Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

browse LAN via Apache intranet - need help with security 1

Status
Not open for further replies.
trayb

trayb

Programmer
Sep 30, 2002
25
0
0
US
I'm trying to set up a small company intranet on an Apache web server and need help figuring out the best way to provide about 60 users with remote access to browse our LAN. We currently use a hosting company as our service provider and the entry point to the intranet will be thru a link on our company web site.

I tried to look up best practice info., etc. on the web and got overwhelmed with the deluge of information regarding this topic - virtual directories, SSL, .htaccess, etc. so I'm hoping someone here can help me sort this out.

What I'm looking for is advice on a the most secure, simple way to authenticate users outside the network to browse, upload, and download from a specific share on our LAN.

1)Could I use basic html authentication for general access, then some Apache-compatible version of SSL for directory browsing only? How much firewall protection am I getting from the ISP?

2)Is it better/safer to somehow "image" the directories in question rather than provide direct access to these locations? (resulting in a maintenance nightmare, I might add)

3)Would some type of intranet VPN access defeat the purpose altogether? Is speed a concern with this option?

4) What IS this the most commonly used way to do this?

Any advice at all would be greatly appreciated. Thanks


 
Sort by date Sort by votes
Hello trayb,

I think that using the .htaccess is the best solution.

.htaccess is actually just a file you place in the folder (pretects both that folder AND the sub-folders). .htaccess describes the folder name and refers to an encrypted password file.

If a user tries to access a file located in that folder (or it's subs) the user will be prompted for a login and password.

It's quite safe, as far as I know. At least, that's how I protect administration folders on the CMS/web projects I've done.

Good luck §;O)


Jakob
 
Upvote 0 Downvote
Hello trayb,

I think that using the .htaccess is the best solution.

.htaccess is actually just a file you place in the folder (protects both that folder AND the sub-folders).

.htaccess describes the protected folder name and refers to an encrypted password file.

If a user tries to access a file located in that folder (or it's subs) the user will be prompted for a login and password.

It's quite safe, as far as I know. At least, that's how I protect administration folders on the CMS/web projects I've done.

Good luck §;O)


Jakob
 
Upvote 0 Downvote
Great, thanks for your reply. This sounds like the most straightforward and secure way to go. Now I just have to figure out how it works....
 
Upvote 0 Downvote
Trayb,

Here's a sample .htaccess file:
Code: 
AuthType Basic

<Limit GET POST>
require valid-user 
</Limit>
AuthUserFile /www/protected/users.txt

Goto
Enter name and password (f.ex.)

User is me
Password is 123456

Put the encrypted text into your users.txt like this:

Important!! Filename is users.txt according to your .htaccess file

Code: 
me:41S9cdT3ZQT8Q

... that's it really! Easy, right §;O)

Note: You may want to consider naming the user/password file something other than users.txt...

Good luck §;O)


Jakob
 
Upvote 0 Downvote
... one more thing:

The .htaccess file MUST be named .htaccess

Even though it seems obvious, windows FAT32 (and maybe also NTFS) won't allow such a file name with only an extension and no &quot;file's first name&quot;. If you're running Apache on a Win OS, then have a look in the ini file to change .htaccess to ht.access (or whatever you prefer).


Jakob
 
Upvote 0 Downvote
Yes I am running Apache on NT4, and you're right - it will not allow me to create a file with only an extension. I just tried it. However, I found some instructions here that say I should create a text file then ftp it over in ASCII mode and rename it on the server.

If I follow this process, would I still need to change any .ini files and if so, which one...win.ini, system.ini, filter.ini? Exactly what entry would need to go in there? This is the part that's somewhat confusing me.

Thanks again for all your help.
 
Upvote 0 Downvote
Thanks siberian. I did some research on your suggestion - Let me know if I'm on the right page .... All I need to do is change the AccessFileName directive in my Apache httpd.conf file to look for a different file extension, for instance:

AccessFileName ht.acl

I'd create the .htaccess file and name it something like ht.acl, and Apache would then search for a file with that extension as a substitute for my &quot;.htaccess&quot; config file, right?

What I'm specifically trying to do is allow intranet users access to browse a local network directory from either inside the LAN or outside via an independent IP connection.

The majority of our site is served by the hosting company, with several pages that link back to an Apache server at the office running a couple of extranet sites.

So if I maintain that same design the hops would go something like this:

corp web pg. -> authentication pg. -> jsp browser pg.
(ISP) (ISP) (Apache)

The JSP code is for a file browser interface providing the user access to the secured network directory (same network as the web server but on a different box).

1)Based on this setup, can the .htaccess file be on a totally different box and if so, will I need to indicate that location somehow in the <Directory> container of the httpd.conf file so Apache knows where to find it?

2)If the .htaccess file is in a directory on a remote server, does it affect local network access to the directory in question, or does it only apply to HTTP requests?

3) Are login credentials required every time an individual subdirectory or file is accessed or just when the top level directory is accessed?

Any direction you can give is much appreciated..
 
Upvote 0 Downvote
1) The .htaccess can be on any of the 3 machines in your example. You are doing a series of proxy requests and any server in the series can enforce authentication

2) .htaccess only applies to HTTP.

3) .htaccess covers itself and all files beneath unless a file beneath is covered by a subsequent .htaccess

And yes, using that directive you can change the name of the htaccess file that apache is looking for. But once again, be sure to add a deny directive for that file, otherwise 3rd parties can directly download it and steal valuable information about..something.
 
Upvote 0 Downvote
You do not need to change the filename for windows, its easy to name a file .htaccess

Open a text file in notepad, click file > save as

Make sure All Files is selected in the dropdown and then use the name .htaccess

Hope this helps

Wullie


The pessimist complains about the wind. The optimist expects it to change.
The leader adjusts the sails. - John Maxwell
 
Upvote 0 Downvote
Well what do you know...it DOES work in Notepad. I was trying in TextPad and didn't seem to get the same result. Thanks for the tip!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Krus1972
  • Locked
  • Question
Rewrite Rule for .htaccess Help
Replies
0
Views
71
Krus1972
Krus1972
AbidingDude
  • Locked
  • Question
Newbie Apache Cache Question
Replies
5
Views
114
AbidingDude
AbidingDude
daniel.warner
  • Locked
  • Question
Desperately need help setting up wildcard certs on Apache/Tomcat
Replies
2
Views
87
daniel.warner
daniel.warner
harro1968
  • Locked
  • Question
Help with ProxyPass
Replies
0
Views
48
harro1968
harro1968
mjj4golf2
  • Locked
  • Question
Help with setting up a media server
Replies
2
Views
83
vacunita
vacunita

Part and Inventory Search

Sponsor

Back
Top