Providing password protection for the Admin configuration pages: Apache example

Limit access to the Admin pages of the HCL OpenAdmin Tool (OAT) for Informix® for security reasons. Protecting these pages with a password is important because the Admin pages are accessible from the Login page and, therefore, open to everyone.

One method is to use the built-in authentication provided by the web server. For example, you can protect the installation directory, OATINSTALL/admin/.htaccess.

Example: To protect the OAT directory from within Apache:

  1. Create a password file in a directory that is not accessible from the web using the htpasswd utility that came with Apache.
  2. Add authentication directives to one of the following files:
    • The OATINSTALL/admin/.htaccess file
    • The httpd.conf file
  3. Put the directives inside a <Directory> section. For example:
    <Directory OATINSTALL/admin>
AuthType Basic
AuthName "OAT Admin"
AuthUserFile PASSWORDFILE
Require ValidUser
</Directory>
    Where PASSWORDFILE is the directory in which you created the password file with the htpasswd utility.

For more information and examples, read the article about Apache HTTP server version 2.0 authentication, authorization, and access control on the Apache Software Foundation website: www.apache.org (opens in new window).

Parent topic: How do I configure security for OAT?
Copyright© 2018 HCL Technologies Limited