Added Kiriwrite Documentation for the language English (British).

[kiriwrite/.git] / Documentation / English (British) / user-chapter4-securing.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">\r
<html>\r
        <head>\r
                <link href="style.css" REL="stylesheet" TYPE="text/css" MEDIA="screen">\r
                <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">\r
                <title>Kiriwrite Documentation - User Documentation - 4.1: Securing your Kiriwrite installation</title>\r
        </head>\r
        <body>\r
                <div class="menubarback">\r
                        <div class="menubar">\r
                                <span class="apptitle">Kiriwrite</span>\r
                                <a href="index.html">Index</a> | <a href="user.html">User \r
Documentation</a> | <a href="tutorial.html">Tutorial Documentation</a> | \r
<a href="developer.html">Developer Documentation</a>\r
                        </div>\r
                </div>\r
                <div class="pageinformation">\r
                        <span class="pagetitle">4.1 Securing your Kiriwrite installation</span><br><br>\r
\r
This section is about securing your Kiriwrite installation.<br><br>\r
\r
<span class="heading">4.1.1 HTTP Authentication</span><br><br>\r
\r
HTTP Authentication allows users who only know the correct username and password to access pages that are not available to the public. HTTP Authentication is done by the following if you're using Apache 1.3.x/2.x from a command console:<br><br>\r
\r
<div class="code">\r
    htpasswd -c .htpasswd username\r
</div>\r
\r
<br>\r
\r
The -c switch specifies that a password file should be created called .htpasswd (although can be called something else), while username is the username of the login (which can be something else other than username), after pressing enter a password prompt then appears asking for a password to be entered the same twice.<br><br>\r
\r
After the .htpasswd file is created, the file should be copied to a location that cannot be accessed from a URI resource (such as outside the htdocs/web documents directory) and then create a .htaccess file (if it doesn't exist) pointing to the password file with the following directives as an example.<br><br>\r
\r
<div class="code">\r
    AuthUserFile /home/www/website/private/.htpasswd<br>\r
    AuthType Digest<br>\r
    AuthName “Private Area”\r
</div>\r
\r
<br>\r
\r
The AuthUserFile directive should point to the htpasswd file that was created earlier on. The AuthType directive specifies the authentication type to use and AuthName specifies the name of the area to appear when entering the username and password.<br><br>\r
\r
<span class="heading">4.1.2 IP Address Filtering</span><br><br>\r
\r
IP Address filtering allows certain IP addresses or hosts to be blocked from access and allowing everyone else access or blocking everyone from access and allowing certain IP addresses or hosts in. Typically when using Kiriwrite, the best method would be the white list method where everyone is blocked from access and only certain IP addresses or hosts can be allowed access.<br><br>\r
\r
To setup a white list, open the .htaccess file and insert the following (if it already exists) if you're using Apache 1.3/2.x:<br><br>\r
\r
<div class="code">\r
    Order Deny, Allow<br>\r
    Deny from all<br>\r
    Allow from 127.0.0.1\r
</div>\r
\r
<br>\r
\r
This example denies everyone and then only allows 127.0.0.1 (which is the computer the web server is running from which tends to be the machine you're using on a personal installation). Multiple Allow commands can be entered which allows multiple hosts.<br><br>\r
\r
More information on using Allow and Deny can be found in the Apache 1.3/2.x Documentation.\r
                </div>\r
        </body>\r
</html>\r