Changes

Jump to navigation Jump to search

Old:4.0-Mona: Security & passwords

130 bytes removed, 20:33, 7 June 2011
Punctuation and grammatical changes; some clarification.
'''Security and passwords'''
New users may find Uniform Server’s security features a little bewildering this . This page attempts to explain their use and when passwords are required.
'''''[[#top | Top]]'''''
== Default installation ==
After extracting Uniform Server 4.0-Mona it’s ready to run and very secure. Apache and MySQL servers are locked down allowing only local access. No external access is allowed from either Intranet or Internet hence while , so even though you are connected to these you can safely develop a web site.
Uniform Server 4.0-Mona achieves this lock down through the use of '''.htaccess''' files placed in each folder that is protected. The file also '''protects''' any '''sub-folders''' in that folder.
Each of these folders contains an .htaccess file:
\UniServer\udrive\ssl – Server secure web-root (your secure web site)
</pre>
Open either of the .htacces htaccess files and you will find these three lines
<pre>
Order Deny,Allow
The second line denies access to every one (all)
The third line is very specific and allows access from IP address 127.0.0.1 this . This is the IP address of the local machine. Hence Apache is locked down allowing access only localhost accessfrom this IP. (IP address 127.0.0.1 is also referred to as the local loop back loopback address).
'''''[[#top | Top]]'''''
== Allowing external access ==
To put your servers on-line you need to allow external access this is . This can be achieved by commenting (adding a hash “#” to the beginning of each line) the three lines as shown below:
<pre>
#Order Deny,Allow
Alternatively you could delete the three lines.
With the lines commented out, everyone connected to the Internet or Intranet has access to the folders that the .htaccess file was protecting.
Your web site or sites are placed in the folders:
These are now available and pages will be served by Apache from these folders.
However by modifying the '''.htaccess''' file in folder '''\UniServer\udrive\home\admin\www''' you will have allowed everyone access to your server’s control panel (kiss your servers goodbye). OK , I was after a dramatic impact there .) There are additional security features that prevents prevent this , however I recommend you do not place Apanel on-line, if . If you must! Make do it, make sure you enable name/password protection.
'''''[[#top | Top]]'''''
== Name /Password protection ==
You may wish to prevent other Internet users accessing your server (a personal web server) this can be achieved by forcing a user to enter a name and password. Uniform Server has this facility pre-configured, '''Apanel''' allows you to set a name and password for three specific areas of the server. Under '''Configurations''' (left menu) you will find these three links:
* Private Secure Server Configuration
After Even after setting a name and password , they do not become effective '''unless enabled''' in the '''appropriate .htaccess''' file, lets . Let's look at these in more detail.
'''''[[#top | Top]]'''''
=== A) Admin Panel Configuration ===
If you have placed Apanel on-line it ''must '' be protected with a name and password as follows:
Edit file: \UniServer\udrive\home\admin\www\'''.htaccess'''
At the bottom of this file , un-comment (remove the hash”#”) the last four lines as shown:
<pre>
AuthName "Uniform Server - Admin Panel 2.0"
Third line is the location of the file containing the name/password pair
The forth fourth line forces tells Apache to instruct a browser that a name and password are required.
Change To change name and password using Apanel, click on the link “'''Admin Panel Configuration.'''” a A new page opens showing current name/password. Enter the new name/and password click change.
Alternatively , edit file /htpasswd/home/admin/www/'''.htpasswd''' and enter a name and password in the following format. :
'''aname:apassword'''
'''''Note'':''' Default name and password are '''root:root'''
'''''[[#top | Top]]'''''
=== B) Private Server Configuration ===
You can protect you your web site with a name and password as follows:
Edit file: \UniServer\udrive\www\'''.htaccess'''
At the bottom of this file , un-comment (remove the hash”#”) the last four lines as shown:
<pre>
AuthName "Uniform Server - Server Access"
Third line is the location of the file containing the name/password pair
The forth fourth line forces tells Apache to instruct a browser that a name and password are required.
Change To change name and password using Apanel, click on the link “'''Private Server Configuration.'''” a A new page opens showing current name/password. Enter new name/password click change.
Alternatively , edit file /htpasswd/www/'''.htpasswd''' and enter a name and password in the following format. : '''aname:apassword'''
'''''Note'':''' Do not add any additional characters or carriage return (enter key) after the password.
'''''Note'':''' Default name and password are '''root:root'''
'''''[[#top | Top]]'''''
=== C) Private Secure Server Configuration ===
You can protect you secure web site with a name and password as follows:
Third line is the location of the file containing the name/password pair
The forth fourth line forces tells Apache to instruct a browser that a name and password are required.
Change To change name and password using Apanel, click on the link “Private “'''Private Secure Server Configuration” a Configuration.'''” A new page opens showing current name/password. Enter new name/password click change.
Alternatively , edit file /htpasswd/ssl/.htpasswd and enter a name and password in the following format. : '''aname:apassword'''
'''''Note'':''' Do not add any additional characters or carriage return (enter key) after the password.
'''''Note'' 2:''' Make sure you have generated a '''new server certificate and key''' as detailed on [[4.0-Mona: Enable SSL | this page]].
'''''[[#top | Top]]'''''
== MySQL Password ==
'''''Note'' 3:''' If you need to quickly back-up your databases no need to use phpMyAdmin or any other tool just back-up folder '''UniServer\udrive\usr\local\mysql\data''' this contains all databases.
'''''[[#top | Top]]'''''
== Summary ==
In terms of security , if you are using the server for development there is nothing to do.
If you are putting the servers on-line , they need to be enabled first by editing each of the '''.htaccess''' contained files in each web-root folder (www and /or ssl). Comment the lines as shown:
<pre>
#Order Deny,Allow
#Allow from 127.0.0.1
</pre>
If you want a personal server with name/password access , uncomment the last four lines in the above '''.htaccess''' files. Remember to change the name/password pairs using Apanel or manually edit the appropriate file.
'''''Note 1'':''' All names and passwords are set to a value of '''root'''
'''''Note 2'':''' Additional information can be found on the [[4.0-Mona: Security features | Security features]] page this , which includes Apanel's '''Security Center''' page .
'''''[[#top | Top]]'''''
----
[[Category: Uniform Server 4.0-Mona]]

Navigation menu