Using .htaccess files via MySQL
- On-Premise Server + WebMail Installations: Version 6.0 > Current Version
- Webmail Only Installations: Version 6.0 > Current Version
Additonal security module
'mod_auth_mysql' (http://modauthmysql.sourceforge.net/), is a module for apache which allows you to password protect a webserver directory with usernames and passwords from a MySQL table. This is ideal if you would like to password protect the Webmail URL of @Mail, if your organization requires extra security, and you would like to prevent access to the Webmail system for authorized IP's only.Read below on how to setup Mod-Auth Mysql with Apache
Things to note:
-It is assumed that you are running a linux system with apache web server.
-Detailed instructions regarding the installation and configuration of mod_auth_mysql can be found here: http://modauthmysql.sourceforge.net/
After building the module, you need to install it to your modules directory.
Next, add the following directive to httpd.conf:
Restart the apache webserver.
Once the webserver has restarted, mod_auth_mysql will be started as a module with apache.
Creating the user table
Login to mysql:
The command line will prompt you for a password, and when you hit enter you should be presented with something like this:
You are now in a mysql shell!
First you must create a mysql database called auth with the following query:
You must now create a mysql table as below:
- The 'id' column simply serves as the PRIMARY KEY to satisfy MySQL requirements, you do not need to enter data into this field, it will enter itself a unique number.
- The 'user_name' column will hold usernames under 30 characters.
- The 'user_passwd' column will hold passwords under 20 characters, which should be encrypted.
- The 'ip_address' column holds allowed ip addresses, this is optional, it will allow ip address based ACL.
- The 'DateAdded' column will store the date that the user was added, this is optional, it can be used to allow expiry of a user, for this functionality you will also need to include the 'Expire' column.
- The 'Expire' column holds either '1' or '0', it is also necessary for expiry of a user, but not mandatory for simple username/password authentication.
Users can be added into the MySQL table with the following command from the mysql shell.
Setting up .htaccess
mod_auth_mysql uses the .htaccess file to know which directories need to be protected.
Your .htaccess file should be located in /usr/local/webmail/atmail/ and should contain the following: