blob: 918b4053f1940a848de0e54e8d7d2542e40a5947 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
? my $ctx = $main::context;
? $_mt->wrapper_file("wrapper.mt", "Configure", "Using Basic Authentication")->(sub {
<p>
Starting from version 1.7, H2O comes with a mruby script named <a href="https://github.com/h2o/h2o/blob/master/share/h2o/mruby/htpasswd.rb">htpasswd.rb</a> that implements <a href="https://tools.ietf.org/html/rfc2617" target="_blank">Basic Authentication</a>.
The script provides a Rack handler that implements Basic Authentication using password files generated by the <a href="https://httpd.apache.org/docs/2.4/programs/htpasswd.html">htpasswd</a> command.
</p>
<p>
Below example uses the mruby script to restrict access to the path.
If authentication fails, the mruby handler returns a <code>401 Unauthorized</code> response.
If authentication succeeds, the handler returns a <code>399</code> response, and the request is <a href="configure/mruby.html#delegating-request">delegated</a> internally to the next handler (i.e. <code>file.dir</code>).
</p>
<?= $ctx->{example}->('Configuring HTTP authentication using htpasswd.rb', <<'EOT');
paths:
"/":
mruby.handler: |
require "htpasswd.rb"
Htpasswd.new("/path/to/.htpasswd", "realm-name")
file.dir: /path/to/doc_root
EOT
?>
<p>
In H2O versions prior to 2.0, you should specify <code>"#{$H2O_ROOT}/share/h2o/mruby/htpasswd.rb"</code> as the argument to <code>require</code>, since the directory is not registered as part of <code>$LOAD_PATH</code>.
</p>
For convenience, the mruby script also forbids access to files or directories that start with <code>.ht</code>.
? })
|
