Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Very confused about this whole HTTP Auth deal
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm)
Author Message
justjayse
New Member
New Member



Joined: Dec 31, 2005
Posts: 22
PostPosted: Tue Jan 10, 2006 7:05 pm Reply with quote
Ok i've gotten to the point where i've read so many posts about this and been to way more sites than i needed to where i'm simply confused about all of this. I am very much a nuke newbie, and i currently have the .htaccess file on my server, and all thats in there is well, nothing lol. I hit enter, then space and hit save and uploaded it to the server, and CHMOD it to 666.

I logged into Sentinel admin, and then Admin Auth List, and i enter in the password i use to login and hit save. Now in the Sentinel main config, i have
Admin Auth - Off *in the dropdown all that it lists is the CGI*
htacesss - /home/content/j/l/e/jlesko/html/.htaccess
staccess Path: Nothing in the box
CGIAuth Setup

Now with that being said, just what exactly do i need to be doing to run this deal because i thought i had it before, with the sample .htaccess and that didn't work either, so i was reading and thought it was supposed to be blank with an empty line at the end. i'm so confused about all of this now i just really don't know what to do lol.

Do i need to use .staccess as well? As i had that done before and i got no errors, but never recieved the pop-up boxes. Thanks for the help again an d in case you ask, i'm running apache, and i just installed the update for Sentinel the 2.4.2lp or whatever it is.
 
View user's profile Send private message
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088
PostPosted: Tue Jan 10, 2006 9:50 pm Reply with quote
I have taken this from my RavenNuke76 v2.02.00 HowToInstall guide. I hope this helps.

Raven wrote:

There are 2 basic ways that PHP can be integrated into Apache. One is as an Apache module and the other is as a CGI program. If your host is running PHP as an Apache module, then you have the capability of using HTTP Authentication as a function of the browser and you do not even need .htaccess/.staccess. If, however, your host is running PHP as a CGI program, then we have to use the same HTTP Authentication but with a .htaccess and .staccess (a password file). As an Apache module you have more flexibility than as a CGI. There are pro's and con's to each but I will only address the impact as it relates to NukeSentinel(tm). The reason we introduced this scheme is to protect your admin.php file from being so easily cracked. It provides an extra layer of security to gain access to the standard phpnuke Admin Control Panel (ACP). There are other safe-guards built into NukeSentinel(tm) that protects admin.php, but this is a very nice and secure caveat.

Should you find yourself in the smaller group of users that require CGI Auth (as we call it), the following procedure will need to be done to use and activate CGI Auth (HTTP Authentication using .htaccess and .staccess).

* Change your permissions on both .htaccess and .staccess to 777
* Place the paths to .htaccess and .staccess in the NukeSentinel(tm) Admin Control Panel
* Select CGI Auth Access from the drop down box
* From the NukeSentinel Admin Control Panel, select Scan For New Admins
* Now select Admin Auth List and make sure that all admins have been assigned passwords
* Now, you should see a link that says Build CGIAuth file: -- Click it. That will build your .staccess id:pass file.
* Now back in the main NS ACP, in the .staccess box, you will see a link that says CGI Auth Setup -- click it. It should produce a new window with the following information:
Save this in .htaccess :

# -------------------------------------------
# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
<Files .staccess>
deny from all
</Files>

<Files admin.php>
<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Restricted by NukeSentinel(tm)"
AuthType Basic
AuthUserFile /home/USERNAME/public_html/.staccess
</Files>
# -------------------------------------------
# End of NukeSentinel(tm) admin.php Auth
# -------------------------------------------



USERNAME will be your username and the path may be different

* Copy and paste that into your .htaccess file

* Save your new NukeSentinel(tm) configuration

That is the procedure. It sounds more complicated than what it is and I took the long way around hoping you'd understand it more clearly.
 
View user's profile Send private message
justjayse
PostPosted: Wed Jan 11, 2006 1:13 pm Reply with quote
How would i check if HTTP Auth is enabled? just talk to me provider?
 
Raven
PostPosted: Wed Jan 11, 2006 3:13 pm Reply with quote
When you try to login to admin.php you will be presented with a popup requesting a username and password. Once accepted you will then see the normal nuke admin login panel.
 
justjayse
PostPosted: Sat Jan 14, 2006 11:44 am Reply with quote
Ok, three quick questions.
When i first upload my .htaccess and .staccess files, should they be blank since i'm later telling it to be built?
Secondly, when i put the new info into the .htaccess file, do i keep it cmodded to 777? or i do switch it to something else?
Finally, do i need to logout for this pop-up window to show up or no?
 
Raven
PostPosted: Sat Jan 14, 2006 1:40 pm Reply with quote
Load them up as is. You will later update .htaccess. You need to keep it 777 if you are having NukeSentinel(tm) write IP blocks to it.
 
justjayse
PostPosted: Sat Jan 14, 2006 3:52 pm Reply with quote
ok i've done it step by step, but it never does a pop-up. But when i try to access the admin.php while logged in as my normal user, it blocked me lol. But, when i'm not logged in, it doesn't block me, nor does it give a pop-up.
 
Raven
PostPosted: Sat Jan 14, 2006 4:07 pm Reply with quote
Then your path to .staccess is either not set in .htaccess or in NukeSentinel(tm) admin.
 
justjayse
PostPosted: Sat Jan 14, 2006 6:25 pm Reply with quote
here is the cotents of my .htaccess file
Code:



# -------------------------------------------


# Start of NukeSentinel(tm) admin.php Auth


# -------------------------------------------


<Files .staccess>


deny from all


</Files>





<Files admin.php>


<Limit GET POST PUT>


require valid-user


</Limit>


AuthName "Restricted by NukeSentinel(tm)"


AuthType Basic


AuthUserFile /home/content/j/l/e/jlesko/html/.staccess


</Files>


# -------------------------------------------


# End of NukeSentinel(tm) admin.php Auth


# -------------------------------------------


here is a link of a pic i took that shows me settings
http://img.photobucket.com/albums/v311/misterjayse/settings.jpg

as you can see, the path to my .staccess file is the same as the one in my .htaccess Sad
 
Raven
PostPosted: Sat Jan 14, 2006 7:14 pm Reply with quote
Try changing the path of your .htaccess to just .htaccess. If that still doesn't work, try also changing the path to .staccess to just .staccess in the admin panel only, not in .htaccess.
 
justjayse
PostPosted: Sat Jan 14, 2006 8:09 pm Reply with quote
ok did both of that, still doesn't work Sad do you want my info so you can take a look?
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm)


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©