Basic Authentication

Hi there,

Just having a few issues with authentication on my server.
I am trying to apply basic authentication to my root directory, but not all
of the sub-directories. How can i apply authentication to only the root?

Anyone got any tips?

Thanks in advance

Justin

__/ [Justin] on Thursday 08 September 2005 15:49 \__

> Hi there,
>
> Just having a few issues with authentication on my server.
> I am trying to apply basic authentication to my root directory, but not
> all of the sub-directories. How can i apply authentication to only the
> root?
>
> Anyone got any tips?
>
> Thanks in advance
>
> Justin

Have you considered using some hard or soft links, re-directing from root
directory or relocating its content (transparently) to a subfolder that
requires authentication to access? You can deny access to everything in the
root directory and shift its public content in a way that does not expose
the structure, e.g. URL re-writes...

Roy

--
Roy S. Schestowitz | (S)oftware (U)nd (S)ystem(E)ntwicklung
http://Schestowitz.com | SuSE Linux | PGP-Key: 74572E8E
4:15am up 15 days 6:07, 3 users, load average: 0.99, 0.82, 0.58

Hi Roy,
Sorry to sound ignorant, but how would hard/soft links help?

There is just one subdirectory that i dont want the authentication to be
applied to.
eg) /research <- root directory with basic authentication
/research/tests <- subdirectory that i dont want authentication on.

Is there a way to prevent the authentication i apply to the research folder
following down to the tests directory too?

Thanks again

Jus

"Roy Schestowitz" <newsgroups@schestowitz.com> wrote in message
news:dfqv7e$2occ$2@godfrey.mcc.ac.uk...
> __/ [Justin] on Thursday 08 September 2005 15:49 \__
>
>> Hi there,
>>
>> Just having a few issues with authentication on my server.
>> I am trying to apply basic authentication to my root directory, but not
>> all of the sub-directories. How can i apply authentication to only the
>> root?
>>
>> Anyone got any tips?
>>
>> Thanks in advance
>>
>> Justin
>
> Have you considered using some hard or soft links, re-directing from root
> directory or relocating its content (transparently) to a subfolder that
> requires authentication to access? You can deny access to everything in
> the
> root directory and shift its public content in a way that does not expose
> the structure, e.g. URL re-writes...
>
> Roy
>
> --
> Roy S. Schestowitz | (S)oftware (U)nd (S)ystem(E)ntwicklung
> http://Schestowitz.com | SuSE Linux | PGP-Key: 74572E8E
> 4:15am up 15 days 6:07, 3 users, load average: 0.99, 0.82, 0.58

__/ [Justin] on Sunday 11 September 2005 13:30 \__

> "Roy Schestowitz" <newsgroups@schestowitz.com> wrote in message
> news:dfqv7e$2occ$2@godfrey.mcc.ac.uk...
>> __/ [Justin] on Thursday 08 September 2005 15:49 \__
>>
>>> Hi there,
>>>
>>> Just having a few issues with authentication on my server.
>>> I am trying to apply basic authentication to my root directory, but not
>>> all of the sub-directories. How can i apply authentication to only the
>>> root?
>>>
>>> Anyone got any tips?
>>>
>>> Thanks in advance
>>>
>>> Justin
>>
>> Have you considered using some hard or soft links, re-directing from root
>> directory or relocating its content (transparently) to a subfolder that
>> requires authentication to access? You can deny access to everything in
>> the
>> root directory and shift its public content in a way that does not expose
>> the structure, e.g. URL re-writes...
>>
>> Roy
>
> Hi Roy,
> Sorry to sound ignorant, but how would hard/soft links help?
>
> There is just one subdirectory that i dont want the authentication to be
> applied to.
> eg) /research <- root directory with basic authentication
> /research/tests <- subdirectory that i dont want authentication on.
>
> Is there a way to prevent the authentication i apply to the research
> folder following down to the tests directory too?
>
> Thanks again
>
> Jus

Hi Justin,

I used to do something very similar with ~/Research on my domain (almost
everything is public now). To achieve this effect I incorporated an
HTML/JS-based password protection (gateway page). It is not the safest
solution, but if it suits you, read on.

Have a look at the page below:

http://www.schestowitz.com/Research

For historical reasons, it meta-redirects to

http://www.schestowitz.com/res.htm

The crossed-out text is what used to serve as the "I have the password,
please let me in" link. If you follow that link you will be asked for a
pseudo-password, which is in fact the relative URL excluding the suffix.
So, the 'password' is (was) in fact: /Research/resindex

If you allow visitors to access /Research/example, curious ones among them
can ascend one level up to /Research/ and get served index.html (or PHP,
shtml, htm as specified in your Apache settings). To prevent this from
being so 'hackable', assign a mysterious name to the main page e.g.
barmuda.html and set index.html to serve some page like:
http://www.schestowitz.com/Research/Notes/ (yes, it is supposed to be
blocked because subdirectories are private)

I urge you to avoid plentiful mentionings of names. Particularly, be careful
when mentioning names of your superordinates in public pages. People
ego-surf.

Hope it helps,

Roy

--
Roy S. Schestowitz | /earth: file system full
http://Schestowitz.com | SuSE Linux | PGP-Key: 74572E8E
3:20pm up 17 days 13:48, 3 users, load average: 0.58, 0.51, 0.66