Setting up Apache Authentication for non-midgard sites
I wanted to set up webalizer and a couple of other sites running off the same server as the one using the midgard based website. The domain test.wilderness.org.au was our midgard based site and was being served by midgard. Setting up another domain net.wilderness.org.au was relatively easy using a virtualhost directive in the midgard-data.conf file. As I wanted to restrict access to the site I used the Authentication capability of apache. It is just like setting up a normal VirtualHost in httpd.conf except that you have to include the line MidgardEngine Off
<VirtualHost 64.235.236.145:80>
MidgardEngine Off
ServerAdmin john@test.wilderness.org.au
DocumentRoot /var/www/net/
ServerName net.wilderness.org.au
<Directory /var/www/net/>
AllowOverride None
order allow,deny
Allow from all
AuthName "Secure TWS"
AuthType Basic
AuthUserFile /etc/apache/.htpasswd
require user admin
</Directory></VirtualHost>
This worked fine when I entered the url net.wilderness.org.au as I was asked to log in order to view the site but when I entered test.wilderness.org.au/net I was able to see the site without having to log in. I tried adding the following line
Alias /net /var/www/net/
to the virtual host settings in midgard-data.conf but that didn't make any difference. What I had to do was to add the following to the httpd.conf file
<Directory /var/www/net/>
AllowOverride None
order allow,deny
Allow from all
AuthName "Secure TWS"
AuthType Basic
AuthUserFile /etc/apache/.htpasswd
Require user admin</Directory>
So for any site that I wanted to restrict access to I had to add a directory directive in the httpd.conf file that pointed to the directory I wanted to restrict and contained the correct Auth settings.