HTTP Authentication

Post

Posted
Rating:
#6630 (In Topic #1717)
Avatar
Standard member
treedood is in the usergroup ‘Fan in action’

I'm clearly missing something in the tutorial...

I have another site that I was looking at redoing with Composr.  In this case, the HTTP authrorization option would be helpful as there are some custom scripts that rely on that.  I set up a test site to try out the scheme. 
  • I've ticked the HTTP-Auth is enabled in the User/usergroup options
  • I've set up a password file with a few sample users in a directory outside the Composr installation. 
  • I've put identical .htaccess files in the cms, data, forum, and site directories.
When I try to login to the site, none of the usernames in the password file are recognized.  I can only login with the admin password I used when installing Composr.  Once I'm logged in, and try to navigate, then I get the HTTP authorization popup window.

From the tutorial here, I read "When defining access rules on Apache you will need to define most of the HTTP-auth settings (i.e. define the security zone) in the main .htaccess file, and then place the actual restrictions (e.g. require valid-user) on the files placed within individual zones..."  

I'm wondering if the underlined portion there is the key to my problem.  I'm not really sure what that means...what exactly is the "main .htaccess file" referred to there, where does it go, and what needs to be in it?

Thanks...
Online now: No Back to the top

Post

Posted
Rating:
#6637
Avatar
Site director
Chris Graham is in the usergroup ‘Administrators’
Hi,

I've updated the tutorial to be a lot clearer:
Composr Tutorial: Integrating Composr into a network via HTTP authentication - Composr
Fixed MANTIS-4222 (HTTP authentication tutorial is not great) (c1fe3738) · Commits · Composr Foundation / Composr · GitLab

The "main .htaccess file" is the one under your base directory.

I re-tested all this myself and I did find the Auth* code needed for Apache HTTP-authentication basically needs to be at the top of the file. This is because the IP-ban code at the bottom of our default for the file conflicts with it.

The updated tutorial simplifies things in case you want to protect the whole site rather than individual zones.
It also shows specific code to help clarify how it works.


Become a fan of Composr on Facebook or add me as a friend. Add me on on Twitter. Follow me on Minds (where I am most active). Support me on Patreon

Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about Composr whenever you see the opportunity or support me on Patreon.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying Composr on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Online now: No Back to the top
1 guest and 0 members have just viewed this.

Statistics

Users online:

Philip, MVLipwig, gabriel58, Manu, mytracker

Forum statistics:
  • 1,216 topics, 5,711 posts, 6,874 members
  • Our newest member is DigitalMathur
Birthdays:
Back to Top