htaccess

["E.L." <el...@yahoo.com>]

Hi,

I was wondering how to generate or insert .htaccess files in a forrest generated (static) site. 
Doing a search for this - I came across:
http://issues.cocoondev.org/jira//ViewIssue.jspa?key=FOR-109


So I was wondering - what's the scoop on this?  Is there any way to add .htaccess files manually
to the source directory so that when forrest generates a site it just grabs them?

El

__________________________________
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway 
http://promotions.yahoo.com/design_giveaway/

Re: htaccess

[David Crossley <cr...@apache.org>]

Juan Jose Pablos wrote:
> David Crossley escribió:
> > 
> > Dave has shown you the way to copy pre-prepared files over.
> > FOR-109 is an idea about automatically generating them, which would
> > be a grand feature enhancement. Bear in mind that that capability
> > would need to be optional, because not everyone uses such
> > Apache-HTTPd-like methods as their web server.
> > 
> 
> I am happy to write something that is useful to 33 million sites, and 66 
> % of the market share.
> 
> http://news.netcraft.com/archives/2004/04/01/april_2004_web_server_survey.html

Go Apache.

Great, i will look forward to whatever .htaccess generation
stuff that you can devise.

--David

Re: htaccess

[Juan Jose Pablos <ch...@che-che.com>]

David Crossley escribió:
> 
> Dave has shown you the way to copy pre-prepared files over.
> FOR-109 is an idea about automatically generating them, which would
> be a grand feature enhancement. Bear in mind that that capability
> would need to be optional, because not everyone uses such
> Apache-HTTPd-like methods as their web server.
> 

I am happy to write something that is useful to 33 million sites, and 66 
% of the market share.

http://news.netcraft.com/archives/2004/04/01/april_2004_web_server_survey.html

Re: htaccess

[Upayavira <uv...@upaya.co.uk>]

David Crossley wrote:

>Dave Brondsema wrote:
><snip/>
>  
>
>>How does this improve forrest?  It seems like basically we're defining 
>>the htaccess file in XML form and forrest is creating the file.  How is 
>>that better than just maintaining a .htaccess file directly?
>>
>>I don't mean to be a discourager at all; we gladly welcome your help, EL.
>>    
>>
>
>This would make it configurable via skinconf.xml (see previous
>discussion in this thread). Basically trying to implement
>http://issues.cocoondev.org/jira//ViewIssue.jspa?key=FOR-109
>... perhaps Stefano can indicate why this is good.
>  
>
Stefano says: "having forrest pregenerating the htaccess file to do some 
sort of poor-man multichannel or content negotiation"

So he's after poor-man multichannel. So, for example, configuring Apache 
to do I18N properly would be the most important feature in my mind.

Upayavira

>--David
>
>
>
>  
>

Re: htaccess

[David Crossley <cr...@apache.org>]

Dave Brondsema wrote:
<snip/>
> 
> How does this improve forrest?  It seems like basically we're defining 
> the htaccess file in XML form and forrest is creating the file.  How is 
> that better than just maintaining a .htaccess file directly?
> 
> I don't mean to be a discourager at all; we gladly welcome your help, EL.

This would make it configurable via skinconf.xml (see previous
discussion in this thread). Basically trying to implement
http://issues.cocoondev.org/jira//ViewIssue.jspa?key=FOR-109
... perhaps Stefano can indicate why this is good.

--David

Re: htaccess

["E.L." <el...@yahoo.com>]

Dave,

> >>Then in content directory have something like security.xml where
> > 
> > Probably call it htaccess.xml ... and it needs a special match in
> > the sitemap.xmap to deal with the "htaccess' pattern to apply an
> > htaccess.xsl to generate the output.
> > 
> 
> How does this improve forrest?  It seems like basically we're defining 
> the htaccess file in XML form and forrest is creating the file.  How is 
> that better than just maintaining a .htaccess file directly?
> 
> I don't mean to be a discourager at all; we gladly welcome your help, EL.

No problem - better to get things out in the open early on.  If a feature is not worth while, then
it shouldn't be done.

What's the scoop on internationalization and .htaccess?

