Protect some page with password

From Kolmisoft Wiki
Jump to navigationJump to search

About

This is an advanced configuration, most probably your desired setup can be achieved with accountant permissions.


How to protect some page/actions using simple Apache password?

For this example we will setup Apache to not allow Calling Cards Batch management and to do a manual payment for card without an additional password. For these actions are used these addresses in MOR:


http://YOUR_IP/billing/cards/act?cg=3

and

http://YOUR_IP/billing/cards/card_pay/22?cg=3

1. Create an Apache password file:

htpasswd -c -b -m /home/mor/custom_area_htpasswd admin your_password

2. Open Apache configuration:

cd /etc/httpd/conf/
mcedit httpd.conf
and edit to look like this:
RewriteCond %{REQUEST_URI} !^/billing/public
RewriteRule ^/billing(/.*)?$   /billing/public
<Directory /var/www/billing/public/>
 Options ExecCGI FollowSymLinks
 AllowOverride All
 Allow from all
 Order allow,deny 
</Directory>
<Directory /var/www/html/stats/>
 AddHandler cgi-script .pl
 Options +ExecCGI
 DirectoryIndex index.pl
</Directory>

<Location "/billing/cards/act">
 AuthType Basic
 AuthName "MOR"
 AuthUserFile /home/mor/custom_area_htpasswd
 Require valid-user
</Location>

<Location "/billing/cards/card_pay">
 AuthType Basic
 AuthName "MOR"
 AuthUserFile /home/mor/custom_area_htpasswd
 Require valid-user
</Location>