> -----Original Message-----
> From: Petri Varsa [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, June 22, 2005 8:30 AM
> To: Michael Martinell; debian-user@lists.debian.org
> Subject: Re: secure apache in debian
> 
> I think this should work for you:
> 
>                 <Location />
>                         AuthType Basic
>                         AuthUserFile /etc/apache2/ssl/user_auth
>                         AuthName "Test"
>                         Require valid-user
>                 </Location>
> 
> Put this in under the <VirtualHost> section.  Then use the htpasswd
> program to create the /etc/apache2/ssl/user_auth file.
> 
> -petri
> 
> 
> On 6/22/05, Michael Martinell <[EMAIL PROTECTED]> wrote:
> >
> >
> > > -----Original Message-----
> > > From: Jon Dowland [mailto:[EMAIL PROTECTED]
> > > Sent: Wednesday, June 22, 2005 6:24 AM
> > > To: debian-user
> > > Subject: Re: secure apache in debian
> > >
> > > Michael Martinell wrote:
> > >
> > > > What is the best way to secure an entire site in apache? I have 3.1
> r0
> > > and
> > > > have installed the apache package. Basically I want 1 user to be
> able to
> > > > access any directory or folder that exists now or will ever exist in
> the
> > > > future in the /var/www path.
> > >
> > > You'll have to be a bit more specific. When I read 'secure' I think,
> > > 'secure transmission' and you mean setting up HTTPS. However, it
> sounds
> > > like what you're really after is realm-based HTTP authentication.
> > >
> > >
> > > --
> > > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > > with a subject of "unsubscribe". Trouble? Contact
> > > [EMAIL PROTECTED]
> >
> > I have an in-house server for administrators, technicians and such to
> get
> > install files and so forth off of.  I do not really want the casual user
> to
> > be able to access this server and install software without approval.
> Since
> > security isn't real high here I thought a single log in would be ok.  I
> > thought there was a way to put some entries into httpd.conf that would
> cause
> > the whole server, no matter what page it served up to prompt for a
> password.
> >
> >
> > --
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
> >
> >


This solution was exactly what I needed.  I had tried this before, however I
had not put it in the VirtualHost section.  That did make all of the
difference for me.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to