EL

__________________________________
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway 
http://promotions.yahoo.com/design_giveaway/

Re: htaccess

[Dave Brondsema <da...@brondsema.net>]

David Crossley wrote:
> E.L. wrote:
>>Then in content directory have something like security.xml where
>>.htaccess information is describe.  Apache directives could be
>>used to create xml tags:
>><authtype>Basic</authtype>
>><authname>"Password Required"</authname>
>><authuserfile> /home/foouser/passwords/password.file</authuserfile>
>><authgroupfile> /home/foouser/passwords/group.file</authgroupfile>
>><require>
>>	<group>admins</group>
>>	<user>jsmith</user>
>></require>
> 
> 
> Probably call it htaccess.xml ... and it needs a special match in
> the sitemap.xmap to deal with the "htaccess' pattern to apply an
> htaccess.xsl to generate the output.
> 

How does this improve forrest?  It seems like basically we're defining 
the htaccess file in XML form and forrest is creating the file.  How is 
that better than just maintaining a .htaccess file directly?

I don't mean to be a discourager at all; we gladly welcome your help, EL.

-- 
Dave Brondsema : dave@brondsema.net
http://www.splike.com : programming
http://csx.calvin.edu : student org
http://www.brondsema.net : personal

Re: htaccess

[David Crossley <cr...@apache.org>]

E.L. wrote:
> David Crossley wrote:
> > Dave has shown you the way to copy pre-prepared files over.
> > FOR-109 is an idea about automatically generating them, which would
> > be a grand feature enhancement. Bear in mind that that capability
> > would need to be optional, because not everyone uses such
> > Apache-HTTPd-like methods as their web server.
> > 
> > If you have any ideas in that department then we would be glad to hear.
> 
> Here is my idea.  Ok - so keeping in mind that I'm a forrest newbee
> (and I'm talking from a
> pragmatic operational point of view (hopefully) - here are my 2 cents:

You are doing very well for a newbie :-)

> For this functionality (focusing purely on providing an access control
> mechanism that uses Apache web server):
> In some overall properties file (?forrest.properties?):
> - user needs to specify web server (right now - only apache will work),
> so something like:
> web.server=apache
> - If it is apache (or any other server I suppose) - user would need to
> specify the file name that web serve recognizes as a directive file.
> In apache (by default) - the file is .htaccess, however
> - it can be anything (changed via Apache's httpd.conf).
> So the next overall property would specify this:
> 
> web.server.directive.file.name = .htaccess

Yep, without the spaces.

> I believe that the above should be explicitly stated in forrest,
> rather than assume a default. 
> Now as to the name of this property - it probably needs to be something
> more general (I don't know
> if IIS for example has a file that specifies directives, or separate
> files for directives, as
> opposed to access control - in Apache - its all in one file).
> Alternatively, this can be an access control property only - i.e.:
> web.server.access.control.file.name = .htaccess

Yes, probably better to be more general with the names.
We can always change it. This is for forrest-0.6 head
i.e. the development version.

> Restricting access to a particular part of a site involves 2 things:
> the password file (this is usually in user's home directory and not
> part of web directories served by the web server) and the
> .htacess file for a particular directory that needs to be restricted.
> 
> Examples:
> 
> password file:
> jsmith:IlH5ttPHI23NJI
> bob_jones:JKWELL008

Just assume that they know all those things. If not then they
should not be messing with .htaccess files.

> .htaccess file:
> AuthType Basic
> AuthName "Password Required"
> AuthUserFile /home/foouser/passwords/password.file
> AuthGroupFile /home/foouser/passwords/group.file
> Require group admins
> Require user jsmith
> 
> Personally - I don't use the group password file.
> In any case - one thing to keep in mind is that
> absolute path needs to be supplied to AuthUserFile and
> AuthGroupFile (if that exists). 
> Furthermore, different password files can be used for
> different directories.
> 
> So - a possible approach to specify the above:
> 
> In site.xml:
> Have something similar to the external links type of structure
> that allows user to specify different password files (it doesn't
> matter if its group or user).  Also - have the same thing for
> users and groups (for those that are used through many different
> .htaccess files.  So it would be something like:
>   <external-apache-security>
>     <xml.apache.org href="http://xml.apache.org/">
>        <admingroup secref="admins">
> 	??stating group name as being called admins
> 	</admingroup>
> 	<totalsitepasswdfile secref="globalpasswdfile">
> 	???stating absolute path including file name of a password
>         file (can be group or user - doesn't matter)
> 	</totalsitepasswdfile>
>     </xml.apache.org>
>   </  <external-apache-security>

This stuff would not go in site.xml because that is about defining
the linking and navigation stuff. The skinconf.xml might be a better
place.

