[ic] passwording admin area via Apache

Stefan Hornburg interchange-users@icdevgroup.org
Fri Oct 18 13:53:00 2002


On Fri, 18 Oct 2002 13:43:36 -0400
Mike Heins <mike@perusion.com> wrote:

> 
> Quoting Dennis Chen (dchen@technicacorp.com):
> > > Has anyone successfully used Apache authentication to add an 
> > > additional
> > > username/password protection on the admin area (and not the customer
> > > part of the site)?  
> > > 
> > > I've been yet unable to use Apache style authentication (having and
> > > .htaccess file, or a </Directory> section in the httpd.conf file) to
> > > protect anything other than the entire catalog (by specifying the
> > > authentication in the cgi-bin directory).
> > > 
> > > Thanks for any help,
> > > Daniel
> > 
> > 
> > I was looking into also that but couldn't figure out a solution so in the end
> > I just decided to rename my admin/login.html to something else...
> 
> It is extremely easy to do in Apache -- and has undoubtedly been put on the
> mail list many times. Here it is once again:
> 
> <LocationMatch /cgi-bin/*/(ui$|admin/)>
>     AuthUserFile /etc/httpd/conf/htpasswd
>     AuthGroupFile /etc/httpd/conf/htgroup
>     AuthName Interchange-Admin
>     AuthType Basic
>     <Limit GET POST PUT>
> 	require group icadmin
>     </Limit>
> </LocationMatch>

But that didn't protect any queries via the virtual process URL issued from
within the UI.

Ciao
        Racke