Htaccess guide: Difference between revisions

From Edgar BV Wiki
Jump to navigation Jump to search
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
<BODY aLink=teal background="" bgProperties=fixed link=maroon text=black
= Authentication / Password Tutorial =
vLink=navy>
At some point you may want to have a set of web pages that are protected, requiring a username/password to gain access to. This tutorial will show you how to set that up. This is geared towards the Unix Apache/NCSA httpd servers. If you are using another web server, you'll need to check that server's documentation to see how to do this.
<TABLE width=350>
 
  <TBODY>
Steps to Password-protect a DirectoryFirst, create a subdirectory in your web area. For the sake of this tutorial I'm creating one beneath the toolbox directory, and naming it "secure". Set the permissions on the directory so that it's world readable/executable (so the web server can get to it), then cd into it.
  <TR>
 
    <TD>
<PRE>mkdir secure
      <H2>Password Tutorial</H2>At some point you may want to have a set of web  
      pages that are protected, requiring a username/password to gain access to.  
      This tutorial will show you how to set that up. This is geared towards the  
      Unix Apache/NCSA httpd servers. If you are using another web server,  
      you'll need to check that server's documentation to see how to do this.
      <P>
      <H3>Steps to Password-protect a Directory</H3>First, create a subdirectory  
      in your web area. For the sake of this tutorial I'm creating one beneath  
      the toolbox directory, and naming it "secure". Set the permissions on the  
      directory so that it's world readable/executable (so the web server can  
      get to it), then cd into it.
      <P>
      <BLOCKQUOTE><PRE>mkdir secure
chmod 755 secure
chmod 755 secure
cd secure
cd secure
</PRE></BLOCKQUOTE>Next you must create a .htaccess file inside the  
</PRE>
      directory you want protected. Make it a new file, and enter the following  
 
      data. The items in <B>bold</B> are things you will want to change  
Next you must create a .htaccess file inside the directory you want protected. Make it a new file, and enter the following data. The items in <B>bold</B> are things you will want to change depending on the location of these files and directories on your server.
      depending on the location of these files and directories on your server.
 
      <P>
<PRE>AuthUserFile /www/jacob/secure/.htpasswd
      <BLOCKQUOTE><PRE>AuthUserFile <B>/www/jacob/secure/.htpasswd</B>
AuthName Toolbox Example
AuthName Toolbox Example
AuthType Basic
AuthType Basic
require valid-user
require valid-user
</PRE></BLOCKQUOTE>The <B>AuthName</B> is what the user will see when  
</PRE>
      they're prompted for a password - something to the effect of "Enter  
 
      Authorization for Toolbox Example".
The '''AuthName''' is what the user will see when they're prompted for a password - something to the effect of "Enter Authorization for Toolbox Example".
      <P>Now you'll have to set up the password file. You'll need to use the  
 
      <B>htpasswd</B> program. It is included with NCSA and Apache httpd  
Now you'll have to set up the password file. You'll need to use the '''htpasswd''' program. It is included with NCSA and Apache httpd servers, usually in the support subdirectory under the server root (try /usr/local/etc/httpd/support). You can also write your own program to generate encrypted passwords. You just want to have crypt(actual-password) be stored in the file.  
      servers, usually in the support subdirectory under the server root (try  
 
      /usr/local/etc/httpd/support). You can also write your own program to  
Now for every userid you want to add to the password file, enter the following. (the -c is only required the first time; it indicates that you want to create the .htpasswd file).
      generate encrypted passwords. You just want to have crypt(actual-password)  
 
      be stored in the file.  
<PRE>  htpasswd -c /www/jacob/secure/.htpasswd user1
      <P>Now for every userid you want to add to the password file, enter the  
      following. (the -c is only required the first time; it indicates that you  
      want to create the .htpasswd file).
      <P>
      <BLOCKQUOTE><PRE>  htpasswd -c <B>/www/jacob/secure/.htpasswd</B> user1
     [ you're prompted for the password for user1, note: the -c argument means to creat a new file]
     [ you're prompted for the password for user1, note: the -c argument means to creat a new file]
   htpasswd <B>/www/jacob/secure/.htpasswd</B> user2
   htpasswd <B>/www/jacob/secure/.htpasswd</B> user2
   htpasswd <B>/www/jacob/secure/.htpasswd</B> user3
   htpasswd <B>/www/jacob/secure/.htpasswd</B> user3
</PRE></BLOCKQUOTE>Be sure to chmod these files (755, or readable by the
</PRE>
      web server), and now you're set.
      <P>Here is an <A
      href="http://www.genome.ou.edu/secure1/htaccess.html">example file</A>
      using the above code to check for security. The username is "jacob" and
      password is "arch".
      <P>For more information and another tutorial, you may also want to consult
      the <A href="http://hoohoo.ncsa.uiuc.edu/docs/tutorials/user.html">NCSA
      Mosaic User Authentication Tutorial</A>.
      <P>
      <HR>
      <CENTER><A href="http://www.cyberport.com/~jacob/index.html">Home</A>
      </CENTER></TD></TR></TBODY></TABLE></BODY></HTML>
Also make sure apache has the following loaded<br><BR>


