Controlling access to the NetManager webserver
Do not confuse file access (as you would get by mapping a drive to the webspace internally) with web access (access from anywhere using a webbrowser).
Do not confuse websites which include their own login mechanism (where you enter details into a webpage and then submit) with standard web-authentication (where your browser will present a standard pop-up login box).
If users are asked to log in, they will log into a chosen realm. The realm is the word or phrase you see in the login box. Once you have logged into a given realm, you will not be asked to login again to access all web-resources on the same server with the same realm. The realm in the examples below is "NetManager webfile access". Therefore, if you want single-sign-on, you must use the same realm.
Firefox login window
Internet Explorer login window
How it works
Per-directory settings, including access rights, are set in a .htaccess file in the target directory. All child directories will inherit settings from their parents unless overridden with another .htaccess file.
Creating a .htaccess file
You could read the Apache documentation, but the NetManager provides a simpler method: the mkhtaccess command.
To use the mkhtaccess command, go to a Command Line. The syntax is simple; like most commands you can use the -h option to view basic help:
netmanager 1# mkhtaccess -h Syntax: mkhtaccess [-haq] [-g group] [-r realm] <dir> -h = this message -g = allow access to given group(s) - can specify multiple times -r = set authentication realm (default: NetManager Intranet) -a = always prompt for user/pass even on internal network (default is either internal network or valid password) -q = run quietly <dir> is the directory to create the .htaccess file in
At its simplest, you can just type
mkhtaccess with no options and no directory specified. This will create a .htaccess in the root of the webarea with the following properties:
- Realm is NetManager Intranet
- Access from internal networks (or, more explicitly, network ranges configured as Trusted) will be given access without having to log on
- All users attempting to access externally will have to log on, any valid username and password will be allowed
netmanager 2# mkhtaccess Access to 'www' will be allowed from internal networks without having to logon. From externally, anyone with a valid username and password will have access
This behaviour can be easily modified:
- Using the -a flag will not grant access to internal networks, i.e. you will always have to log on
- Using the -r flag allows you to set the realm (you will need to put quotes around the realm if it contains spaces)
- The -q flag will stop the command summarising what has been done
- You can grant access to only certain groups by using the -g flag. You can use the -g flag multiple times if you want to give access to more than one group
- You can give a directory name to operate in. If this does not begin with a /, it will be relative to the root of the webspace
Open access to internal networks, password-protected externally with a custom realm:
netmanager 3# mkhtaccess -r "Our School Intranet" Access to 'www' will be allowed from internal networks without having to logon. From externally, anyone with a valid username and password will have access
Configure a staff-only subfolder (called staffonly) to always require a username and password even for internal users and to grant access to only the 'teaching' and 'nonteaching' groups:
netmanager 4# mkhtaccess -r "Our School Intranet" -g teaching -g nonteaching -a staffonly All users, both internally and externally, will need to logon to access 'staffonly' Only the following groups will be allowed access: teaching nonteaching