You are here

README.txt in Secure Site 6

Same filename and directory in other branches
  1. 8 README.txt
  2. 5 README.txt
  3. 6.2 README.txt
  4. 7.2 README.txt
****************************************************************************
Description:

  The Secure Site module allows site administrators to make a site or part of
  a site private. You can restrict access to the site by role. This means the
  site will be inaccessible to search engines and other crawlers, but you can
  still allow access to certain people.

  You can also secure remote access to RSS feeds. You can keep content private
  and protected, but still allow users to get notification of new content and
  other actions via RSS with news readers that support
  user:pass@example.com/node/feed URLs, or have direct support for username
  and password settings. This is especially useful when paired with the
  Organic Groups module or other node access systems.

****************************************************************************
Installation:

1. Place the entire securesite directory into your sites/all/modules
   directory.

2. Enable the Secure Site module by navigating to:

   Administer > Site building > Modules

3. Configure the Secure Site permission:

   Administer > User management > Permissions

   Set the user roles that are allowed to access secured pages by giving
   those roles the "access secured pages" permission.

4. Configure the Secure Site module:

   Administer > Site configuration > Secure Site

****************************************************************************
Configuration:

  - Authentication modes

    There are three authentication modes. By default authentication is
    disabled. Please note that the HTTP Auth method requires extra
    configuration if PHP is not installed as an Apache module. See the
    Known Issues section of this file for a work-around.

      1. Disabled

         The disabled settings will disable the securesite module completely
         and no pages will be protected.

      2. Use HTTP Auth

         This will use browser-based authentication. When a protected page
         is accessed the user's web browser will display a username and
         password login form. This is the recommend method for secure
         feeds.

      3. Use HTML login form

         This method uses a themeable HTML login form for username and
         password input. This method is the most reliable as it does not
         rely on the browser for authentication. This method does not work
         for secure feeds.

  - Guest username and password

    If you want to allow anonymous users to access secure pages, you can
    set a username and password for anonymous users. If left blank, guest
    user access will be disabled.

  - Authentication realm

    You can use this field to name your login area. This is primarily used
    with HTTP Auth.

  - Customize HTML forms

    "Custom message for login form" and "Custom message for password reset
    form" are used in the HTML forms when they are displayed. If the
    latter box is empty, Secure Site will not offer to reset passwords.
    Please note, the login form is only displayed when the HTML login form
    authentication mode is used.

  - Bypass login

    This is were you can specify which pages should be secured. The default
    ("On every page except the listed pages") will secure the entire site.

      - On every page except the listed pages
        Specify the page and paths that are not secure. The rest of the site
        will be secure.

      - Only on the listed pages
        Specify the pages and paths that are to be made secure. The rest of
        the site will not be secure.

****************************************************************************
Theming:

  You can theme the HTML output of the Secure Site module using the
  securesite-dialog.tpl.php found in the securesite directory.

  Copy the securesite-dialog.tpl.php to your default theme. Now the
  securesite-dialog.tpl.php will be used as a template for all Secure Site HTML
  output. securesite-dialog.tpl.php works in the same way as page.tpl.php.

****************************************************************************
Known Issues:

  - Authentication on PHP/CGI installations

    If you are using HTTP Auth and are unable to login, PHP could be running in
    CGI mode.  When run in CGI mode, the normal HTTP Auth login variables are
    not available to PHP.  To work-around this issue, add the following rewrite
    rule at the end of the .htaccess file in Drupal's root installation
    directory:

    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

    After making the suggested change in Drupal 5.7, the rewrite rules would
    look like this:

  # Rewrite current-style URLs of the form 'index.php?q=x'.
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>

  - Authentication when running Drupal via IIS

    If you are using HTTP Auth and are unable to login when Drupal is running on
    an IIS server, make sure that the PHP directive cgi.rfc2616_headers is set to
    0 (the default value).

