Zero logo

Root folder ssl - Access

Creating a new server certificate for The Uniform Server automatically enables SSL in Apache's configuration file. You can now access your server using either http or https. The Uniform Server has a predefined folder (ssl root folder) that is reserved for https access. By default, this folder is restricted to local access only. The following covers opening up your server for public or intranet access, and optionally restricting access using a name and password.

Note 1: This menu option requires an .htaccess file in the root folder ssl. If this file does not exist, you are given an option to create it.
Note 2: If it does not already exist, a backup htaccess file (.htaccess_back) is created. This allows the original file to be manually restored.

Overview

Apache > Access and Passwords > Folder ssl access and passwords

This menu is split into three sections as follows:

  1. Enter name and password: This section allows you to change the access name and password; the defaults are set to root:root.
  2. Delete defaults.
       ◦ Select the name-password pair root:root (A).
       ◦ Click Delete Selected button (B).
  3. Generally, for a private server, a single name and password are used.
       ◦ Enter name (C).
       ◦ Enter password (D).
       ◦ Click Add to list button (E).
  4. Repeat the above for additional name-password pairs.
  5. Enable or Disable Password: Radio buttons enables or disables the use of a password to access root folder www. Default is disabled.
  6. Apache Server Access: This section allows you to set who can gain access to root folder www. Default is local access only.
  Root www access

Note 1: Server access is controlled using an .htaccess file. This can be directly edited.
Note 2: Apache does not require restarting; all changes take effect immediately.

Background information

There are three ways of restricting access to documents: either by IP address, hostname or by asking for a username and password. The first two are very similar and can be used to restrict access on an intranet. The last option allows users to be restricted on an individual basis using a username and password. This process is commonly referred to as user authentication. The Uniform Server can restrict access using both IP address and user authentication.

Setting up user authentication requires two steps. First, you create a file containing a list of usernames and passwords. Secondly, you specify what resources are to be protected and which users are allowed to access them. Setting up IP address access requires only server configuration. Server configuration uses an .htaccess file located in the folder it is protecting (root folder ssl). This allows configuration to take immediate effect and does not require a server restart.

Creating a password file

A list of users and passwords needs to be created in a file. For security, this file must be located outside the document root. The Uniform Server is pre-configured and uses file: UniServerZ\htpasswd\ssl\.htpasswd

The file contains a list of name and password pairs, each on a single line.
The name and password are separated using a colon.
A password file can consist of a single line.
The default is root:root
Important: default passwords are compromised; always delete them.

 
root:root
mike:fred123
john:xyz45
dave_smith:za123 
mike smith:good1234

Edit or change password

  • Select existing name-password pair to be changed (A).
  • Click Delete Selected button (B) removes old name-password and updates password file.
  • Add new name-password (see below).

Add name/password pair to list

  • Enter new name (C).
  • Enter new password (D).
  • Click Add to List (E). This updates password file.
  Root ssl access

Note: The menu provides a convenient way to enter names and passwords.
You can edit the file UniServerZ\htpasswd\ssl\.htpasswd directly using a text editor.

Enable or disable name password access

Server configuration uses an .htaccess file located in root folder UniServerZ\ssl. It is pre-configured for basic authentication. The default is basic authentication disabled. Four lines (Apache directives) in this configuration file control authentication and are edited as follows:

Enable authentication

  • Click radio button Password enabled (G).
  • Alternatively, edit file UniServerZ\ssl\.htaccess and uncomment (remove #) four lines as shown:
AuthName "Uniform Server - Secure Server Access"
AuthType Basic
AuthUserFile ../../../htpasswd/ssl/.htpasswd
Require valid-user

Disable authentication

  • Click radio button Password disabled (F).
  • Alternatively, edit file UniServerZ\ssl\.htaccess and comment (add #) to four lines as shown:
#AuthName "Uniform Server - Secure Server Access"
#AuthType Basic
#AuthUserFile ../../../htpasswd/ssl/.htpasswd
#Require valid-user
  Root ssl access

Note: The menu provides a convenient way to enable or disable authentication.

Change Access

Server configuration uses an .htaccess file located in root folder UniServerZ\ssl. It is pre-configured to allow local access only. Four lines (Apache directives) control who can access the server. These lines are edited as follows:

Local Access
  • Click radio button Local Access (H).
  • Alternatively, edit file UniServerZ\ssl\.htaccess and uncomment (remove #) four lines as shown:
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
Local and Intranet Access
  • Click radio button Local and Intranet Access (I).
  • Alternatively, edit file UniServerZ\ssl\.htaccess and uncomment (remove #) four lines as shown:
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
Allow from ::1
Local, Intranet and Internet Access
  • Click radio button Local, Intranet and Internet Access (J).
  • Alternatively, edit file UniServerZ\ssl\.htaccess and comment (add #) to four lines as shown:
#Order Deny,Allow
#Deny from all
#Allow from 127.0.0.1
#Allow from ::1
  Root ssl access

Deny from all: No one allowed access
Allow from 127.0.0.1 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8: Access is restricted to locahost and Intranet
Allow from 127.0.0.1: Access is restricted to locahost (127.0.0.1) IPv4
Allow from ::1: Access is restricted to locahost (::1) IPv6

Note: The menu provides a convenient way to change and restrict access.


--oOo--