Changes to .htaccess
The syntax of various statements in.htaccess files has changed and some statements are not needed anymore.
Log in to web-login.inf.ethz.ch via ssh to run any of the commands below.
Find .htaccess Files to Modify
To find all .htaccess file that needs to be modified run the following command:
migrate_check_htaccess
Changed Syntax
Access control statements now generally use therequire statement, order, allow and satisfy needs to be converted as follows:
| Old | Change to this |
|---|---|
order deny,allowdeny from all |
require all denied |
order allow,denyallow from all |
require all granted |
allow from somehost.inf.ethz.ch |
require host somehost.inf.ethz.ch |
allow from 129.132.0.0/16 |
require ip 129.132.0.0/16 |
satisfy any |
wrap all require lines between <RequireAny></RequireAny> |
satisfy all |
wrap all require lines between <RequireAll></RequireAll> |
Authentication
Previously kerberos and LDAP based authentification had to be completely set up in.htaccess files. Now authentication via ETH password for web applications (LDAP) is preconfigured and only needs to be activated. All that is needed is the following:
AuthType basic AuthName "Some description"
require ldap-user user1, user2, ... to grant access to individual users. If you have multiple requires then wrap them in <RequireAny></RequireAny>.
If you want to use files listing users or groups instead then also add the following lines:
AuthBasicProvider ldap file AuthUserFile /home/yourlogin/userfile AuthGroupFile /home/yourlogin/groupfile
public_html folder. To ensure that only the web server can also read the files use the web_allow_access command (web_allow_access for help) with these files as arguments.
When switching from kerberos to LDAPS make sure that you strip all
@D.ETHZ.CH from users and groups.