Difference between revisions of "I share my admin account with other person and I would like to protect some pages or actions in MOR to be available only for me"
From Kolmisoft Wiki
Jump to navigationJump to search
m (Created page with '=About= This is an <u>advanced</u> configuration, most probably your desired setup can be achieved with accountant permissions. ==How to protect some…') |
|||
(10 intermediate revisions by the same user not shown) | |||
Line 6: | Line 6: | ||
For this example we will setup Apache to not allow '''Calling Cards Batch management''' and to do a '''manual payment for card''' without an additional password. For these actions are used these addresses in MOR: | For this example we will setup Apache to not allow '''Calling Cards Batch management''' and to do a '''manual payment for card''' without an additional password. For these actions are used these addresses in MOR: | ||
http://YOUR_IP/billing/cards/act?cg=3 | |||
and | |||
http://YOUR_IP/billing/cards/card_pay/22?cg=3 | |||
1. Create an Apache password file: | |||
htpasswd -c -b -m /home/mor/custome_areas_htpasswd admin your_password | |||
2. Open Apache configuration: | |||
cd /etc/httpd/conf/ | |||
mcedit httpd.conf | |||
and edit to look like this: | |||
RewriteCond %{REQUEST_URI} !^/billing/public | |||
RewriteRule ^/billing(/.*)?$ /billing/public | |||
<Directory /var/www/billing/public/> | |||
Options ExecCGI FollowSymLinks | |||
AllowOverride All | |||
Allow from all | |||
Order allow,deny | |||
</Directory> | |||
<Directory /var/www/html/stats/> | |||
AddHandler cgi-script .pl | |||
Options +ExecCGI | |||
DirectoryIndex index.pl | |||
</Directory> | |||
<Location "/billing/cards/act"> | |||
AuthType Basic | |||
AuthName "MOR" | |||
AuthUserFile /home/mor/custome_areas_htpasswd | |||
Require valid-user | |||
</Location> | |||
<Location "/billing/cards/card_pay"> | |||
AuthType Basic | |||
AuthName "MOR" | |||
AuthUserFile /home/mor/custome_areas_htpasswd | |||
Require valid-user | |||
</Location> |
Latest revision as of 08:29, 17 August 2011
About
This is an advanced configuration, most probably your desired setup can be achieved with accountant permissions.
How to protect some page/actions using simple Apache password?
For this example we will setup Apache to not allow Calling Cards Batch management and to do a manual payment for card without an additional password. For these actions are used these addresses in MOR:
http://YOUR_IP/billing/cards/act?cg=3
and
http://YOUR_IP/billing/cards/card_pay/22?cg=3
1. Create an Apache password file:
htpasswd -c -b -m /home/mor/custome_areas_htpasswd admin your_password
2. Open Apache configuration:
cd /etc/httpd/conf/ mcedit httpd.conf
and edit to look like this:
RewriteCond %{REQUEST_URI} !^/billing/public RewriteRule ^/billing(/.*)?$ /billing/public <Directory /var/www/billing/public/> Options ExecCGI FollowSymLinks AllowOverride All Allow from all Order allow,deny </Directory> <Directory /var/www/html/stats/> AddHandler cgi-script .pl Options +ExecCGI DirectoryIndex index.pl </Directory> <Location "/billing/cards/act"> AuthType Basic AuthName "MOR" AuthUserFile /home/mor/custome_areas_htpasswd Require valid-user </Location> <Location "/billing/cards/card_pay"> AuthType Basic AuthName "MOR" AuthUserFile /home/mor/custome_areas_htpasswd Require valid-user </Location>