Module: Apache::Permissions

Included in:: Config

Defined in:: lib/apache/permissions.rb

Overview

Configure server access permissions

Instance Method Summary collapse

#allow_from(*where) ⇒ Object

Define IP block restrictions.
#allow_from_all ⇒ Object (also: #allow_from_all!)

Shortcut for allowing all access to a block.
#apache_require(*opts) ⇒ Object

Create an Apache require directive.
#basic_authentication(zone, users_file, requires = {}) ⇒ Object (also: #basic_authentication!)

Set up basic authentication.
#default_restrictive! ⇒ Object

Set up default restrictive permissions.
#deny_from_all ⇒ Object (also: #deny_from_all!)

Shortcut for denying all access to a block.
#ldap_authentication(zone, url, requires = {}) ⇒ Object (also: #ldap_authentication!)

Set up LDAP authentication.
#no_htfiles! ⇒ Object

Block all .ht* files.
#order(*args) ⇒ Object (also: #order!)

Specify default access order.

Instance Method Details

#allow_from(*where) ⇒ `Object`

Define IP block restrictions

allow_from '127.0.0.1' #=> Allow from "127.0.0.1"



23
24
25

# File 'lib/apache/permissions.rb', line 23

def allow_from(*where)
  self << "Allow from #{where.quoteize * " "}"
end

#allow_from_all ⇒ `Object` Also known as: allow_from_all!

Shortcut for allowing all access to a block

# File 'lib/apache/permissions.rb', line 13

def allow_from_all
  order :allow, :deny
  allow :from_all
end

#apache_require(*opts) ⇒ `Object`

Create an Apache require directive. Used to get around Ruby reserved word.



79
80
81

# File 'lib/apache/permissions.rb', line 79

def apache_require(*opts)
  self << "Require #{opts.compact * " "}"
end

#basic_authentication(zone, users_file, requires = {}) ⇒ `Object` Also known as: basic_authentication!

Set up basic authentication

Check to make sure the defined users_file exists

basic_authentication "My secret", '/my.users', 'valid-user' => true
basic_authentication "My other secret", '/my.users', :user => [ :john ]

# File 'lib/apache/permissions.rb', line 59

def basic_authentication(zone, users_file, requires = {})
  exist? users_file
  authentication_basics(zone, requires)
  auth_user_file users_file
end

#default_restrictive! ⇒ `Object`

Set up default restrictive permissions

# File 'lib/apache/permissions.rb', line 37

def default_restrictive!
  directory '/' do
    options :follow_sym_links
    allow_override :none
    deny_from_all
  end
end

#deny_from_all ⇒ `Object` Also known as: deny_from_all!

Shortcut for denying all access to a block

# File 'lib/apache/permissions.rb', line 5

def deny_from_all
  order :deny, :allow
  deny :from_all
end

#ldap_authentication(zone, url, requires = {}) ⇒ `Object` Also known as: ldap_authentication!

Set up LDAP authentication

# File 'lib/apache/permissions.rb', line 68

def ldap_authentication(zone, url, requires = {})
  authentication_basics(zone, requires)
  auth_basic_provider :ldap
  authz_ldap_authoritative :on
  auth_ldap_url url
end

#no_htfiles! ⇒ `Object`

Block all .ht* files

# File 'lib/apache/permissions.rb', line 46

def no_htfiles!
  files_match %r{^\.ht} do
    deny_from_all
    satisfy :all
  end
end

#order(*args) ⇒ `Object` Also known as: order!

Specify default access order

order :allow, :deny #=> Order allow,deny



30
31
32

# File 'lib/apache/permissions.rb', line 30

def order(*args)
  self << "Order #{args * ','}"
end

Module: Apache::Permissions

Overview

Instance Method Summary collapse

Instance Method Details

#allow_from(*where) ⇒ Object

#allow_from_all ⇒ Object Also known as: allow_from_all!

#apache_require(*opts) ⇒ Object

#basic_authentication(zone, users_file, requires = {}) ⇒ Object Also known as: basic_authentication!

#default_restrictive! ⇒ Object

#deny_from_all ⇒ Object Also known as: deny_from_all!

#ldap_authentication(zone, url, requires = {}) ⇒ Object Also known as: ldap_authentication!

#no_htfiles! ⇒ Object

#order(*args) ⇒ Object Also known as: order!