You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Tom Ray <to...@blazestudios.com> on 2003/01/16 18:02:27 UTC

Re: [users@httpd] Password protecting access to whole web site without .htpasswd file

If you can't use .htaccess to protect the directory, you're probably going
to have to use some sort of PERL or PHP script to do this. Have a login
page that when submit compares against either a flat file or a database
that has a username and password stored in it.

Currently, I'm using a flat file system that has the same layout of a
password file created by htpasswd user:password and I use crypt() to
encrypt the passwords in the file, then when the user submits the form I
run the password the user supplied through crypt() and compare it to the
entries in the flat file. But I only have one or two users that hit this
area and the data isn't really that important that getting hacked would
make a big deal.

-----Original Message-----
From: Neil Marjoram <n....@vam.ac.uk>
To: users@httpd.apache.org
Date: 16 Jan 2003 16:19:05 +0000
Subject: [users@httpd] Password protecting access to whole web site
without .htpasswd file

> Hello, 
> 
> I wonder if anyone can help me. I need to secure a web site against
> access by unauthorised users - which may at first seem simple but my
> web
> server is just acting as a proxy to get at another web server inside
> the
> firewall.
> 
> I am using ProxyPass statements to pass the request to the internal
> server, one of which is for /. This means I am unable to place the
> usual
> .htpasswd files in the directories to secure the contents.
> 
> Anyone any ideas?
> 
> Apache version 1.3.27 on RedHat.
> 
> Thanks,
> 
> Neil.
> -- 
> Neil Marjoram <n....@vam.ac.uk>
> Victoria & Albert Museum
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org