Instiki
Authorization Page

=[EXTRACT]Simple Authentication and Authorization Using Apache

This is a solution I came up while using Apache 2 to proxy requests to Instiki:


<Virtualhost *:80>
        ServerName wiki.foo.bar

        ProxyRequests Off
        <Proxy *>
                Order Allow,Deny
                Allow from all
        </Proxy>

        <Location "/">
                AuthName "My Secure Wiki" 
                AuthType Basic
                Require valid-user
                AuthUserFile /home/wikiowner/instiki/wiki-aut-users
                ProxyPass 
                ProxyPassReverse 
        </Location>
</Virtualhost>

This is similar to the setup explained in.

I moved theProxy Pass? and Proxy Pass Reverse? directives into a Location directive, and included some additional configuration to enable authentication:

  • Auth Name: This is the text that the browser will show up in the challenge box.
  • Auth Type?: Can be Basic or Digest. I’m using the Basic scheme, which sends clear text passwords.
  • Require : This configuration allows any valid user to access the Location.
  • Auth User File?: The file path of the user/password database. This file is generated using the utility and only works for Basic authentication. The user/password database should be located in a non-browsable directory.

Remember that with Basic authentication the passwords are send in clear text between the browser and the server. You should consider using SSL to protect them.