Koozali.org: home of the SME Server
Obsolete Releases => SME Server 6.x => Topic started by: pabbec on April 20, 2006, 05:37:25 PM
-
Hi. I'am a webdeveloper. I need to put a htaccess file in some iBays to test my web sites and configure it before upload to production server.
If I place a htaccess file in the html directory of an ibay, Apache appears to ignore this file. I need to activate some features as ModRewrite, FollowSymLinks, etc.
I'm using SME Server 6.0.1-01.
Thanks in advance (and sorry for my english:() Pablo Santa Fe - Argentina
-
Pabec,
See below, I think this is what you are looking for:( Compliments of DMay)
HowTo implement website access security for internal/external users
e-smith release: 4.1.x
Author: Darrell May
Contributor:
Problem: You want to restrict access to your website (or even individual website subdirectories) by forcing an SSL connection and requiring username/password authentication for internal and external users.
Solution: Customize /etc/httpd/conf/httpd.conf and implement an encrypted password access file using the htpasswd command.
--------------------------------------------------------------------------------
STEP 1: Create a custom entry for the /etc/httpd/conf/httpd.conf file.
This requires creating a /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf fragment that meets your needs. So in this example I have created an ibay named test and wish to restrict access to two users. You need to create the template fragment, expand the template, restart httpd and then create the AuthUserFile.
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
pico /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/86TestSecurity
Copy and paste the section below and save the file. What we are doing is forcing SSL by using the RequireSSL directive and forcing authorization via the Auth* directives.
# ------------------
# test ibay security
# ------------------
<Directory /home/e-smith/files/ibays/test/html>
RequireSSL on
Options -Indexes
AllowOverride None
order deny,allow
deny from all
allow from all
AuthName "Secure Access Only"
AuthType Basic
AuthUserFile /etc/httpd/conf/htpasswd.test
Require valid-user
AddType application/x-httpd-php .php .php3
php_flag magic_quotes_gpc on
php_flag track_vars on
</Directory>
# ----------------
Step 2: Expand the template and restart the httpd service
sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
/etc/rc.d/init.d/httpd-e-smith restart
Step 3: Create the AuthUserFile using the htpasswd command
The first line uses the -c option which creates the file. The -b option is to inform the command the user password will be included in the command line. Subsequent commands must not use -c or the file will be overwritten as opposed to be updated.
/usr/bin/htpasswd -cb /etc/httpd/conf/htpasswd.test user1 password1
/usr/bin/htpasswd -b /etc/httpd/conf/htpasswd.test user2 password2
NOTE: the username/passwords do NOT have to be valid e-smith users. You may enter any username/password combination, including internal and external users.
To view the results simply look at the file your created. It includes the usernames entered and their encrypted passwords.
cat /etc/httpd/conf/htpasswd.test
user1:EPd.W.WzPjIGM
user2:o3sO1BuMKHZTQ
Step 4: Give it a try.
Browsing to https://yourdomain.com/test should bring up a login dialog. Enter one of the username/passwords entered above and you should gain access to the web page.
Warren
-
Thanks Warren for you help.
But I don't need the http autentification in an iBay. I want that Apache read and interpret the .htaccess file that I placed in the document root of each iBays (all iBays).
Thanks.
Pablo
-
That solution worked for me (on SME7 RC1) :
# /sbin/e-smith/db accounts setprop <ibayname> AllowOverride All
# /sbin/e-smith/signal-event ibay-modify <ibayname>
# /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
# service httpd-e-smith sigusr1
-
This solution should give me what I am looking for, i.e. HTTPS on a single iBay.
But as to the password bit, does anyone know how you would link it to use genuine SME created Users as opposed to a flat list?
Thanks Guys.
-
russ,
<Directory /home/e-smith/files/ibays/ibaynametouse/html>
RequireSSL on
Options -Indexes
AllowOverride None
order deny,allow
deny from all
allow from all
AuthName "Secure Access Only for system registered users"
AuthType Basic
AuthExternal pwauth
Require valid-user
AddType application/x-httpd-php .php .php3
php_flag magic_quotes_gpc on
php_flag track_vars on
</Directory>
# ----------------
This should allow for " SME only created users" to logon? :lol:
Cheers
Warren
-
Wow, thanks Warren!
That's really helpful of you, I will try it out when I get back to work tomorrow.
Thanks again
Russ
-
Hi Pabec,
For your problem :
If I place a htaccess file in the html directory of an ibay, Apache appears to ignore this file. I need to activate some features as ModRewrite, FollowSymLinks, etc.
I think you should search for that contrib : e-smith-htaccess-1.1-2.noarch.rpm
This contrib activates htaccess, which are disabled by default in SMEServer.
Regards
-
Or, just enable htaccess on a per-ibay basis by following what batosai said.
-
That solution worked for me (on SME7 RC1) :
# /sbin/e-smith/db accounts setprop <ibayname> AllowOverride All
# /sbin/e-smith/signal-event ibay-modify <ibayname>
# /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
# service httpd-e-smith sigusr1
This is redundant the ibay-modify will expand the template and restart httpd automatically. All that is really needed is:
# /sbin/e-smith/db accounts setprop <ibayname> AllowOverride All
# /sbin/e-smith/signal-event ibay-modify <ibayname>