Protect some page with password
From Kolmisoft Wiki
Jump to navigationJump to search
About
This is an advanced configuration, most probably your desired setup can be achieved with accountant permissions.
How to protect some page/actions using simple Apache password?
For this example we will setup Apache to not allow Calling Cards Batch management and to do a manual payment for card without an additional password. For these actions are used these addresses in MOR:
http://YOUR_IP/billing/cards/act?cg=3
and
http://YOUR_IP/billing/cards/card_pay/22?cg=3
1. Create an Apache password file:
htpasswd -c -b -m /home/mor/custom_area_htpasswd admin your_password
2. Open Apache configuration:
cd /etc/httpd/conf/ mcedit httpd.conf
and edit to look like this:
RewriteCond %{REQUEST_URI} !^/billing/public RewriteRule ^/billing(/.*)?$ /billing/public <Directory /var/www/billing/public/> Options ExecCGI FollowSymLinks AllowOverride All Allow from all Order allow,deny </Directory> <Directory /var/www/html/stats/> AddHandler cgi-script .pl Options +ExecCGI DirectoryIndex index.pl </Directory> <Location "/billing/cards/act"> AuthType Basic AuthName "MOR" AuthUserFile /home/mor/custom_area_htpasswd Require valid-user </Location> <Location "/billing/cards/card_pay"> AuthType Basic AuthName "MOR" AuthUserFile /home/mor/custom_area_htpasswd Require valid-user </Location>
Additional notes
- Using this technique it is possible to setup multiple users with different permissions - if permissions for users are different you just have to create new "Locations" with different paths to AuthUserFile