Posted: 10/30/2012 4:06:16 PM EDT
|
I'm currently running an "internal" company website that is password protected by htpasswd to get into the website. All the employees have access to it, but I want to add in some more pages with information that only a select few are able to view.
Is there any way to setup a second htpasswd where you log in again to get into the restricted pages? Better yet, are there other options for password protecting a website? I'd really like one login when you first go to the page, but only the special users can access the restricted pages. |
|
Quoted: I'm currently running an "internal" company website that is password protected by htpasswd to get into the website. All the employees have access to it, but I want to add in some more pages with information that only a select few are able to view. Is there any way to setup a second htpasswd where you log in again to get into the restricted pages? Better yet, are there other options for password protecting a website? I'd really like one login when you first go to the page, but only the special users can access the restricted pages. A couple of questions: This is a LAMP server? (Linux, Apache, MySql, PhP) Do you have root or editing access to the server so you can change the apache.ini file? I am pretty sure HTPASSWRD allows you to compartmentalize authentication by folder or individual file. But, it's going to take some Googling to get it done. Also, though I don't recommend this, there's two layers of authentication; the virtual server layer (files and folders the web server sets up for people to view) and the file system layer (where the operating system accesses what's on disk) where you can manipulate permissions. You could just leave HTPSSWRD as it is and use the disk layer to set permissions for "read" to only certain users. Of course, those users would have to exist on the box first....
|
|
Its currently on a LAMP server, but I also have a DL380 that has Windows Web Server 2008 I might run it on for better redundancy.
I have root access. I just looked into more advanced htpasswd configs... had no idea it could do that much. I always thought it was very basic since anything I have read about it stops at setting up simple password protection... Thanks! |
|
Quoted:
Its currently on a LAMP server, but I also have a DL380 that has Windows Web Server 2008 I might run it on for better redundancy. I have root access. I just looked into more advanced htpasswd configs... had no idea it could do that much. I always thought it was very basic since anything I have read about it stops at setting up simple password protection... Thanks! You could also plumb your webserver into your directory service (whatever you use) and then use your authentication domain management tools to control access. |
|
Quoted:
You could also plumb your webserver into your directory service (whatever you use) and then use your authentication domain management tools to control access. Sorry, but.... you lost me there. I think I am getting htpasswd figured out, should be good to go now. Thanks for the help guys. |
|
Quoted: He means make the web server join the domain, so the logins the users use to get on their computers in the morning can apply to the security in the web site. Basically, you'd just have to know how to manage permissions in windows and it would be easy from there.Quoted: You could also plumb your webserver into your directory service (whatever you use) and then use your authentication domain management tools to control access. Sorry, but.... you lost me there. I think I am getting htpasswd figured out, should be good to go now. Thanks for the help guys. Note; DO NOT RUN A WEB SITE ON YOUR DOMAIN CONTROLLER if it has any sort of outside the network access. That's bad JuJu. Intranet / SharePoint is fine.
|
|
Quoted:
Quoted:
He means make the web server join the domain, so the logins the users use to get on their computers in the morning can apply to the security in the web site. Basically, you'd just have to know how to manage permissions in windows and it would be easy from there.Quoted:
You could also plumb your webserver into your directory service (whatever you use) and then use your authentication domain management tools to control access. Sorry, but.... you lost me there. I think I am getting htpasswd figured out, should be good to go now. Thanks for the help guys. Note; DO NOT RUN A WEB SITE ON YOUR DOMAIN CONTROLLER if it has any sort of outside the network access. That's bad JuJu. Intranet / SharePoint is fine.
Aww but windows! 
You can plug apache into AD pretty easily, and that's the route I'd recommend. ETA: http://adam.shand.net/archives/2006/apache_and_active_directory/ <- that, from 2006, is the first hit I got. http://www.linuxnix.com/2011/01/apache-integration-setup-active-directoryad.html is more recent, but somewhat incoherent at a quick browse. |