> Then in content directory have something like security.xml where
> .htaccess information is describe.  Apache directives could be
> used to create xml tags:
> <authtype>Basic</authtype>
> <authname>"Password Required"</authname>
> <authuserfile> /home/foouser/passwords/password.file</authuserfile>
> <authgroupfile> /home/foouser/passwords/group.file</authgroupfile>
> <require>
> 	<group>admins</group>
> 	<user>jsmith</user>
> </require>

Probably call it htaccess.xml ... and it needs a special match in
the sitemap.xmap to deal with the "htaccess' pattern to apply an
htaccess.xsl to generate the output.

> For above - you could use those external references instead of direct names.

I gather that the parameters from the skinconf.xml would be available
in the stylesheet. Look at some of the other stylesheets to see.

> The above would generate an .htaccess file (same data as in .htacess file
> shown above)for the content directory its in.  The security.xml (validation
> wise) would require authtype, authname, authuserfile, authgroupfile, and
> one <group> or <user> or both.

The source file would need a DTD to define that.

> One more thing is that if the user doesn't want a groupfile - then they
> still need to have this field and put a /dev/null
> (forcing a good security practice).
>
> Things to note:  I don't think that the other Require directive are needed
> at this stage.

We do need to look a bit further ahead at this design stage.
For example, there are many other things that can be specified
in the Apache htaccess, e.g. rewrite rules.

> Is this at all helpful to build this feature?
> 
> EL
> 
> PS:  Relevent info:
> http://httpd.apache.org/docs/howto/htaccess.html
> http://httpd.apache.org/docs/howto/auth.html
> http://httpd.apache.org/docs/mod/core.html#require

Yes, it is very helpful to have someone write down all the
steps and get the discussion moving. Please try it out on
your local system.

--David

Re: htaccess

["E.L." <el...@yahoo.com>]

David,

> Dave has shown you the way to copy pre-prepared files over.
> FOR-109 is an idea about automatically generating them, which would
> be a grand feature enhancement. Bear in mind that that capability
> would need to be optional, because not everyone uses such
> Apache-HTTPd-like methods as their web server.
> 
> If you have any ideas in that department then we would be glad to hear.

Here is my idea.  Ok - so keeping in mind that I'm a forrest newbee (and I'm talking from a
pragmatic operational point of view (hopefully) - here are my 2 cents:

For this functionality (focusing purely on providing an access control mechanism that uses Apache
web server):
In some overall properties file (?forrest.properties?):
- user needs to specify web server (right now - only apache will work), so something like:
web.server=apache
- If it is apache (or any other server I suppose) - user would need to specify the file name that
web serve recognizes as a directive file.  In apache (by default) - the file is .htaccess, however
- it can be anything (changed via Apache's httpd.conf).  So the next overall property would
specify this:

web.server.directive.file.name = .htaccess

I believe that the above should be explicitly stated in forrest, rather than assume a default. 
Now as to the name of this property - it probably needs to be something more general (I don't know
if IIS for example has a file that specifies directives, or separate files for directives, as
opposed to access control - in Apache - its all in one file).  Alternatively, this can be an
access control property only - i.e.:
web.server.access.control.file.name = .htaccess

Restricting access to a particular part of a site involves 2 things:  the password file (this is
usually in user's home directory and not part of web directories served by the web server) and the
.htacess file for a particular directory that needs to be restricted.

Examples:

password file:
jsmith:IlH5ttPHI23NJI
bob_jones:JKWELL008

.htaccess file:
AuthType Basic
AuthName "Password Required"
AuthUserFile /home/foouser/passwords/password.file
AuthGroupFile /home/foouser/passwords/group.file
Require group admins
Require user jsmith

Personally - I don't use the group password file.  In any case - one thing to keep in mind is that
absolute path needs to be supplied to AuthUserFile and AuthGroupFile (if that exists). 
Furthermore, different password files can be used for different directories.

