Knowledge Base

Access Control Rule Profile

Last Modified:
24 Feb 2020
User Level:
Administrator +

Description

With Access Control you can configure the .htaccess file to restrict access to published pages to users with specific usernames and passwords. To do this you must configure Apache and have access to the Terminalfour database.

We have also created a module that provides more flexibility over Access Control that you might want to look at.

  1. Configure Apache
  2. Create the System Content Type
  3. Enable Access Control Content Type
  4. Create the Access Control Profile
  5. Configure the Channel
  6. Site Structure
  7. Publish the Channel

Configure Apache

In this example, we are using the default .htaccess file. Your server may be configured to use a file with a different name. The file locations here are provided as an example.

We'll create a Content Type that will allow the author to enter the username of the user who has permission to view a Section. This is done by entering their username and checking it against a static file on the server that is not accessible from the web. 

Set AllowOverride AuthConfig

Edit the httpd.conf. The location of the file is dependant on where Apache is installed.

Find the directory entry for your site, e.g.

<Directory "/etc/apache2/htdocs">

Change the line from

AllowOverride None

to

AllowOverride AuthConfig

<Directory "/etc/apache2/htdocs">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks
 
    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   AllowOverride FileInfo AuthConfig Limit
    #
    AllowOverride AuthConfig
    #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>

Create the password directory and .htpasswd file

Create a directory /etc/apache2/passwords. This should be a location that is not accessible from the web.

Create a file called .htpasswd. If you're not sure about creating .htpasswd files have a look at this guide

Usernames and passwords should have the following form:

jbloggs:$ttr1$MwpTbdEW$5tt6SOJ4oQIa9807Ex/MV0

This file will be referenced from the Content Layout to verify users for access to restricted content. 

Create the System Content Type

Before you follow the guide to creating an Access Control Content Type note that for this example, the Content Type comprises just one Content Element:

NameTypeRequiredMaximum size
Users Allowed Plain text No 400

Create a Content Layout called text/access-control. All other fields can be left as the default

Add the following Content Layout Code and save.

# start file
AuthType Basic 
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile /etc/apache2/passwords/.htpasswd
Require user <t4 type="content" name="Users Allowed" output="normal" modifiers="striptags,htmlentities" />
# end file

Enable Access Control Content Type

Go to the Access Control Configuration at System administration > Set up sites & channels > Access control

Check Enable hierarchical access control.
Set the Access control content type to the Content Type just created.
Save changes.

Create the Access Control Profile

Go to Sites & Channels > Access control 

Select Create new to create a profile. Then select Create new next to Access Control Rule Profile and provide a Name and Description.

  • File Name: enter the name of the access file name set on your Apache webserver. By default, the name will be ".htaccess".
  • CSS for links to Access Controlled Sections/Media categories: enter the path to the CSS file if you've styled the links that have been created.

Select Add to save the changes.

Configure the Channel

Go to System administration > Set up sites & channels > Channels

Edit the Channel you want to enable Access Control on.

Under Access control and personalization, check Enable Access Control and select the Access Control Profile created earlier. 

The setup is now complete and Sections can be access-controlled for that Channel.

Site Structure

Edit the Section(s) you wish to control access to and ensure it contains content that will publish for the channel.

  • Select the Access tab.
  • Enable Access Control
  • Enter the usernames with a space between each user.

Publish the Channel

Publish the Channel and browse to the restricted section on the published site. A popup requesting a username and password will be presented. Once a valid username and password is entered, the restricted page will be displayed.