• Главная
• Скачать CMSimple
• Документация
• Карта сайта
• Контакты

• Главная
• Плюсы и минусы Cmsimple
• Технические требования
• Скачать Cmsimple
• Документация
• Безопасность
  • Общие правила
  • WWW-Authenticate
  • Уязвимости Cmsimple
  • Баги Cmsimple
• Примеры сайтов
• Плагины для Cmsimple
• Сборки CMSimple
• Adobe Flash и SWFObject
• Контакты
• Лицензия и цены
• Licence FAQ
• Гостевая книга

---

Главная > Безопасность > WWW-Authenticate

---

---

WWW-Authenticate

For better password protection it is advised to use security type wwwaut.

On Linux where PHP is installed as an Apache module (not a CGI), this feature will work just by setting security type to wwwaut under the configuration settings of CMSimple.

With CMSimple 2.7 it is also possible to make wwwaut work on: When PHP is installed as CGI/FastCGI and RewriteEngine is on On Microsoft Internet Information Services (IIS) when PHP > 4.3.3, only "Anonymous access" is set and "Custom Errors" is set to Default. (Also cgi.rfc2616_headers in php.ini must be deafult). How to check Server API

You can check that PHP is installed as an Apache module, by looking at phpinfo. Download phpinfo.php or create a php-file with this content:

Run the file over the webserver, by calling ie. http://www.yourdomain.com/phpinfo.php

The line "Server API" in the resulting page must look like this: Server API Apache

Wwwaut when Apache module

Set security type to wwwaut under the configuration settings of CMSimple and save. You'll need to login again afterwards, using both the defined username and password.

The same thing may be achieved by setting $cf['security']['type']="wwwaut"; (before version 2.8: $cf['security']['wwwaut']="true";) in cmsimple/config.php. Wwwaut when CGI/FastCGI

In the CMSimple basefolder, you should create a .htaccess file with this content:
RewriteEngine on
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]

Set wwwaut to 'true' under the configuration settings or by setting $cf['security']['wwwaut']="true"; in cmsimple/config.php.

If it gives an error on the website or it does not allow you to login, you are probably not allowed to use .htaccess files and/or the RewriteEngine at your webhotel.

Wwwaut when ISS

1. In webserver admin goto Web Site Properties -> File/Directory Security -> Anonymous Access dialog box - check the "Anonymous access" checkbox and uncheck any other checkboxes (uncheck "Basic authentication," "Integrated Windows authentication," and "Digest")

2. In webserver admin under "Custom Errors" select the range of "401;1" through "401;5" and select "Set to Default".

3. Set security type to wwwaut under the configuration settings of CMSimple and save.

If it does not work, check that PHP > 4.3.3 and in php.ini that "cgi.rfc2616_headers = 0"

© 2007 CMSimple.ru Powered by CMSimple