You are here

Home » API reference » Secure Site 5

README.txt in Secure Site 5

Same filename and directory in other branches
  1. 8 README.txt
  2. 6.2 README.txt
  3. 6 README.txt
  4. 7.2 README.txt
****************************************************************************
Description:

  The Secure Site module allows site administrators to make a site or part of
  a site private. You can restrict access to the site by role. This means the
  site will be inaccessible to search engines and other crawlers, but you can
  still allow access to certain people.

  You can also secure remote access to RSS feeds. You can keep content private
  and protected, but still allow users to get notification of new content and
  other actions via RSS with news readers that support
  user:pass@example.com/node/feed URLs, or have direct support for username
  and password settings. This is especially useful when paired with the
  Organic Groups module or other node access systems.

****************************************************************************
Installation:

1. Place the entire securesite directory into your sites/all/modules
   directory.

2. Enable the Secure Site module by navigating to:

   Administer > Site building > Modules

3. Configure the Secure Site permission:

   Administer > User management > Access control

   Set the user roles that are allowed to access secured pages by giving
   those roles the "access secured pages" permission.

4. Configure the Secure Site module:

   Administer > Site configuration > Secure Site

****************************************************************************
Configuration:

  - Authentication modes

    There are three authentication modes. By default authentication is
    disabled. Please note that the HTTP Auth method requires extra
    configuration if PHP is not installed as an Apache module. See the
    Known Issues section of this file for a work-around.

      1. Disabled

         The disabled settings will disable the securesite module completely
         and no pages will be protected.

      2. Use HTTP Auth

         This will use browser-based authentication. When a protected page
         is accessed the user's web browser will display a username and
         password login form. This is the recommend method for secure
         feeds.

      3. Use HTML login form

         This method uses a themeable HTML login form for username and
         password input. This method is the most reliable as it does not
         rely on the browser for authentication. This method does not work
         for secure feeds.

  - Guest username and password

    If you want to allow anonymous users to access secure pages, you can
    set a username and password for anonymous users. If left blank, guest
    user access will be disabled.

  - Authentication realm

    You can use this field to name your login area. This is primarily used
    with HTTP Auth.

  - Customize HTML forms

    "Custom message for login form" and "Custom message for password reset
    form" are used in the HTML forms when they are displayed. If the
    latter box is empty, Secure Site will not offer to reset passwords.
    Please note, the login form is only displayed when the HTML login form
    authentication mode is used.

  - Bypass login

    This is were you can specify which pages should be secured. The default
    ("On every page except the listed pages") will secure the entire site.

      - On every page except the listed pages
        Specify the page and paths that are not secure. The rest of the site
        will be secure.

      - Only on the listed pages
        Specify the pages and paths that are to be made secure. The rest of
        the site will not be secure.

****************************************************************************
Theming:

  You can theme the HTML output of the Secure Site module using the
  securesite-dialog.tpl.php found in the securesite directory.

  Copy the securesite-dialog.tpl.php to your default theme. Now the
  securesite-dialog.tpl.php will be used as a template for all Secure Site HTML
  output. securesite-dialog.tpl.php works in the same way as page.tpl.php.

****************************************************************************
Known Issues:

  - Authentication on PHP/CGI installations

    If you are using HTTP Auth and are unable to login, PHP could be running in
    CGI mode.  When run in CGI mode, the normal HTTP Auth login variables are
    not available to PHP.  To work-around this issue, add the following rewrite
    rule at the end of the .htaccess file in Drupal's root installation
    directory:

    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

    After making the suggested change in Drupal 5.7, the rewrite rules would
    look like this:

  # Rewrite current-style URLs of the form 'index.php?q=x'.
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>

  - Authentication when running Drupal via IIS

    If you are using HTTP Auth and are unable to login when Drupal is running on
    an IIS server, make sure that the PHP directive cgi.rfc2616_headers is set to
    0 (the default value).

File

README.txt
View source 
  1. ****************************************************************************

  2. Description:

  3. 

  4.   The Secure Site module allows site administrators to make a site or part of

  5.   a site private. You can restrict access to the site by role. This means the

  6.   site will be inaccessible to search engines and other crawlers, but you can

  7.   still allow access to certain people.

  8. 

  9.   You can also secure remote access to RSS feeds. You can keep content private

  10.   and protected, but still allow users to get notification of new content and

  11.   other actions via RSS with news readers that support

  12.   user:pass@example.com/node/feed URLs, or have direct support for username

  13.   and password settings. This is especially useful when paired with the

  14.   Organic Groups module or other node access systems.

  15. 

  16. ****************************************************************************

  17. Installation:

  18. 

  19. 1. Place the entire securesite directory into your sites/all/modules

  20.    directory.

  21. 

  22. 2. Enable the Secure Site module by navigating to:

  23. 

  24.    Administer > Site building > Modules

  25. 

  26. 3. Configure the Secure Site permission:

  27. 

  28.    Administer > User management > Access control

  29. 

  30.    Set the user roles that are allowed to access secured pages by giving

  31.    those roles the "access secured pages" permission.

  32. 

  33. 4. Configure the Secure Site module:

  34. 

  35.    Administer > Site configuration > Secure Site

  36. 

  37. ****************************************************************************

  38. Configuration:

  39. 

  40.   - Authentication modes

  41. 

  42.     There are three authentication modes. By default authentication is

  43.     disabled. Please note that the HTTP Auth method requires extra

  44.     configuration if PHP is not installed as an Apache module. See the

  45.     Known Issues section of this file for a work-around.

  46. 

  47.       1. Disabled

  48. 

  49.          The disabled settings will disable the securesite module completely

  50.          and no pages will be protected.

  51. 

  52.       2. Use HTTP Auth

  53. 

  54.          This will use browser-based authentication. When a protected page

  55.          is accessed the user's web browser will display a username and

  56.          password login form. This is the recommend method for secure

  57.          feeds.

  58. 

  59.       3. Use HTML login form

  60. 

  61.          This method uses a themeable HTML login form for username and

  62.          password input. This method is the most reliable as it does not

  63.          rely on the browser for authentication. This method does not work

  64.          for secure feeds.

  65. 

  66.   - Guest username and password

  67. 

  68.     If you want to allow anonymous users to access secure pages, you can

  69.     set a username and password for anonymous users. If left blank, guest

  70.     user access will be disabled.

  71. 

  72.   - Authentication realm

  73. 

  74.     You can use this field to name your login area. This is primarily used

  75.     with HTTP Auth.

  76. 

  77.   - Customize HTML forms

  78. 

  79.     "Custom message for login form" and "Custom message for password reset

  80.     form" are used in the HTML forms when they are displayed. If the

  81.     latter box is empty, Secure Site will not offer to reset passwords.

  82.     Please note, the login form is only displayed when the HTML login form

  83.     authentication mode is used.

  84. 

  85.   - Bypass login

  86. 

  87.     This is were you can specify which pages should be secured. The default

  88.     ("On every page except the listed pages") will secure the entire site.

  89. 

  90.       - On every page except the listed pages

  91.         Specify the page and paths that are not secure. The rest of the site

  92.         will be secure.

  93. 

  94.       - Only on the listed pages

  95.         Specify the pages and paths that are to be made secure. The rest of

  96.         the site will not be secure.

  97. 

  98. ****************************************************************************

  99. Theming:

  100. 

  101.   You can theme the HTML output of the Secure Site module using the

  102.   securesite-dialog.tpl.php found in the securesite directory.

  103. 

  104.   Copy the securesite-dialog.tpl.php to your default theme. Now the

  105.   securesite-dialog.tpl.php will be used as a template for all Secure Site HTML

  106.   output. securesite-dialog.tpl.php works in the same way as page.tpl.php.

  107. 

  108. ****************************************************************************

  109. Known Issues:

  110. 

  111.   - Authentication on PHP/CGI installations

  112. 

  113.     If you are using HTTP Auth and are unable to login, PHP could be running in

  114.     CGI mode.  When run in CGI mode, the normal HTTP Auth login variables are

  115.     not available to PHP.  To work-around this issue, add the following rewrite

  116.     rule at the end of the .htaccess file in Drupal's root installation

  117.     directory:

  118. 

  119.     RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

  120. 

  121.     After making the suggested change in Drupal 5.7, the rewrite rules would

  122.     look like this:

  123. 

  124.   # Rewrite current-style URLs of the form 'index.php?q=x'.

  125.   RewriteCond %{REQUEST_FILENAME} !-f

  126.   RewriteCond %{REQUEST_FILENAME} !-d

  127.   RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

  128.   RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

  129. 

  130. 

  131.   - Authentication when running Drupal via IIS

  132. 

  133.     If you are using HTTP Auth and are unable to login when Drupal is running on

  134.     an IIS server, make sure that the PHP directive cgi.rfc2616_headers is set to

  135.     0 (the default value).