Kiriwrite Index | User Documentation | Tutorial Documentation | Developer Documentation
4.1 Securing your Kiriwrite installation

This section is about securing your Kiriwrite installation.

4.1.1 HTTP Authentication

HTTP Authentication allows users who only know the correct username and password to access pages that are not available to the public. HTTP Authentication is done by the following if you're using Apache 1.3.x/2.x from a command console:

htpasswd -c .htpasswd username

The -c switch specifies that a password file should be created called .htpasswd (although can be called something else), while username is the username of the login (which can be something else other than username), after pressing enter a password prompt then appears asking for a password to be entered the same twice.

After the .htpasswd file is created, the file should be copied to a location that cannot be accessed from a URI resource (such as outside the htdocs/web documents directory) and then create a .htaccess file (if it doesn't exist) pointing to the password file with the following directives as an example.

AuthUserFile /home/www/website/private/.htpasswd
AuthType Digest
AuthName “Private Area”

The AuthUserFile directive should point to the htpasswd file that was created earlier on. The AuthType directive specifies the authentication type to use and AuthName specifies the name of the area to appear when entering the username and password.

4.1.2 IP Address Filtering

IP Address filtering allows certain IP addresses or hosts to be blocked from access and allowing everyone else access or blocking everyone from access and allowing certain IP addresses or hosts in. Typically when using Kiriwrite, the best method would be the white list method where everyone is blocked from access and only certain IP addresses or hosts can be allowed access.

To setup a white list, open the .htaccess file and insert the following (if it already exists) if you're using Apache 1.3/2.x:

Order Deny, Allow
Deny from all
Allow from 127.0.0.1

This example denies everyone and then only allows 127.0.0.1 (which is the computer the web server is running from which tends to be the machine you're using on a personal installation). Multiple Allow commands can be entered which allows multiple hosts.

More information on using Allow and Deny can be found in the Apache 1.3/2.x Documentation.