuthType Basic
>
>
AuthType Basic
 
Changed:
<
<
~AuthUserFile /data/www01/somearea/htpasswd.users ~AuthName "Internal User"
>
>
AuthUserFile /data/www01/somearea/htpasswd.users AuthName "Internal User"
 require valid-user satisfy any

Revision 12009-01-25 - AndrewPickford

Line: 1 to 1
Added:
>
>
META TOPICPARENT name="WebHome"

Web Access Control

Any set of page(s) can be protected by a simple password by using an .htaccess file. This file should be placed in the directory containing the files or directories that need to be protected. For example:

order deny,allow
deny from all
allow from 194.36.1

~AuthType Basic

~AuthUserFile /data/www01/somearea/htpasswd.users
~AuthName "Internal User"
require valid-user
satisfy any

<Files htpasswd.users>
deny from all
satisfy all
</Files>

Options All

In this example any user from the subnet 194.36.1.x is allowed access to the file(s) or directories in the directory where the .htaccess file is placed. If any user not within the 194.36.1.x subnet tries to browse this area then they will receive a dialog box entitled Internal User asking for a username and password. If the user name and password matches one in the file /data/www01/somearea/htpasswd.users then the user will be allowed to view the web pages.

Notice that the /data/www01/somearea/htpasswd.users in this example is assumed to be in the same directory as the .htaccess file such that the .htaccess protects the htpasswd.users file. The htpasswd.users can be created with the LINUX command htpasswd. This command is available on all LINUX desktops. When generating this file, DO NOT pick a user name which suggests users should use their LINUX username and password. The username and password exchanged during authentication is not encrypted, and therefore could be sniffed.

-- AndrewPickford - 25 Jan 2009

 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback