README.txt in Secure Site 6
****************************************************************************
Description:
The Secure Site module allows site administrators to make a site or part of
a site private. You can restrict access to the site by role. This means the
site will be inaccessible to search engines and other crawlers, but you can
still allow access to certain people.
You can also secure remote access to RSS feeds. You can keep content private
and protected, but still allow users to get notification of new content and
other actions via RSS with news readers that support
user:pass@example.com/node/feed URLs, or have direct support for username
and password settings. This is especially useful when paired with the
Organic Groups module or other node access systems.
****************************************************************************
Installation:
1. Place the entire securesite directory into your sites/all/modules
directory.
2. Enable the Secure Site module by navigating to:
Administer > Site building > Modules
3. Configure the Secure Site permission:
Administer > User management > Permissions
Set the user roles that are allowed to access secured pages by giving
those roles the "access secured pages" permission.
4. Configure the Secure Site module:
Administer > Site configuration > Secure Site
****************************************************************************
Configuration:
- Authentication modes
There are three authentication modes. By default authentication is
disabled. Please note that the HTTP Auth method requires extra
configuration if PHP is not installed as an Apache module. See the
Known Issues section of this file for a work-around.
1. Disabled
The disabled settings will disable the securesite module completely
and no pages will be protected.
2. Use HTTP Auth
This will use browser-based authentication. When a protected page
is accessed the user's web browser will display a username and
password login form. This is the recommend method for secure
feeds.
3. Use HTML login form
This method uses a themeable HTML login form for username and
password input. This method is the most reliable as it does not
rely on the browser for authentication. This method does not work
for secure feeds.
- Guest username and password
If you want to allow anonymous users to access secure pages, you can
set a username and password for anonymous users. If left blank, guest
user access will be disabled.
- Authentication realm
You can use this field to name your login area. This is primarily used
with HTTP Auth.
- Customize HTML forms
"Custom message for login form" and "Custom message for password reset
form" are used in the HTML forms when they are displayed. If the
latter box is empty, Secure Site will not offer to reset passwords.
Please note, the login form is only displayed when the HTML login form
authentication mode is used.
- Bypass login
This is were you can specify which pages should be secured. The default
("On every page except the listed pages") will secure the entire site.
- On every page except the listed pages
Specify the page and paths that are not secure. The rest of the site
will be secure.
- Only on the listed pages
Specify the pages and paths that are to be made secure. The rest of
the site will not be secure.
****************************************************************************
Theming:
You can theme the HTML output of the Secure Site module using the
securesite-dialog.tpl.php found in the securesite directory.
Copy the securesite-dialog.tpl.php to your default theme. Now the
securesite-dialog.tpl.php will be used as a template for all Secure Site HTML
output. securesite-dialog.tpl.php works in the same way as page.tpl.php.
****************************************************************************
Known Issues:
- Authentication on PHP/CGI installations
If you are using HTTP Auth and are unable to login, PHP could be running in
CGI mode. When run in CGI mode, the normal HTTP Auth login variables are
not available to PHP. To work-around this issue, add the following rewrite
rule at the end of the .htaccess file in Drupal's root installation
directory:
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
After making the suggested change in Drupal 5.7, the rewrite rules would
look like this:
# Rewrite current-style URLs of the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>
- Authentication when running Drupal via IIS
If you are using HTTP Auth and are unable to login when Drupal is running on
an IIS server, make sure that the PHP directive cgi.rfc2616_headers is set to
0 (the default value).
File
README.txt
View source
- ****************************************************************************
- Description:
-
- The Secure Site module allows site administrators to make a site or part of
- a site private. You can restrict access to the site by role. This means the
- site will be inaccessible to search engines and other crawlers, but you can
- still allow access to certain people.
-
- You can also secure remote access to RSS feeds. You can keep content private
- and protected, but still allow users to get notification of new content and
- other actions via RSS with news readers that support
- user:pass@example.com/node/feed URLs, or have direct support for username
- and password settings. This is especially useful when paired with the
- Organic Groups module or other node access systems.
-
- ****************************************************************************
- Installation:
-
- 1. Place the entire securesite directory into your sites/all/modules
- directory.
-
- 2. Enable the Secure Site module by navigating to:
-
- Administer > Site building > Modules
-
- 3. Configure the Secure Site permission:
-
- Administer > User management > Permissions
-
- Set the user roles that are allowed to access secured pages by giving
- those roles the "access secured pages" permission.
-
- 4. Configure the Secure Site module:
-
- Administer > Site configuration > Secure Site
-
- ****************************************************************************
- Configuration:
-
- - Authentication modes
-
- There are three authentication modes. By default authentication is
- disabled. Please note that the HTTP Auth method requires extra
- configuration if PHP is not installed as an Apache module. See the
- Known Issues section of this file for a work-around.
-
- 1. Disabled
-
- The disabled settings will disable the securesite module completely
- and no pages will be protected.
-
- 2. Use HTTP Auth
-
- This will use browser-based authentication. When a protected page
- is accessed the user's web browser will display a username and
- password login form. This is the recommend method for secure
- feeds.
-
- 3. Use HTML login form
-
- This method uses a themeable HTML login form for username and
- password input. This method is the most reliable as it does not
- rely on the browser for authentication. This method does not work
- for secure feeds.
-
- - Guest username and password
-
- If you want to allow anonymous users to access secure pages, you can
- set a username and password for anonymous users. If left blank, guest
- user access will be disabled.
-
- - Authentication realm
-
- You can use this field to name your login area. This is primarily used
- with HTTP Auth.
-
- - Customize HTML forms
-
- "Custom message for login form" and "Custom message for password reset
- form" are used in the HTML forms when they are displayed. If the
- latter box is empty, Secure Site will not offer to reset passwords.
- Please note, the login form is only displayed when the HTML login form
- authentication mode is used.
-
- - Bypass login
-
- This is were you can specify which pages should be secured. The default
- ("On every page except the listed pages") will secure the entire site.
-
- - On every page except the listed pages
- Specify the page and paths that are not secure. The rest of the site
- will be secure.
-
- - Only on the listed pages
- Specify the pages and paths that are to be made secure. The rest of
- the site will not be secure.
-
- ****************************************************************************
- Theming:
-
- You can theme the HTML output of the Secure Site module using the
- securesite-dialog.tpl.php found in the securesite directory.
-
- Copy the securesite-dialog.tpl.php to your default theme. Now the
- securesite-dialog.tpl.php will be used as a template for all Secure Site HTML
- output. securesite-dialog.tpl.php works in the same way as page.tpl.php.
-
- ****************************************************************************
- Known Issues:
-
- - Authentication on PHP/CGI installations
-
- If you are using HTTP Auth and are unable to login, PHP could be running in
- CGI mode. When run in CGI mode, the normal HTTP Auth login variables are
- not available to PHP. To work-around this issue, add the following rewrite
- rule at the end of the .htaccess file in Drupal's root installation
- directory:
-
- RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
-
- After making the suggested change in Drupal 5.7, the rewrite rules would
- look like this:
-
- # Rewrite current-style URLs of the form 'index.php?q=x'.
- RewriteCond %{REQUEST_FILENAME} !-f
- RewriteCond %{REQUEST_FILENAME} !-d
- RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
- RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
-
-
- - Authentication when running Drupal via IIS
-
- If you are using HTTP Auth and are unable to login when Drupal is running on
- an IIS server, make sure that the PHP directive cgi.rfc2616_headers is set to
- 0 (the default value).