function beforeFilter ()
.htaccess don't allow Location or Direcotry sections so Apache will throw an internal server error.
I was wondering about that. If you follow the link to the thread the guy who suggested the solution implies it's possible.
Just a small caveat to the use of:
htpasswd -c /my/passwd/file bob
Be careful with the -c flag, I use this feature so rarely that I often have to check an online resource (from my server co's site) for accuracy.
The -c flag creates a new password file, so if you're adding an additional user to the file omit the flag, or at least make sure you add all the users you want in the new file.
htpasswd -c /my/passwd/file user user1 user2
My own server does not warn me that the -c flag will obliterate the old version of the file.
hi it works from the .conf file - but there is another option to do with the Auth class and Security in Cake 1.2 (Basic HTTP Authentication)
it uses the beforeFilter as stated above, in your app_controller
Hmm. I have been trying to get this to work with a <VirtualHost> set site, by putting the <Location "/admin"> within in the <VirtualHost> directive, but it gives me a 401.shtml page on going to any /admin/ pages and this is a HTTP Auth error.
I wonder if it is a permissions error with the way I made the htpasswd file? doesn anyone know more about Apache, VirtualHosts and Location ?
(…) it gives me a 401.shtml page on going to any /admin/ (…)
Make sure the path to the htpasswd file is correct and that it has appropriate access rights.
FYI, you can use this similar action on IIS as well with the ISAPI_Rewrite module installed and dropping it into httpd.ini
"Make sure the path to the htpasswd file is correct and that it has appropriate access rights."
Paul - thanks for your reply: what access rights would I set for the htpasswd file in a virtualhosts set up though? You mean allow Apache access right - so would the group having read access be correct? I am evidently not very expereinced with permissions on unix :(
I found an easy way to enabling a security check for the whole admin-route solely based on a htaccess-file.
You just have to create a folder named 'admin' (or what ever your admin-route is called) and put a file named .htaccess in there without any location or directory enclosement.
AuthName "secured area"
Since CakePHP always checks for existing files before envoking the url-rewrite the admin folder will be found and the htaccess will be executed. After being authenticated CakePHP finds out that the "file" is not present in the folder admin and envokes the url-rewriting as normal.
AuthName "secured area"
Did I miss something or does this work for everyone who just wants to enable a very simple security?
Hi. My name is Jonathan Snook and this is my site. I write about what interests me, which is usually web design, development, and technology. I'm also in the middle of a food adventure and I like whisky.
I wrote SMACSS. I tweet. Want to learn more?
© Jonathan Snook