Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: sal1504 on October 15, 2007, 06:37:57 PM
-
i am not sure if what i want to do is possible. i have searched the forums and have found nothing on this. i have a primary web page http://www.something.com and a user web page http://www.soemthing.com/userpage. this is working fine, but what i want is two things. the first is that i want the userpage http://www.soemthing.com/userpage to only be accessed when only using https://www.something.com/userpage. i do not want http://www.soemthing.com/userpage accessable at all. the second thing is when accessing the userpage i want the person to have to use their personal user name and password and not the generic one user name and one password setup. if this is possible any information on how to set this up would be greatly appreciated.
-
Sal,
Well written.
There are two things you want. First... make the page only accessible via https. I'd handle that with a rewrite in the httpd.conf file. it would look soemthing liek this:
RewriteRule ^/userpage https://%{HTTP_HOST}/userpage
Ray Mitchell did a nice write up of how to do this. I found it by searching "HTTP redirect" and reading this informative post: http://forums.contribs.org/index.php?topic=32345.0
http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/rmitchell/smeserver/howto/https%20ibay%20forced%20redirection%20HOWTO%20for%20sme%20server.htm
The second is a little more complicated and leaves me asking a question. How did you create your userpages? Are they ibays? If so you cannot have an ibay and a user with the same name :???: So are you using a special contrib to accomplish this?
-
the second thing is when accessing the userpage i want the person to have to use their personal user name and password and not the generic one user name and one password setup. if this is possible any information on how to set this up would be greatly appreciated.
I don't know hot to incorporate it in your setupas I do not know if you use a contrib and what template shares your userpage, but to use the pwauth library which is used to authenticate users against the local password database needs at least the following instructions inside the VirtualHost container:
AddExternalAuth pwauth /usr/lib/httpd/modules/pwauth
SetExternalAuthMethod pwauth pipe
And then to define the location you can use this (it will also work with the <Directory></Directory> tags):
<Location /userpage>
Options None
AllowOverride None
order deny,allow
deny from all
allow from all
AuthName "Authentication prompt here"
AuthType Basic
AuthExternal pwauth
require user username1 username2
Satisfy all
</Location>
Above is not tested but more a general guide line.
-
thanks for the quick reply that's the best part of this forum.
what i did was create a ibay called empweb for the employees secured data site. i named it empweb. so currently i can go to http://www.somename.com/empweb and input a common user name and password. like i said what i want is only https://www.somename/empweb, which i think has been answered but i have not tried, and to allow the user to input their smeserver username and password. by the way if it helps this is ver7.2. i hope this clarifies what i want to do a little better.
also i have several hardware configurations that work with sme7.2 where is the best place to post this information for others to use?
-
thanks for the quick reply that's the best part of this forum.
what i did was create a ibay called empweb for the employees secured data site. i named it empweb. so currently i can go to http://www.somename.com/empweb and input a common user name and password. like i said what i want is only https://www.somename/empweb, which i think has been answered but i have not tried, and to allow the user to input their smeserver username and password. by the way if it helps this is ver7.2. i hope this clarifies what i want to do a little better.
also i have several hardware configurations that work with sme7.2 where is the best place to post this information for others to use?
You will have to make a custom template based on the ibay templates and make an exception to implement the settings you would like to have... this is not done 1... 2... 3...
The easiest option I guess is this:
1. Log in as root user on a SME Server shell
2. Create the directory tree for the custom-template we will generate:
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
3. Copy the fragment we need to the custom template folder:
cp /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess40ibays /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
4.Now comes the magic. Using your favorite editor we need to edit the /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/90e-smithAccess40ibays. We need to modify the last part of the custom template fragment that reads:
if ($pass)
{
$OUT .= " AuthName \"$properties{'Name'}\"\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthExternal pwauth\n";
$OUT .= " require user $key\n";
$OUT .= " Satisfy $satisfy\n";
}
to
if ($pass)
{
$OUT .= " AuthName \"$properties{'Name'}\"\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthExternal pwauth\n";
if ($key eq 'ibayname') {
$OUT .= " require user username\n";
}
else
{
$OUT .= " require user $key\n";
}
$OUT .= " Satisfy $satisfy\n";
}
Replace the text ibayname with the ibayname you would like to have a different setting as well as the text username in above fragment with the username(s) you would like to have access using spaces to separate them.
Now if you have not already done so, set a password for the ibay. This password will not be used and is overwritten with the option we have created using above instruction. If you already had a password set for the ibay you will have to issue the following codesignal-event ibay-modify ibayname
If you did not set a password setting a password now through the server-manager should automatically apply the changes for you. Setting a password is a requirement for this option to work...
Note: This only changes the access over the internet (e. g. using the webbrowser) and will not modify filesystem access (e. g. using explorer)
Disclaimer:I just wrote down this code and did not test this... so things might brake as I am only human as well :-).
-
i'll give it a try this evening and let you know how it went. thanks again for the quick response
-
sal & jfarschman
I also did a nice howto for htaccess, but implemented the sme server way (the howto is still OK for sme7.x by the way).
http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/rmitchell/smeserver/howto/htaccess%20configuration%20with%20custom%20templates%20HOWTO%20for%20sme%20server.htm
-
sal & jfarschman
I also did a nice howto for htaccess, but implemented the sme server way (the howto is still OK for sme7.x by the way).
http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/rmitchell/smeserver/howto/htaccess%20configuration%20with%20custom%20templates%20HOWTO%20for%20sme%20server.htm
Ray, are you considering putting this in the wiki?
-
cactus
>...are you considering putting this in the wiki?
Yes one of these days, I had just not got around to it yet. There are always plenty of other things to do.
Probably a few of the other howtos or excerpts from them could also go into the Wiki.
Feel free if you want to do it before I get around to it.
-
cactus
OK you got me going.
I added these pages, which at present are just links to the earlier Howtos.
I will update them fully later.
http://wiki.contribs.org/Htaccess_configuration
http://wiki.contribs.org/Https_redirection
http://wiki.contribs.org/Spam_blocking_tutorial
also this one
http://wiki.contribs.org/Print_queue_monitor_user_access
and this too
http://wiki.contribs.org/Qmhandle_mail_queue_manager
also added this
http://wiki.contribs.org/Virus_blocking_tutorial
-
cactus
OK you got me going.
Very nice!