This module provides per-directory runtime configurable user-authentication. Each directory in the path to the requested asset is searched for an access-file (default .htaccess), that restricts the webservers rights to respond to a request. If an access-file is found the rules in that file is applied to the request.
The rules in an access-file applies both to files in the same directories and in subdirectories. If there exists more than one access-file in the path to an asset, the rules in the access-file nearest the requested asset will be applied.
If many users have web pages on the webserver and every user needs to manage the security issues alone, use this module.
To change the rules that restricts the use of an asset. The user only needs to have write access to the directory where the asset exists.
When a request comes, the path to the requested asset is searched for access-files with the name specified by the AccessFileName parameter, default .htaccess. When such a file is found it is parsed and the restrictions in the file is applied to the request. This means that a user do not need to have access to the webservers configuration-file to limit the access to an asset. Furthermore the user can change the rules and the changes will be applied immediately.
All the access-files in the path to a requested asset is read once per request, this means that the load on the server will increase when this module is used.
The following configuration directives are supported
Syntax: AccessFileName
FileName1 FileName2
Default: .htaccess
Module: mod_htaccess(3)
AccessFileName
Specify which filenames that are used for
access-files. When a request comes every directory in the path to the
requested asset will be searched after files with the names
specified by this parameter. If such a file is found the file will
be parsed and the restrictions specified in it will be applied to
the request.
In every directory under the DocumentRoot
or under an Alias
a user can place an access-file. An access-file is a plain text file
that specify the restrictions that shall be considered before the
webserver answer to a request. If there are more than one
access-file in the path to the requested asset, the directives in the
access-file in the directory nearest the asset will be used.
Syntax: Allow
from subnet subnet|from all
Default: from all
Module: mod_htaccess(3)
Context: <Limit>
Related: mod_auth(3),
See the allow directive in the documentation of mod_auth(3) for more information.
Syntax: AllowOverRide
all | none | Directives
Default: - None -
Module: mod_htaccess(3)
AllowOverRide
Specify which parameters that not
access-files in subdirectories are allowed to alter the value
for. If the parameter is set to none no more
access-files will be parsed.
If only one access-file exists setting this parameter to none can lessen the burden on the server since the server will stop looking for access-files.
Syntax: AuthGroupFile
Filename
Default: - None -
Module: mod_htaccess(3)
Related: mod_auth(3),
AuthGroupFile indicates which file that contains the list of groups. Filename must contain the absolute path to the file. The format of the file is one group per row and every row contains the name of the group and the members of the group separated by a space, for example:
GroupName: Member1 Member2 .... MemberN
Syntax: AuthName
auth-domain
Default: - None -
Module: mod_htaccess(3)
Related: mod_auth(3),
See the AuthName directive in the documentation of mod_auth(3) for more information.
Syntax: AuthType
Basic
Default: Basic
Module: mod_htaccess(3)
AuthType
Specify which authentication scheme that shall be used. Today only
Basic Authenticating using UUEncoding of the password and user ID is
implemented.
Syntax: AuthUserFile
Filename
Default: - None -
Module: mod_htaccess(3)
Related: mod_auth(3),
AuthUserFile
indicate which file that contains the list of users.
Filename must contain the absolute path to the file. The users
name and password are not encrypted so do not place the file with
users in a directory that is accessible via the webserver. The
format of the file is one user per row and every row contains
User Name and Password separated by a colon, for example:
UserName:Password UserName:Password
Syntax: deny
from subnet subnet|from all
Default: from all
Module: mod_htaccess(3)
Context: <Limit>
Related: mod_auth(3),
See the deny directive in the documentation of mod_auth(3) for more information.
Syntax: <Limit
RequestMethods>
Default: - None -
Module: mod_auth(3)
Related:
order,
allow,
deny,
require
<Limit>
and </Limit> are used to
enclose a group of directives which applies only to requests using
the specified methods. If no request method is specified all request
methods are verified against the restrictions.
<Limit POST GET HEAD> order allow deny require group group1 allow from 123.145.244.5 </Limit>
Syntax: order
allow deny | deny allow
Default: allow deny
Module: mod_htaccess(3)
Context: order
Related:
allow,
deny
order
, defines if the deny or allow control shall be
preformed first.
If the order is set to allow deny, then first the users network address is controlled to be in the allow subset. If the users network address is not in the allowed subset he will be denied to get the asset. If the network-address is in the allowed subset then a second control will be preformed, that the users network address is not in the subset of network addresses that shall be denied as specified by the deny parameter.
If the order is set to deny allow then only users from networks specified to be in the allowed subset will succeed to request assets in the limited area.
Syntax: require
group group1 group2...|user user1 user2...
Default: - None -
Context: <Limit>
Module: mod_htaccess(3)
Related: mod_auth(3),
See the require directive in the documentation of mod_auth(3) for more information.
If a directory is limited both by mod_auth and mod_htaccess the user must be allowed to request the asset for both of the modules.
Uses the following EWSAPI interaction data, if available:
{real_name, {Path, AfterPath}}
Exports the following EWSAPI interaction data, if possible:
{remote_user_name, User}
Uses the following exported EWSAPI functions: