Re: [Trac] Protect Trac
On 7/11/06, Matthew Good [EMAIL PROTECTED] wrote: Yes, when you configure the authentication in Apache use a Location block that covers the whole Trac site, not just the login URL. So, instead of: Location /projects/login # auth setup Require valid-user /Location Use: Location /projects # auth setup Require valid-user /Location FYI, this will cause problems for IE users. IE users (ick) won't be able to access the search or wiki queries. The get a 'page cannot be found' error and apache logs: [Wed Jul 12 14:09:22 2006] [error] [client blah] Digest: uri mismatch - /trac/search does not match request-uri /trac/search?q=blahticket=onchangeset=onwiki=on, referer: http://blahsvn/trac/search With the auth on /trac/login, search works just fine with IE, but with it on /trac it won't. It turns out this some sort of IE RFC compliance issue, adding: BrowserMatch MSIE* AuthDigestEnableQueryStringHack=On To my apache httpd.conf seems to have fixed the problem for me. --Clem ___ Trac mailing list Trac@lists.edgewall.com http://lists.edgewall.com/mailman/listinfo/trac
[Trac] Protect Trac
I was wondering if there is a way to protect Trac. In other words, I don't want the outside world seeing Trac unless they can login (that includes the main page). I want only authenticated users to be allowed to view and edit the site. Is this possible? As of now, I am using Trac with mod_python. I saw that thee is a login area, but I want to secure the whole thing. Thx! ___ Trac mailing list Trac@lists.edgewall.com http://lists.edgewall.com/mailman/listinfo/trac
Re: [Trac] Protect Trac
Hi, You can restrict anonymous user to only access the options that you want.. I think, other option, If you are behind some firewall is to filter the access to the port that is used by Trac. Esteban On 7/11/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I was wondering if there is a way to protect Trac. In other words, I don't want the outside world seeing Trac unless they can login (that includes the main page). I want only authenticated users to be allowed to view and edit the site. Is this possible? As of now, I am using Trac with mod_python. I saw that thee is a login area, but I want to secure the whole thing. Thx! ___ Trac mailing list Trac@lists.edgewall.com http://lists.edgewall.com/mailman/listinfo/trac -- -- Esteban Pizzini (http://mod-apache-snmp.sourceforge.net) ___ Trac mailing list Trac@lists.edgewall.com http://lists.edgewall.com/mailman/listinfo/trac
Re: [Trac] Protect Trac
You can apply the authentication rule to the whole project, ie. change the Location directive to include the project top dir: Location /trac/project AuthType Basic .../... Order deny,allow Allow from all /Location # /trac instead of Location /trac/project/login AuthType Basic .../... Order deny,allow Allow from all /Location # /trac On 7/11/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I was wondering if there is a way to protect Trac. In other words, I don't want the outside world seeing Trac unless they can login (that includes the main page). I want only authenticated users to be allowed to view and edit the site. Is this possible? As of now, I am using Trac with mod_python. I saw that thee is a login area, but I want to secure the whole thing. Thx! ___ Trac mailing list Trac@lists.edgewall.com http://lists.edgewall.com/mailman/listinfo/trac -- Manu ___ Trac mailing list Trac@lists.edgewall.com http://lists.edgewall.com/mailman/listinfo/trac
Re: [Trac] Protect Trac
On Tue, 2006-07-11 at 10:39 -0400, [EMAIL PROTECTED] wrote: I was wondering if there is a way to protect Trac. In other words, I don't want the outside world seeing Trac unless they can login (that includes the main page). I want only authenticated users to be allowed to view and edit the site. Is this possible? As of now, I am using Trac with mod_python. I saw that thee is a login area, but I want to secure the whole thing. Yes, when you configure the authentication in Apache use a Location block that covers the whole Trac site, not just the login URL. So, instead of: Location /projects/login # auth setup Require valid-user /Location Use: Location /projects # auth setup Require valid-user /Location -- Matthew Good [EMAIL PROTECTED] ___ Trac mailing list Trac@lists.edgewall.com http://lists.edgewall.com/mailman/listinfo/trac
Re: [Trac] Protect Trac
On 7/11/06, Matthew Good [EMAIL PROTECTED] wrote: Yes, when you configure the authentication in Apache use a Location block that covers the whole Trac site, not just the login URL. ... Location /projects # auth setup Require valid-user /Location I've been doing the same thing for a while, but it seems to have an annoying side effect that the logout button stops working and you can't logout. Any ideas how to get login to work with this configuration? --Clem ___ Trac mailing list Trac@lists.edgewall.com http://lists.edgewall.com/mailman/listinfo/trac
Re: [Trac] Protect Trac
On Tue, 2006-07-11 at 14:46 -0400, Clem Taylor wrote: On 7/11/06, Matthew Good [EMAIL PROTECTED] wrote: Yes, when you configure the authentication in Apache use a Location block that covers the whole Trac site, not just the login URL. ... Location /projects # auth setup Require valid-user /Location I've been doing the same thing for a while, but it seems to have an annoying side effect that the logout button stops working and you can't logout. Any ideas how to get login to work with this configuration? Logout doesn't really work properly with HTTP authentication in general. See ticket #791 for more discussion: http://trac.edgewall.org/ticket/791 -- Matthew Good [EMAIL PROTECTED] ___ Trac mailing list Trac@lists.edgewall.com http://lists.edgewall.com/mailman/listinfo/trac
Re: [Trac] Protect Trac
You will have to look into alternate login modules. The logout functionality is somewhat hampered by the fact that all modern browsers cache HTTP credentials for as long as the program is running. --Noah Clem Taylor wrote: On 7/11/06, Matthew Good [EMAIL PROTECTED] wrote: Yes, when you configure the authentication in Apache use a Location block that covers the whole Trac site, not just the login URL. ... Location /projects # auth setup Require valid-user /Location I've been doing the same thing for a while, but it seems to have an annoying side effect that the logout button stops working and you can't logout. Any ideas how to get login to work with this configuration? --Clem ___ Trac mailing list Trac@lists.edgewall.com http://lists.edgewall.com/mailman/listinfo/trac ___ Trac mailing list Trac@lists.edgewall.com http://lists.edgewall.com/mailman/listinfo/trac
Re: Re: [Trac] Protect Trac
I've been doing the same thing for a while, but it seems to have an annoying side effect that the logout button stops working and you can't logout. Any ideas how to get login to work with this configuration? This is due to HTTP authentication, not to the path of the 'authenticated' area. You need to either use an alternate module for authentication, or use your browser feature to clear your credentials (some browsers support this feature natively, some others need an extension, ) if you want to log out. Cheers, Manu -- Manu ___ Trac mailing list Trac@lists.edgewall.com http://lists.edgewall.com/mailman/listinfo/trac