HTTP Authentication
Posted
#5938
(In Topic #1231)
I'm clearly missing something in the tutorial...
I have another site that I was looking at redoing with Composr. In this case, the HTTP authrorization option would be helpful as there are some custom scripts that rely on that. I set up a test site to try out the scheme.- I've ticked the HTTP-Auth is enabled in the User/usergroup options.
- I've set up a password file with a few sample users in a directory outside the Composr installation.
- I've put identical .htaccess files in the cms, data, forum, and site directories.
From the tutorial here, I read "When defining access rules on Apache you will need to define most of the HTTP-auth settings (i.e. define the security zone) in the main .htaccess file, and then place the actual restrictions (e.g. require valid-user) on the files placed within individual zones..."
I'm wondering if the underlined portion there is the key to my problem. I'm not really sure what that means...what exactly is the "main .htaccess file" referred to there, where does it go, and what needs to be in it?
Thanks...
Posted
Moderator
I've updated the tutorial to be a lot clearer:
Composr Tutorial: Integrating Composr into a network via HTTP authentication
Composr Tutorial: Integrating Composr into a network via HTTP authentication: data_custom/images/docs/tut_httpauth/httpauth_deny.png (View) data_custom/images/…
Fixed MANTIS-4222 (HTTP authentication tutorial is not great) (c1fe3738) · Commits · Composr ecosystem / Composr · GitLab
The "main .htaccess file" is the one under your base directory.
I re-tested all this myself and I did find the Auth* code needed for Apache HTTP-authentication basically needs to be at the top of the file. This is because the IP-ban code at the bottom of our default for the file conflicts with it.
The updated tutorial simplifies things in case you want to protect the whole site rather than individual zones.
It also shows specific code to help clarify how it works.
2 guests and 0 members have recently viewed this.
