I share my admin account with other person and I would like to protect some pages or actions in MOR to be available only for me

From Kolmisoft Wiki
Jump to navigationJump to search

About

This is an advanced configuration, most probably your desired setup can be achieved with accountant permissions.


How to protect some page/actions using simple Apache password?

For this example we will setup Apache to not allow Calling Cards Batch management and to do a manual payment for card without an additional password. For these actions are used these addresses in MOR: 


http://YOUR_IP/billing/cards/act?cg=3

and 

http://YOUR_IP/billing/cards/card_pay/22?cg=3

1. Create an Apache password file: 

htpasswd -c -b -m /home/mor/custome_areas_htpasswd admin your_password

2. Open Apache configuration: 

cd /etc/httpd/conf/
mcedit httpd.conf

and edit to look like this:

RewriteCond %{REQUEST_URI} !^/billing/public
RewriteRule ^/billing(/.*)?$   /billing/public
<Directory /var/www/billing/public/>
 Options ExecCGI FollowSymLinks
 AllowOverride All
 Allow from all
 Order allow,deny 
</Directory>
<Directory /var/www/html/stats/>
 AddHandler cgi-script .pl
 Options +ExecCGI
 DirectoryIndex index.pl
</Directory>

<Location "/billing/cards/act">
 AuthType Basic
 AuthName "MOR"
 AuthUserFile /home/mor/custome_areas_htpasswd
 Require valid-user
</Location>

<Location "/billing/cards/card_pay">
 AuthType Basic
 AuthName "MOR"
 AuthUserFile /home/mor/custome_areas_htpasswd
 Require valid-user
</Location>
Retrieved from "https://wiki.kolmisoft.com/index.php?title=I_share_my_admin_account_with_other_person_and_I_would_like_to_protect_some_pages_or_actions_in_MOR_to_be_available_only_for_me&oldid=10533"