Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 20 Apr 2001 13:03:49 -0500
From:      "Scot W. Hetzel" <hetzels@westbend.net>
To:        "Apu" <apu@home.spfld.com>, "seti" <seti@geotec.net>
Cc:        <freebsd-isp@FreeBSD.ORG>
Subject:   Re: FrontPage Extensions Authentication
Message-ID:  <015501c0c9c4$44a45fd0$087885c0@GENROCO.com>
References:  <Pine.LNX.4.21.0104201139230.32739-100000@home.spfld.com>

next in thread | previous in thread | raw e-mail | index | archive | help
From: "Apu" <apu@home.spfld.com>
> On Fri, 20 Apr 2001, seti wrote:
>
> > which all went off without a hitch.  However when using the Frontpage
> > 98/2000/XP client to access the FP enabled web, it simply does not ask
me
> > for any username and password, but instead allows me anonymously to
> > edit/publish the webpage, from various workstations.  My workaround has
been
>
> You need to AllowOverride AuthConfig so Apache can process the
> authentication configuration information in the .htaccess files.  (The
> extensions actually ask for AllowOverride All but you can get away with
> giving out less to the individual .htaccess files -- you really need more
> than just AuthConfig but I don't recall exactly.)
>

This is the minimum settings that you need to specify in order for the FP
Exts to function securely on a FP enabled website.

AllowOverride AuthConfig Limit Indexes Options

To increase the security of the FP enabled website, you should restrict from
where a FP Author/Administrator can access the FP enabled website.  These
restrictions can be defined thru the FP Client.

Scot



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?015501c0c9c4$44a45fd0$087885c0>