I have several Mercurial repositories published using hgweb and secured with Apache 2.2
Is there any way to have multiple security configurations?
I'd like to have a default configuration for most repositories, and then separate configurations for specific repositories.
The httpd.conf file looks like this
WSGIScriptAlias /hg "C:/hg/hgweb/hgweb.wsgi"
<Directory "/hg/repo_one">
Order deny,allow
AuthType Basic
AuthName "R1 Secure Area"
AuthBasicProvider file
AuthUserFile c:/apache2.2/repo_one.pwd
Require valid-user
</Directory>
<Directory "/hg">
Order deny,allow
AuthType Basic
AuthName "Secure Area"
AuthBasicProvider file
AuthUserFile c:/apache2.2/passwords
Require valid-user
</Directory>
Here's what I did to get this working.
I moved the repository that needed separate security into its own directory that was a siblng, not a child, and made a copy of the hgweb.wsgi.
My directory structure now looks like this
c:\hg-pub\hgweb.wsgi
c:\hg-pub\hgweb.config
c:\hg-pub\repo-one\.hg
...
c:\hg\hgweb.wsgi
c:\hg\hgweb.config
c:\hg\repo-two\.hg
c:\hg\repo-three\.hg
And my httpd.conf file looks like this
WSGIScriptAlias /hg "C:/hg/hgweb.wsgi"
WSGIScriptAlias /pub/hg "C:/hg-pub/hgweb.wsgi"
<Directory "C:/hg-pub">
Order deny,allow
AuthType Basic
AuthName "R1 Secure Area"
AuthBasicProvider file
AuthUserFile c:/apache2.2/repo_one.pwd
Require valid-user
</Directory>
<Directory "C:/hg">
Order deny,allow
AuthType Basic
AuthName "Secure Area"
AuthBasicProvider file
AuthUserFile c:/apache2.2/passwords
Require valid-user
</Directory>
The important things to note are
The two repository locations are completely separate on disk
The two WSGIScriptAlias paths are completely independent
Related
I run a testsystem with a htaccess basic auth:
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /var/www/html/.htpasswd
Require valid-user
I now want to disable this auth for all user who target the /api and /api/orders etc. of this server. I tried it with this:
SetEnvIf Request_URI "/api(.*)$" api_uri
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /var/www/html/.htpasswd
Require valid-user
Deny from all
Allow from env=api_uri
Satisfy any
But this does not work - mod_setenvif is enabled. Does anybody have an idea why this is not working?
Thanks!
Have it this way:
SetEnvIf Request_URI /api api_uri
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /var/www/html/.htpasswd
Require valid-user
Satisfy any
Order deny,allow
Deny from all
Allow from env=api_uri
I normally just add a separate .htaccess file inside the api folder:
Satisfy any
I tried to configure a basic authentication for my website locally .But not applied for site .
My httpd.conf
<VirtualHost 192.168.2.5:80>
DocumentRoot /var/www/html/black-socks
ServerName www.black-socks.com
<Directory "/var/www/html/black-socks">
Order deny,allow
Allow from all
AuthType Basic
AuthName BlackSocks-LOGIN
AuthUserFile "/etc/httpd/conf/blacksocks-users"
Require ValidUser
</Directory>
authuserfile
is exist at /etc/httpd/conf/blacksocks-users" and site html pages are exist at /etc/httpd/conf/blacksocks-users location. everything is fine but while accessing site not asking any authorization
<VirtualHost 192.168.2.5:80>
DocumentRoot /var/www/html/black-socks
ServerName www.black-socks.com
<Directory "/var/www/html/black-socks">
Allow from ram
AuthType Basic
AuthName BlackSocks-LOGIN
AuthUserFile "/etc/httpd/conf/myusers"
Require ValidUser
</Directory>
Its working but asking user name and password after showing homepage
I am new to this community. I have an Httpd running on RHEL 7.X.while trying to upload a hello.world file to the WebDAV server using the following command:
curl -T hello.world -u webdav:webdav http://192.168.100.49/recordings/hello.world.
In-Return,I am getting 405 ..PUT method is not allowed for this URL.
I am also sharing the contents of my webdav.conf file here:
<IfModule mod_dav.c>
Alias /recordings /var/webdav/recordings"
<Directory /var/webdav/recordings>
Dav On
Options Indexes MultiViews FollowSymlinks
IndexOptions FancyIndexing
AddDefaultCharset UTF-8
AuthType Basic
AuthName "webdav"
AuthUserFile /var/webdav/htpasswd
Require valid-user
Order allow,deny
Allow from all
<LimitExcept GET POST OPTIONS PUT>
Order allow,deny
Allow from all
</LimitExcept>
</Directory>
<Location "/recordings">
Require valid-user
AuthType Basic
AuthName "webdav"
AuthUserFile /var/webdav/htpasswd
</Location>
</IfModule>
Any helpful comments guys..Thanks in advance.
I need to restrict access to all files stored in /sites/default/files/pdf/ on my Apache webserver. I have tried following FilesMatch expression, but that does not work.
<FilesMatch "sites/default/files/pdf">
AuthName "myauth"
AuthBasicProvider ldap
AuthType Basic
AuthLDAPURL ....
AuthLDAPBindDN ....
AuthLDAPBindPassword ...
Require valid-user
</FilesMatch>
Even matching for specific filename does not work (<FilesMatch "sites/default/files/pdf/myfile\.pdf">). Am I missing something?
try the Directory tag (or the Location tag if it is the URL and not the file path). You can check out the Apache docs, but Directory tag is for referencing the file system whereas Location is for the URL. There are differences, in cases where multiple URLS/symlinks can point to same directory, but syntax and basic function is the same. Don't forget the Allow/deny
<Directory /sites/default/files/pdf>
Order Deny, Allow
Deny from all
AuthName "myauth"
AuthBasicProvider ldap
AuthType Basic
AuthLDAPURL ....
AuthLDAPBindDN ....
AuthLDAPBindPassword ...
Require valid-user
</Directory>
OR
<Location /sites/default/files/pdf>
Order Deny, Allow
Deny from all
AuthName "myauth"
AuthBasicProvider ldap
AuthType Basic
AuthLDAPURL ....
AuthLDAPBindDN ....
AuthLDAPBindPassword ...
Require valid-user
</Location>
I have a new website I'm working on that the client wants to keep a secret, but at the same time, I want to put an under construction page with some info on it. I would like to have everything except index.html require a user/password--index.html would be available to everyone.
I have the following, but I'm not sure what I need to add:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/file/.htpasswd
AuthGroupFile /dev/null
require valid-user
There are too many files and possibly new files to say "for this set of files require a user/password".
I think it has something to do with something similar to:
<Files index.html>
order deny,allow
allow from all
</Files>
But I'm not exactly sure how.
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/file/.htpasswd
AuthGroupFile /dev/null
<Files "*">
Require valid-user
</Files>
<Files "index.html">
Allow from all
Satisfy any
</Files>
I used empi response almost exactly, but I realized that I'm loading a logo and reset-min.css on the under construction page, so I modified it like the following:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/examplecom/example.com/html/.htpasswd
AuthGroupFile /dev/null
<Files "*">
Require valid-user
</Files>
<FilesMatch "(index\.html|reset-min\.css|logo-temp\.gif)$">
Allow from all
Satisfy any
</FilesMatch>
have you tried reversing the order to first allow, then deny?
For further reading: apache htaccess directive are a good reference.