How to secure your websites with Roxen and ChiliMoon
Posted at 2004-11-21 by Michael Stenitzer
Load the password module and one of the modules to provide a user database (SQL User Database, System User Database etc.).
<if not="not" user=”NAME” group=”GROUP”> <!-- you can use user and/or group -->
<auth-required />
failed login
</if>
<else>
logged in
</else> Other options are:
Applies to: Roxen , ChiliMoon
Posted at 2004-11-21 by Michael Stenitzer
Sometimes (e.g. when you use some gtext in a password protected part of the website), you will be asked a second time for the password:
If your gtext module and protected filesystem have the same authentication realms (you can set auth realm in gtext security tab without specifying any specific restrictions), then you won't be asked for a password a second time.
Applies to: Roxen , ChiliMoon
Posted at 2004-11-21 by Michael Stenitzer
If you have a chained certificate, simply list the certificate files comma-separated in the "SSL certificate file" field.
Note: If you have Roxen older than 3.3.69 the spaces around the commas aren't ignored. Bug 2722 community.roxen.com/crunch/show_bug.cgi?id=2722
Applies to: Roxen , ChiliMoon
Posted at 2004-11-22 by Michael Stenitzer
If you're using .htaccess or security patterns, you can start the server with -DHTACCESS_DEBUG and/or -DSECURITY_PATTERN_DEBUG to get authentication debug traces in the debug log.
Currently there is no debug mode for the userdb_sql module
Applies to: Roxen , ChiliMoon
Posted at 2005-09-27 by Michael Stenitzer
To remove a cookie in all browsers (IE, Firefox, Opera) which has been set by the the HTTP Cookie Authentication Module use <remove-cookie/> without the domain attribute:
<remove-cookie name="_roxen_cookie_auth" path="/" /> Applies to: Roxen , ChiliMoon