Hallo, I'm playing something arround with apache on SuSE 8.0 and now want to access some things from the internet. For doing this, I've configured SSL with my apache, witch works fine. Now I want to make this server accessible via https and secure the complete site via userid and password. What is the easiest way to secure a complete site via password. Ofcourse, I do want to access this site from my private netowrk without having to fill in userid/password. In the docs I did only find something to secure directory by directory, which is not, what I want. Thanks for help Thomas
On Jan 6, Thomas Ruch
What is the easiest way to secure a complete site via password. Ofcourse, I do want to access this site from my private netowrk without having to fill in userid/password. In the docs I did only find something to secure directory by directory, which is not, what I want. If you mean htaccess security, it is derived to sub directories automatically. So if you protect the top level directory, no further steps are necessary. There is only one exception: Alias directories outside the normal document root have to be protected seperately (just copy the .htaccess file there too).
hth Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \
Am Montag, 6. Januar 2003 14:32 schrieb Markus Gaugusch:
normal document root have to be protected seperately (just copy the .htaccess file there too).
You could even link to the main .htaccess only, right? So you'll only have to change one file, no copying around. Markus -- All for one and one for all, except me above all.
Hi, If he really wants to protect the whole site, it's easier and less error-prone to put something like this into httpd.conf: <Directory /> ... Require user <username> </Directory> To allow users from the private network to enter without a password see: http://httpd.apache.org/docs/howto/auth.html#satisfy And for the real experts my question having IP spoofing on my mind: Is IP-based access control with apache really safe? Best regards, Matthias -- See header for e-mail address and name.
On Monday 06 January 2003 13:28, Matthias Riese wrote:
And for the real experts my question having IP spoofing on my mind: Is IP-based access control with apache really safe?
If I understood the concept of IP-Spoofing correctly, you simply wouldn't receive the data, because it would be sent to the spoofed IP, not the sender's real one. So probably it can be considered as safe. Vinzent. -- Our policy is, when in doubt, do the right thing. -- Roy L. Ash, ex-president Litton Industries
Vinzent Hoefler wrote:
On Monday 06 January 2003 13:28, Matthias Riese wrote:
And for the real experts my question having IP spoofing on my mind: Is IP-based access control with apache really safe?
If I understood the concept of IP-Spoofing correctly, you simply wouldn't receive the data, because it would be sent to the spoofed IP, not the sender's real one.
So probably it can be considered as safe.
take care! If the sender sends spoofed packets with source routing informations, he can probably read the packets. So he is able, ok that isnt easy ;), to fake a whole session ... more or less...
participants (6)
-
Markus Gaugusch -
Markus Kohli -
Matthias Riese -
Sven 'Darkman' Michels -
Thomas Ruch -
Vinzent Hoefler