It seems to me that I have a fundamental misunderstanding of how "mod_auth_form" should work. I link to this Apache documentation page:
http://httpd.apache.org/docs/current/mod/mod_auth_form.html
I have a public folder and a private folder
I want to make the folder locked. Users will need to log in with their username and password to see the index.php page of my secure folder.
Here is my virtual host setup:
<VirtualHost *:80> ServerName customform.uwe DocumentRoot "/home/uwe/www/protected_custom_form" DirectoryIndex index.php ErrorLog /var/log/apache2/protected_custom_form.error.log CustomLog /var/log/apache2/protected_custom_form.access.log combined <Directory "/home/uwe/www/protected_custom_form"> AllowOverride All Allow from All </Directory> <Directory "/home/uwe/www/protected_custom_form/secret/"> </Directory> <Location /dologin> SetHandler form-login-handler AuthFormLoginRequiredLocation http://customform.uwe/login.html AuthFormProvider file AuthUserFile /home/uwe/www/conf/passwd AuthType form AuthName realm Session On SessionCookieName session path=/ SessionCryptoPassphrase secret </Location> </VirtualHost>
Here is my login form, located in the shared folder of my virtual server:
<form method="POST" action="/dologin"> Username: <input type="text" name="httpd_username" value="" /> Password: <input type="password" name="httpd_password" value="" /> <input type="submit" name="login" value="Login" /> <input type="hidden" name="httpd_location" value="http://customform.uwe/secret/index.php" /> </form>
Ok that's what happens
- switching to "customform.uwe" works fine -> I see my index page for this folder displayed
- go to 'customform.uwe / login.html' β I see that my login form is suitable and I can log in and redirected to my "index" page of my secret "folder"
- go to "customform.uwe / secret / index.php" show me my pagge index is signed or not.
Here is my question:
- How to protect my secret folder so that an unsigned user is redirected to the login form.
- Is this the right approach?
I really hit my head against the wall at the moment, so thank you very much for your help.
Ok, I think this is sorted right now. I must have been a little embarrassed :-)
The idea that I followed includes two things:
- Provide login feature
- If the user goes to the page where he / she needs authentication - and he / she does not redirect the user to the login page
To do this, I needed to edit two files:
- My virtual host
- My login file
These are virtual hosts:
<VirtualHost *:80> ServerName customform.uwe DocumentRoot "/home/uwe/www/protected_custom_form" DirectoryIndex index.php ErrorLog /var/log/apache2/protected_custom_form.error.log CustomLog /var/log/apache2/protected_custom_form.access.log combined
This is the html login form. The change here is that the form action handler now points to my location as I defined above
<form method="POST" action="/dologin"> Username: <input type="text" name="httpd_username" value="" /> Password: <input type="password" name="httpd_password" value="" /> <input type="submit" name="login" value="Login" /> <input type="hidden" name="httpd_location" value="/secret/secretindex.php" /> </form>
This seems to work, everything was (more or less) in the Apache documentation, but I got confused as there isnβt a complete example of them