#6630 (In Topic #1717)
I'm clearly missing something in the tutorial...I have another site that I was looking at redoing with Composr. In this case, the HTTP authrorization option would be helpful as there are some custom scripts that rely on that. I set up a test site to try out the scheme.
- I've ticked the HTTP-Auth is enabled in the User/usergroup options.
- I've set up a password file with a few sample users in a directory outside the Composr installation.
- I've put identical .htaccess files in the cms, data, forum, and site directories.
From the tutorial here, I read "When defining access rules on Apache you will need to define most of the HTTP-auth settings (i.e. define the security zone) in the main .htaccess file, and then place the actual restrictions (e.g. require valid-user) on the files placed within individual zones..."
I'm wondering if the underlined portion there is the key to my problem. I'm not really sure what that means...what exactly is the "main .htaccess file" referred to there, where does it go, and what needs to be in it?
I've updated the tutorial to be a lot clearer:
Composr Tutorial: Integrating Composr into a network via HTTP authentication - Composr
Fixed MANTIS-4222 (HTTP authentication tutorial is not great) (c1fe3738) · Commits · Composr Foundation / Composr · GitLab
The "main .htaccess file" is the one under your base directory.
I re-tested all this myself and I did find the Auth* code needed for Apache HTTP-authentication basically needs to be at the top of the file. This is because the IP-ban code at the bottom of our default for the file conflicts with it.
The updated tutorial simplifies things in case you want to protect the whole site rather than individual zones.
It also shows specific code to help clarify how it works.
- If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
- If so, please let others know about Composr whenever you see the opportunity or support me on Patreon.
- If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying Composr on fun personal projects.
- If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
1 guest and 0 members have just viewed this.