[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-developers] AllowOverride None

Subject: RE: [cobalt-developers] AllowOverride None
From: "Malcolm Wild" <cobaltsec@xxxxxxxxxxx>
Date: Mon Feb 12 02:48:01 2001
List-id: Discussion Forum for developers on Cobalt Networks products <cobalt-developers.list.cobalt.com>

the default are restrictive somthing like:

<Directory />
AllowOverride None
</Directory>

The correct syntax is: AllowOverride All|None|directive-type
[directive-type]

The directive-type can be one of the following groupings of directives.

AuthConfig
Allow use of the authorization directives (AuthDBMGroupFile,
AuthDBMUserFile, AuthGroupFile, AuthName, AuthType, AuthUserFile, Require,
etc.).
FileInfo
Allow use of the directives controlling document types (AddEncoding,
AddLanguage, AddType, DefaultType, ErrorDocument, LanguagePriority, etc.).
Indexes
Allow use of the directives controlling directory indexing (AddDescription,
AddIcon, AddIconByEncoding, AddIconByType, DefaultIcon, DirectoryIndex,
FancyIndexing, HeaderName, IndexIgnore, IndexOptions, ReadmeName, etc.).
Limit
Allow use of the directives controlling host access (Allow, Deny and Order).
Options
Allow use of the directives controlling specific directory features (Options
and XBitHack).

you would use all these
AuthName directive
Syntax: AuthName auth-domain
Context: directory, .htaccess
Override: AuthConfig
Status: core
This directive sets the name of the authorization realm for a directory.
This realm is given to the client so that the user knows which username and
password to send. AuthName takes a single argument; if the realm name
contains spaces, it must be enclosed in quotation marks. It must be
accompanied by AuthType and Require directives, and directives such as
AuthUserFile and AuthGroupFile to work.

----------------------------------------------------------------------------
----

AuthType directive
Syntax: AuthType Basic|Digest
Context: directory, .htaccess
Override: AuthConfig
Status: core
This directive selects the type of user authentication for a directory. Only
Basic and Digest are currently implemented. It must be accompanied by
AuthName and Require directives, and directives such as AuthUserFile and
AuthGroupFile to work.

Require directive
Syntax: Require entity-name [entity-name] ...
Context: directory, .htaccess
Override: AuthConfig
Status: core
This directive selects which authenticated users can access a directory. The
allowed syntaxes are:
Require user userid [userid] ...
Only the named users can access the directory.
Require group group-name [group-name] ...
Only users in the named groups can access the directory.
Require valid-user
All valid users can access the directory.
Require must be accompanied by AuthName and AuthType directives, and
directives such as AuthUserFile and AuthGroupFile (to define users and
groups) in order to work correctly. Example:

AuthType Basic
AuthName "Restricted Directory"
AuthUserFile /web/users
AuthGroupFile /web/groups
Require group admin

Access controls which are applied in this way are effective for all methods.
This is what is normally desired. If you wish to apply access controls only
to specific methods, while leaving other methods unprotected, then place the
Require statement into a <Limit> section

http://www.apache.org/docs-2.0/mod/core.html#authname

so your .htaccess file would look like

AuthUserFile /home/USERNAME/.htpasswd
AuthName "my test page"
AuthType Basic

<Limit GET PUT POST>
    require valid-user
    satisfy all
</Limit>

your .htpasswd file would have entires in it (place above the webroot as the
path in the .htaccess file line1 shows)
username:AI3n7hAWGp4.U
test:cWzd5V3fxJ4K2

you can create a password using a command line prompt from the /usr/bin/
directory type:
/usr/sbin/htpasswd ?c /home/sites/path_to_folder/.htpasswd username
you be prompted for the password twice

and your httpd.conf would look like the one below if you want to enable
overriding cgiwrap etc, but now you know the risks!

<Directory />
AllowOverride All
</Directory>

-----Original Message-----
From: cobalt-developers-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of
baltimoremd@xxxxxxxxxxxxxxx
Sent: 12 February 2001 05:24
To: cobalt-developers@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-developers] AllowOverride None

On Sun, 11 Feb 2001, malcolm wild wrote:

> yep!
> if you did this in the section marked for
> .ht
>

So, what would be an acceptable way of allowing the .htaccess to
work on a RAQ4?  Can't imagine that one would disable it altogether.

> ideally you should only ALLOW the functions that a required by your
> client/service

I'd like to have password protection in certtain directories and perhaps
and override of cgiwrap in a very few areas that are password protected.

thom
././././././././././././././././././././././././././././././././././././././
baltimoremd@xxxxxxxxxxxxxxx             Thom LaCosta K3HRN Webmaster

http://www.baltimoremd.com/             Baltimore's Home Page
http://www.baltimorehon.com/            Home of the Baltimore Lexicon
http://www.zerobeat.net                 Home of The QRP Web Ring
                                        and Drake Mail List Pages

_______________________________________________
cobalt-developers mailing list
cobalt-developers@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-developers

References:
- RE: [cobalt-developers] AllowOverride None
  - From: baltimoremd

Prev by Date: RE: [cobalt-developers] AllowOverride None
Next by Date: RE: [cobalt-developers] First steps into Sausalito
Previous by thread: RE: [cobalt-developers] AllowOverride None
Next by thread: [cobalt-developers] swatch_service_body_defcon_2

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index