File

README.txt
View source
  1. ****************************************************************************
  2. Description:
  3. The Secure Site module allows site administrators to make a site or part of
  4. a site private. You can restrict access to the site by role. This means the
  5. site will be inaccessible to search engines and other crawlers, but you can
  6. still allow access to certain people.
  7. You can also secure remote access to RSS feeds. You can keep content private
  8. and protected, but still allow users to get notification of new content and
  9. other actions via RSS with news readers that support
  10. user:pass@example.com/node/feed URLs, or have direct support for username
  11. and password settings. This is especially useful when paired with the
  12. Organic Groups module or other node access systems.
  13. ****************************************************************************
  14. Installation:
  15. 1. Place the entire securesite directory into your sites/all/modules
  16. directory.
  17. 2. Enable the Secure Site module by navigating to:
  18. Administer > Site building > Modules
  19. 3. Configure the Secure Site permission:
  20. Administer > User management > Permissions
  21. Set the user roles that are allowed to access secured pages by giving
  22. those roles the "access secured pages" permission.
  23. 4. Configure the Secure Site module:
  24. Administer > Site configuration > Secure Site
  25. ****************************************************************************
  26. Configuration:
  27. - Authentication modes
  28. There are three authentication modes. By default authentication is
  29. disabled. Please note that the HTTP Auth method requires extra
  30. configuration if PHP is not installed as an Apache module. See the
  31. Known Issues section of this file for a work-around.
  32. 1. Disabled
  33. The disabled settings will disable the securesite module completely
  34. and no pages will be protected.
  35. 2. Use HTTP Auth
  36. This will use browser-based authentication. When a protected page
  37. is accessed the user's web browser will display a username and
  38. password login form. This is the recommend method for secure
  39. feeds.
  40. 3. Use HTML login form
  41. This method uses a themeable HTML login form for username and
  42. password input. This method is the most reliable as it does not
  43. rely on the browser for authentication. This method does not work
  44. for secure feeds.
  45. - Guest username and password
  46. If you want to allow anonymous users to access secure pages, you can
  47. set a username and password for anonymous users. If left blank, guest
  48. user access will be disabled.
  49. - Authentication realm
  50. You can use this field to name your login area. This is primarily used
  51. with HTTP Auth.
  52. - Customize HTML forms
  53. "Custom message for login form" and "Custom message for password reset
  54. form" are used in the HTML forms when they are displayed. If the
  55. latter box is empty, Secure Site will not offer to reset passwords.
  56. Please note, the login form is only displayed when the HTML login form
  57. authentication mode is used.
  58. - Bypass login
  59. This is were you can specify which pages should be secured. The default
  60. ("On every page except the listed pages") will secure the entire site.
  61. - On every page except the listed pages
  62. Specify the page and paths that are not secure. The rest of the site
  63. will be secure.
  64. - Only on the listed pages
  65. Specify the pages and paths that are to be made secure. The rest of
  66. the site will not be secure.
  67. ****************************************************************************
  68. Theming:
  69. You can theme the HTML output of the Secure Site module using the
  70. securesite-dialog.tpl.php found in the securesite directory.
  71. Copy the securesite-dialog.tpl.php to your default theme. Now the
  72. securesite-dialog.tpl.php will be used as a template for all Secure Site HTML
  73. output. securesite-dialog.tpl.php works in the same way as page.tpl.php.
  74. ****************************************************************************
  75. Known Issues:
  76. - Authentication on PHP/CGI installations
  77. If you are using HTTP Auth and are unable to login, PHP could be running in
  78. CGI mode. When run in CGI mode, the normal HTTP Auth login variables are
  79. not available to PHP. To work-around this issue, add the following rewrite
  80. rule at the end of the .htaccess file in Drupal's root installation
  81. directory:
  82. RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
  83. After making the suggested change in Drupal 5.7, the rewrite rules would
  84. look like this:
  85. # Rewrite current-style URLs of the form 'index.php?q=x'.
  86. RewriteCond %{REQUEST_FILENAME} !-f
  87. RewriteCond %{REQUEST_FILENAME} !-d
  88. RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
  89. RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
  90. - Authentication when running Drupal via IIS
  91. If you are using HTTP Auth and are unable to login when Drupal is running on
  92. an IIS server, make sure that the PHP directive cgi.rfc2616_headers is set to
  93. 0 (the default value).