So - a possible approach to specify the above:

In site.xml:
Have something similar to the external links type of structure that allows user to specify
different password files (it doesn't matter if its group or user).  Also - have the same thing for
users and groups (for those that are used through many different .htaccess files.  So it would be
something like:
  <external-apache-security>
    <xml.apache.org href="http://xml.apache.org/">
       <admingroup secref="admins">
	??stating group name as being called admins
	</admingroup>
	<totalsitepasswdfile secref="globalpasswdfile">
	???stating absolute path including file name of a password file (can be group or user - doesn't
matter)
	</totalsitepasswdfile>
    </xml.apache.org>
  </  <external-apache-security>
>

Then in content directory have something like security.xml where .htaccess information is
describe.  Apache directives could be used to create xml tags:
<authtype>Basic</authtype>
<authname>"Password Required"</authname>
<authuserfile> /home/foouser/passwords/password.file</authuserfile>
<authgroupfile> /home/foouser/passwords/group.file</authgroupfile>
<require>
	<group>admins</group>
	<user>jsmith</user>
</require>

For above - you could use those external references instead of direct names.

The above would generate an .htaccess file (same data as in .htacess file shown above)for the
content directory its in.  The security.xml (validation wise) would require authtype, authname,
authuserfile, authgroupfile, and one <group> or <user> or both.  One more thing is that if the
user doesn't want a groupfile - then they still need to have this field and put a /dev/null
(forcing a good security practice).


Things to note:  I don't think that the other Require directive are needed at this stage.

Is this at all helpful to build this feature?

EL

PS:  Relevent info:
http://httpd.apache.org/docs/howto/htaccess.html
http://httpd.apache.org/docs/howto/auth.html
http://httpd.apache.org/docs/mod/core.html#require


__________________________________
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway 
http://promotions.yahoo.com/design_giveaway/

Re: htaccess

[David Crossley <cr...@apache.org>]

Dave Brondsema wrote:
> E.L. wrote:
> > I was wondering how to generate or insert .htaccess files in a forrest
> > generated (static) site. 
> > Doing a search for this - I came across:
> > http://issues.cocoondev.org/jira//ViewIssue.jspa?key=FOR-109

Dave has shown you the way to copy pre-prepared files over.
FOR-109 is an idea about automatically generating them, which would
be a grand feature enhancement. Bear in mind that that capability
would need to be optional, because not everyone uses such
Apache-HTTPd-like methods as their web server.

If you have any ideas in that department then we would be glad to hear.

--David

> > So I was wondering - what's the scoop on this?  Is there any way to
> > add .htaccess files manually
> > to the source directory so that when forrest generates a site it
> > just grabs them?
> > 
> > El
> > 
> 
> You can put them in the raw content directory (e.g. 
> src/documentation/content/.htaccess or 
> src/documentation/content/subdir/.htaccess) and it should copy them over.

Re: htaccess

["E.L." <el...@yahoo.com>]

Dave,

> > I was wondering how to generate or insert .htaccess files in a forrest generated (static)
...> 
> You can put them in the raw content directory (e.g. 
> src/documentation/content/.htaccess or 
> src/documentation/content/subdir/.htaccess) and it should copy them over.

Great - thanks - I'll try it out.

El

__________________________________
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway 
http://promotions.yahoo.com/design_giveaway/

Re: htaccess

[Dave Brondsema <da...@brondsema.net>]

E.L. wrote:
> Hi,
> 
> I was wondering how to generate or insert .htaccess files in a forrest generated (static) site. 
> Doing a search for this - I came across:
> http://issues.cocoondev.org/jira//ViewIssue.jspa?key=FOR-109
> 
> 
> So I was wondering - what's the scoop on this?  Is there any way to add .htaccess files manually
> to the source directory so that when forrest generates a site it just grabs them?
> 
> El
> 

You can put them in the raw content directory (e.g. 
src/documentation/content/.htaccess or 
src/documentation/content/subdir/.htaccess) and it should copy them over.

-- 
Dave Brondsema : dave@brondsema.net
http://www.splike.com : programming
http://csx.calvin.edu : student org
http://www.brondsema.net : personal