HowTo implement website access security for internal/external users
e-smith release:  4.1.x
Author:  Darrell May

Problem:  You want to restrict access to your website (or even individual website subdirectories) by forcing an SSL connection and requiring  username/password authentication for internal and external users.

Solution:  Customize /etc/httpd/conf/httpd.conf and implement an encrypted password access file using the htpasswd command.

STEP 1:  Create a custom entry for the /etc/httpd/conf/httpd.conf file.

This requires creating a /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf fragment that meets your needs.  So in this example I have created an ibay named test and wish to restrict access to two users.  You need to create the template fragment, expand the template, restart httpd and then create the AuthUserFile.

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
pico /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/86TestSecurity

Copy and paste the section below and save the file.  What we are doing is forcing SSL by using the RequireSSL directive and forcing authorization via the Auth* directives.

# ------------------
# test ibay security
# ------------------
<Directory /home/e-smith/files/ibays/test/html>
RequireSSL on
Options -Indexes
AllowOverride None
order deny,allow
deny from all
allow from all
AuthName "Secure Access Only"
AuthType Basic
AuthUserFile /etc/httpd/conf/htpasswd.test
Require valid-user
AddType application/x-httpd-php .php .php3
php_flag magic_quotes_gpc on
php_flag track_vars on
# ----------------

Step 2:  Expand the template and restart the httpd service

sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
/etc/rc.d/init.d/httpd-e-smith restart

Step 3:  Create the AuthUserFile using the htpasswd command

The first line uses the -c option which creates the file.  The -b option is to inform the command the user password will be included in the command line.  Subsequent commands must not use -c or the file will be overwritten as opposed to be updated.

/usr/bin/htpasswd -cb /etc/httpd/conf/htpasswd.test user1 password1
/usr/bin/htpasswd -b /etc/httpd/conf/htpasswd.test user2 password2

NOTE:  the username/passwords do NOT have to be valid e-smith users.  You may enter any username/password combination, including internal and external users.

To view the results simply look at the file your created.  It includes the usernames entered and their encrypted passwords.

cat /etc/httpd/conf/htpasswd.test

Step 4:  Give it a try.

Browsing to should bring up a login dialog.  Enter one of the username/passwords entered above and you should gain access to the web page.