NANOWEB, the aEGiS PHP web server

HTTP Authentication

The authentication feature is part of the hypertext transport protocol (HTTP), and allows to restrict access to specified directories or complete areas with login names and passwords.
NANOWEB allows this very flexible, again due to its modular structure. Currently there exist 9 extensions modules for HTTP authentication:
mod_auth_simple SIMPLE User names and passwords are kept in one of the configuration files.
mod_auth_htpasswd HTPASSWD Authentication files from the apache webserver can be used with this module.
mod_auth_nwauth NWAUTH Nanoweb authentication files are much like the apache ones.
mod_auth_mysql MYSQL This module expects login/password pairs to be listed in a MySQL database.
mod_auth_pgsql PGSQL PostgreSQL database authentication.
mod_auth_ldap LDAP Authentication data from LDAP.
mod_auth_anydb ANYDB Any database supported by either PEAR::DB, ADOdb or PHP_dbx can be used for authentication.
mod_auth_anonymous ANONYMOUS Anonymous login (like with FTP).
mod_auth_subversion SUBVERSION Subversion repository authentication.

In order to use them, you have of course to load them into the server (using the LoadModule directive). You can load all authentication modules together, as authentication can be activated with one of them on a per-directory basis (in .nwaccess files), for example:

AuthRealm = Info: Directory password required!
AuthRequire = SIMPLE

AuthSimpleUserPass = ... 

In this example config file the »SIMPLE« authentication scheme (from mod_auth_simple) is used. But for another directory you could use a apache password file with "AuthRequire=HTPASSWD".

# two methods combined => logical OR
AuthRequire = SIMPLE
AuthRequire = MYSQL

If you combine two AuthRequire directives in one configuration file (.nwaccess) like in the above example, the user will be granted access if its login name and password are verified by one of the authentication modules (logical OR). This way you could specify system-wide authentication data for a few people only with mod_auth_simple and grant thousands of other users access via mod_auth_mysql where required.

# Require auth only for some locations
AuthRequire = SIMPLE
AuthLocation = /admin/
AuthLocation = /site/admin.php

Using the AuthLocation in the global, virtualhost, or access file will restrict the need for authentication to the specified locations.

NANOWEB, the aEGiS PHP web server