|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
October 2nd, 2000, 03:45 AM
|
|||
|
|||
|
Hi am trying to authenticate with a username database but I also want to allow users from certain domains access with authentication.
I can do one or the other but I can not figure out both. Here is what I have so far. AuthUserFile /www/cgi-bin/.htpasswd AuthGroupFile /dev/null AuthName "Member's Area" AuthType Basic require valid-user <Limit GET PUT> order allow,deny deny from all allow from website.com satisfy any </Limit> Thanks, Mark
|
|
#2
October 2nd, 2000, 05:55 AM
|
|||
|
|||
|
>>I can do one or the other but I can not figure out both
Because it's impossible with mod_access. Though, it might be possible with the addition of mod_rewrite. For example: 1) Setting 1st RewriteCond to check for HTTP_REFERER, if it's within your protected dir AND another_dir JUST for "allow host" authentication, then [L] it. 2) 2nd RewriteCond: RewriteCond %{REMOTE_HOST} ^website.com$ 3) Set the RewriteRule to redirect to the /another_dir just for the allow host authentication. If you apply to the above logic, a visitor who comes from website.com and access to your private directory will be redirected to http://www.yourdomain.com/another_dir for authentication. Next, set an index.cgi or index.php to redirect this visitor to http://www.yourdomain.com/private, this way, the HTTP_REFERER for such visitor matches the 1st RewriteCond, so he won't get authentication again. This only occurs the first time when he is being redirected from /another_dir to /private, once he is in /private, his HTTP_REFERER also matches the 1st RewriteCond and allow in. Note, http://www.yourdomain.com/another_dir is also a protected directory, so visitors not coming from website.com won't be able to login. I haven't tested this so it may or may not work but it's the logic I can come up with at this moment. Anyway, visitors coming from website.com SHOULD ALLOW IN WITHOUT AUTHENTICATION according to "satisfy" directive. If you insist to authenticate them, WHY NOT create a user/pass for them and dropping the "allow from" line and "satisfy" line if you really know what they are for. Or at least require them to sign up for an username from website.com to get in to your /private. [This message has been edited by freebsd (edited October 02, 2000).]
|
|
#4
October 2nd, 2000, 04:40 PM
|
|||
|
|||
|
>>explain this in easier terms
Your lines: allow from website.com satisfy any By all means is to Allow in (from website.com) without authentication. Read here -> http://www.apache.org/docs/mod/core.html#satisfy Visitors coming from website.com should bypass the login prompt. If they also require to authenticate, give them a user/pass.
|
|
#5
October 2nd, 2000, 07:13 PM
|
|||
|
|||
|
Hi so is this what I should have? I tried it and it lets everyone in.
AuthUserFile /www//cgi-bin/globill/passwd AuthGroupFile /dev/null AuthName "Member's Area" AuthType Basic require valid-user <Limit GET PUT> allow from website.com satisfy any </Limit>
|
|
#6
October 2nd, 2000, 09:01 PM
|
|||
|
|||
|
>>AuthUserFile /www//cgi-bin/globill/passwd
You should place passwd above your docroot. If you don't have permission to do so, you then need to add the following to your .htaccess: <FilesMatch "^passwd$"> Order deny,allow Deny from all </FilesMatch> You also don't need the <Limit> block.
|
|
#7
October 2nd, 2000, 09:10 PM
|
|||
|
|||
|
Someone said what I want is not possible unless I make 2 seperate directories. I really need this to work. I really have no idea what I am doing. Is this right? I tried it and it lets everybody in.
# Access file #(makes file invisible) <FilesMatch "^passwd$"> Order deny,allow allow from website.com </FilesMatch> AuthUserFile /www/cgi-bin/globill/passwd AuthGroupFile /dev/null AuthName "Member's Area" AuthType Basic
|
|
#8
October 2nd, 2000, 09:33 PM
|
|||
|
|||
|
>>Someone said what I want is not possible unless I make 2 seperate directories
Exactly as I mentioned the /another_dir is to authenticate users from website.com and redirect back to /private along with the HTTP_REFERER that matches the 1st RewriteCond to bypass the login prompt in /private. >><FilesMatch "^passwd$"> >>Order deny,allow >>allow from website.com >></FilesMatch> Don't put "allow from website.com". Why you want visitors from website.com to be able to READ your "passwd" file anyway? Putting Deny from all prevents people from viewing your passwd file from browsers, it doesn't mean your passwd file will not get read by Apache.
|
|
#9
October 2nd, 2000, 11:16 PM
|
|||
|
|||
|
Hi I don't want people to read the password file I just want certain sites to have access to the members area without authentication. website.com was just an example. What should I do?
|
|
#10
October 2nd, 2000, 11:39 PM
|
|||
|
|||
|
Regarding to the passwd file, as I said, do this:
<FilesMatch "^passwd$"> Order deny,allow Deny from all </FilesMatch> Don't try to invent something on your own. Put this .htaccess in http://yourdomain.com/.htaccess #http://yourdomain.com/protect/.htaccess AuthUserFile /www/path_other_than_cgi-bin/passwd AuthGroupFile /dev/null AuthName "Member's Area" AuthType Basic Allow from website.com Satisfy any
|
|
#11
October 3rd, 2000, 12:42 AM
|
|||
|
|||
|
Ok I created 2 files this one
<FilesMatch "^passwd$"> Order deny,allow Deny from all </FilesMatch> and this one #http://yourdomain.com/protect/.htaccess AuthUserFile /www/path_other_than_cgi-bin/passwd AuthGroupFile /dev/null AuthName "Member's Area" AuthType Basic Allow from website.com Satisfy any I uploaded the 1st one to the members area and the second one to http://yourdomain.com/members/ and made sure the path was not to a cgi-bin. It seems to let everyone in, did I do this right? Thanks so much for helping.
|
|
#12
October 3rd, 2000, 01:06 AM
|
|||
|
|||
|
Are you sure your server has .htaccess enabled? To verify this, simply remove the bottom two lines:
Allow from website.com Satisfy any If it doesn't show a login prompt, too bad, htaccesss not enabled at all. Also the line -> Allow from website.com it's better to put the IP address of website.com or at least put a dot in before website.com as .website.com
|
|
#13
October 3rd, 2000, 01:43 AM
|
|||
|
|||
|
Hi I know htaccess is active because I can make the login box appear. I did try to erase those 2 lines but it did not pop-up any login box. But I am sure htaccess is working. I also put a dot in front of the website like this .website.com What else should I try?
Thanks, Mark
|
|
#14
October 3rd, 2000, 03:18 AM
|
|||
|
|||
|
>>I did try to erase those 2 lines but it did not pop-up any login box
Make sure there were NO CONSECUTIVE TRIES. Once you logged in, on 2nd try, you need to close and relaunch your browser.
|
|
| Viewing: Dev Shed Forums > System Administration > Security and Cryptography > Basic Autheniction & Allow Access |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
