HOWTO: Securing a mySite

General Overview

Access to a mySite can be limited using standard Apache access controls. You'll need to create a symlink to your mySiteMaker's CGI files. Then using htaccess or your Apache's httpd.conf create a <location> or <directory> entry to limit access to the symlinked directory.

Step by Step Instructions

Assuming mySiteMaker is installed in, "/usr/lib/cgi-bin/mySitemaker" and "/var/www/mySiteMaker":

1. Create a symlink from "/usr/lib/cgi-bin/mySiteMaker" to "/usr/lib/cgi-bin/secure-mySiteMaker".

     shell> ln -s /usr/lib/cgi-bin/mySiteMaker /usr/lib/cgi-bin/secure-mySiteMaker
   

2. Edit Apache's httpd.conf file and add a location directive:

     <Location /cgi-bin/secure-mySiteMaker/>
       AuthName "(Secure mySiteMaker Access)"
       AuthType Basic
       AuthUserFile /etc/apache/valid_users
       require valid-user
     </Location>
   

3. Edit the config file for the mySite you wish to secure. The file will be located in "/usr/lib/cgi-bin/mySiteMaker/conf/". Find the "VALID_URI" directive and add the same URI that you used in the <Location> or <Directory> limit in Apache. In this example it would look something like this:

     VALID_URI /cgi-bin/secure-mySiteMaker
   

4. Finally edit the generated HTML document for the secure mySite. Look for lines that call mySiteMaker CGI's and edit them to point to the secure-mySiteMaker symlink.
   "/cgi-bin/mySiteMaker" would become "/cgi-bin/secure-mySiteMaker", in this example.

mySiteMaker will then compare the URI used to call the mySite with the URI listed as the VALID_URI, if they don't match, access is denied. If they do match, Apache's access control limits access.

Please send questions, comments or corrections to mySiteMaker-user mailing list.
Bugs should be filed using the Sourceforge bug tracking system.

Brought to you by the friendly folks at the IT Lab.