Robin Hood: Password-protecting web pages
If you’re serving a web site with the Robin Hood web server and want to password-protect specific areas of your site, don’t be confused into thinking that you need the RHDirectoryHandler for this. Instead, you want to implement “Realms.”
There is a small amount of documentation on realms in the RH docs, but you need to read carefully. The key words are “When a resource is requested for which public access has not been granted …”
The trick here is that RH makes what use it can of Be’s multiuser filesystem, even though the OS isn’t yet multiuser. Therefore you can deduce that you need to modify permissions on the directories in question.
To set this up, create a directory on your site called “realmtest”. Then, add a realm line to your
virtual_hosts file, under the server definition (this is important because you can set up multiple servers from the same RH instance) that looks like this:
Realm: name="zero" pattern="realmtest" pattern="*" user="foo" passwd="bar";
This will cause RH to search every URL request for the string “realmtest” (which is the directory name) and prompt for a user/pass if public access has not been granted for that file or directory. To remove public access on the realmtest directory and the files it contains, open a Terminal and type:
cd <site_root> chmod -R a-r realmtest
(the -R flag on chmod tells it to change permissions on the directory and everything in it, recursively).
Restart the server. When someone tries to access a file in the realmest directory, they’ll be prompted for a username and password, which in this case would be user=foo, pwd=bar.
Posted in Applications
(comments are closed).