<Directory /www/jacob/secure/><br>
Be sure to chmod these files (755, or readable by the web server), and now you're set.
AllowOverride AuthConfig<br>
</Directory><br>


Here is an [A href="http://www.genome.ou.edu/secure1/htaccess.html" example file] using the above code to check for security. The username is "jacob" and password is "arch".
For more information and another tutorial, you may also want to consult the [A href="http://hoohoo.ncsa.uiuc.edu/docs/tutorials/user.html" NCSA Mosaic User Authentication Tutorial].
[A href="http://www.cyberport.com/~jacob/index.html" Home]
Also make sure apache has the following loaded
<pre>
<Directory /www/jacob/secure/>
AllowOverride AuthConfig
</Directory>
</pre>
= Changing php flags / options =
And if you want to change php options (Eg put  
And if you want to change php options (Eg put  
php_flag register_globals 1
php_flag register_globals 1
Line 73: Line 53:
AllowOverride Options
AllowOverride Options
</Directory>
</Directory>
= Rewrite rules =
If you want to pattern match anything in the URL, You can not match against url QueryString in pattern of a RewriteRule directive. You can only match against url path ( ie : index.php ) in RewriteRule. Url part after the ? sign is URL QueryString. you will need to match against %{QUERY_STRING} variable in RewriteCond .
<pre>
RewriteCond %{QUERY_STRING} ^(.*)Whatever0String
RewriteRule ^ - [G,NC]
</pre>Here in the flags G means Gone. An F would mean forbidden. NC means NoCase, or case insesitive
Apache docs: https://httpd.apache.org/docs/current/rewrite/

Latest revision as of 18:39, 2 October 2024

Authentication / Password Tutorial

At some point you may want to have a set of web pages that are protected, requiring a username/password to gain access to. This tutorial will show you how to set that up. This is geared towards the Unix Apache/NCSA httpd servers. If you are using another web server, you'll need to check that server's documentation to see how to do this.

Steps to Password-protect a DirectoryFirst, create a subdirectory in your web area. For the sake of this tutorial I'm creating one beneath the toolbox directory, and naming it "secure". Set the permissions on the directory so that it's world readable/executable (so the web server can get to it), then cd into it.

mkdir secure
chmod 755 secure
cd secure

Next you must create a .htaccess file inside the directory you want protected. Make it a new file, and enter the following data. The items in bold are things you will want to change depending on the location of these files and directories on your server.

AuthUserFile /www/jacob/secure/.htpasswd
AuthName Toolbox Example
AuthType Basic
require valid-user

The AuthName is what the user will see when they're prompted for a password - something to the effect of "Enter Authorization for Toolbox Example".

Now you'll have to set up the password file. You'll need to use the htpasswd program. It is included with NCSA and Apache httpd servers, usually in the support subdirectory under the server root (try /usr/local/etc/httpd/support). You can also write your own program to generate encrypted passwords. You just want to have crypt(actual-password) be stored in the file.

Now for every userid you want to add to the password file, enter the following. (the -c is only required the first time; it indicates that you want to create the .htpasswd file).

   htpasswd -c /www/jacob/secure/.htpasswd user1
     [ you're prompted for the password for user1, note: the -c argument means to creat a new file]
   htpasswd <B>/www/jacob/secure/.htpasswd</B> user2
   htpasswd <B>/www/jacob/secure/.htpasswd</B> user3

Be sure to chmod these files (755, or readable by the web server), and now you're set.

Here is an [A href="http://www.genome.ou.edu/secure1/htaccess.html" example file] using the above code to check for security. The username is "jacob" and password is "arch".

For more information and another tutorial, you may also want to consult the [A href="http://hoohoo.ncsa.uiuc.edu/docs/tutorials/user.html" NCSA Mosaic User Authentication Tutorial]. [A href="http://www.cyberport.com/~jacob/index.html" Home]

Also make sure apache has the following loaded

<Directory /www/jacob/secure/>
AllowOverride AuthConfig
</Directory>

Changing php flags / options

And if you want to change php options (Eg put php_flag register_globals 1 in a .htaccess file)

you need to put <Directory /wherever/it/is> AllowOverride Options </Directory>

Rewrite rules

If you want to pattern match anything in the URL, You can not match against url QueryString in pattern of a RewriteRule directive. You can only match against url path ( ie : index.php ) in RewriteRule. Url part after the ? sign is URL QueryString. you will need to match against %{QUERY_STRING} variable in RewriteCond .

RewriteCond %{QUERY_STRING} ^(.*)Whatever0String
RewriteRule ^ - [G,NC]

Here in the flags G means Gone. An F would mean forbidden. NC means NoCase, or case insesitive

Apache docs: https://httpd.apache.org/docs/current/rewrite/