Topic: How to Secure a section of a web page with ssl

[RayDias]

Hello,
    First off i would like to thank the people of e-smith for creating a superior produce.

   Now for the tech question. I would like to secure a section of a web site with ssl but not the whole site. Is this possible? Example:
   I have an ibay for xyz.com and in the html folder I have a web forum folder that I only what accessed via ssl and with proper login rights. I want to use ssl due to the sensitive nature of the info and need to have it secure.

  Thanks in advance for your help.

Ray Dias

[Raymond den Ouden]

As far as I know
all content is accesible bij using SSL,
So when you access a page by using https:// instead of http:// it all should work

greetz,

Rainman

[Ray Dias]

I am aware of the ability to access the web page either via http or https. Let me clarify. i would like to password protect the https connection so that only thge users that i have given the password to can access the data with a certain directory via https connection. users using standard http wi=ould not be able to access the directory that is protected at all. The data is sensitive in that it should only be seen by validy users that i give access to.

Thanks

Ray Dias

[Raymond den Ouden]

ah..
ok thaht make something clear..
at least I have to say that it has nothing to do with SSL, but you have to change your apache configuration.
And add a .htaccess file.

log in as root

to edit your configuration:
the I-bay sections ->

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/

then do

cp /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess10primary /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess10primary

then edit /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess10primary with your favorite editor
find the lines with "AllowOverride None"
And change this to "AllowOverride AuthConfig"

add this block:
anywhere in the file


    Order allow,deny
    Deny from all


This was the configuration for the primary site.

The Ibays configuration is almost the same

cp /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess40ibays /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess40ibays

then edit /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess40ibays with your favorite editor
find the lines with "AllowOverride None"
And change this to "AllowOverride AuthConfig"

Now you have to regenerate the config file.

do this by entering the following command
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf

now you have to restart the server, do it by:
/etc/rc.d/init.d/httpd restart

for a sample of htaccess look at
http://www.koethe.net/htaccess.html

[Raymond den Ouden]

ah..
ok thaht make something clear..
at least I have to say that it has nothing to do with SSL, but you have to change your apache configuration.
And add a .htaccess file.

log in as root

to edit your configuration:
the I-bay sections ->

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/

then do

cp /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess10primary /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess10primary

then edit /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess10primary with your favorite editor
find the lines with "AllowOverride None"
And change this to "AllowOverride AuthConfig"

add this block:
anywhere in the file


    Order allow,deny
    Deny from all


This was the configuration for the primary site.

The Ibays configuration is almost the same

cp /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess40ibays /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess40ibays

then edit /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess40ibays with your favorite editor
find the lines with "AllowOverride None"
And change this to "AllowOverride AuthConfig"

Now you have to regenerate the config file.

do this by entering the following command
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf

now you have to restart the server, do it by:
/etc/rc.d/init.d/httpd restart

for a sample of htaccess look at
http://www.koethe.net/htaccess.html

[Raymond den Ouden]

ah..
ok thaht make something clear..
at least I have to say that it has nothing to do with SSL, but you have to change your apache configuration.
And add a .htaccess file.

log in as root

to edit your configuration:
the I-bay sections ->

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/

then do

cp /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess10primary /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess10primary

then edit /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess10primary with your favorite editor
find the lines with "AllowOverride None"
And change this to "AllowOverride AuthConfig"

add this block:
anywhere in the file


    Order allow,deny
    Deny from all


This was the configuration for the primary site.

The Ibays configuration is almost the same

cp /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess40ibays /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess40ibays

then edit /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess40ibays with your favorite editor
find the lines with "AllowOverride None"
And change this to "AllowOverride AuthConfig"

Now you have to regenerate the config file.

do this by entering the following command
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf

now you have to restart the server, do it by:
/etc/rc.d/init.d/httpd restart

for a sample of htaccess look at
http://www.koethe.net/htaccess.html

[Raymond den Ouden]

Sorry,
AuthConf should be AuthConfig