Results 1 to 10 of 10

Thread: Simple Web Development

  1. #1

    Simple Web Development

    I maintain the software & hardware for a small insurance company. A lot of the devices have web interfaces for maintenance and rather than having them all bookmarked I'd like to setup a small (internal) website which categories the type of device and then provides links to the relevant URL - this would be available to other staff to use in my absence. I have an apache server available. I could develop this myself, but with my other duties I just don't have the time so I'm looking for a free html template that I can download and edit accordingly.

    Any one have any advice/recommendations on where I can get one? I've looked around on google and everything seems over the top for what I need
    Last edited by HerbertDypp; August 24th, 2016 at 05:51 AM.
    Herb
    Blog

  2. #2
    Poof make squid!
    Merrick ap'Milandra's Avatar
    Join Date
    Jan 2004
    Posts
    13,540
    Blog Entries
    1

    Re: Simple Web Development

    You could do it yourself following this template that I just whipped up.

    It's not the most secure thing in the world, but if it's only accessible internally, then you probably don't have to worry about it.

    Create a folder on the apache server.

    Create the following files:

    index.php
    Code:
    <html>
    <head></head>
    <body>
    <a href="URL of device goes here"> Device name goes here</a><br>
    <a href="URL of other device here"> Device2 name here</a><br>
    </body>
    </html>
    Then save this as .htaccess
    Code:
    AuthType Basic
    AuthName "Password Protected Area"
    AuthUserFile /path/to/.htpasswd
    Require valid-user
    and save this as .htpasswd
    Code:
    username:password
    user2:pass2
    adding as many users and passwords as you want.

    Make sure .htaccess and index.php are in the root of your new folder.

    Then, put .htpasswd in some arcane subfolder, and inside of .htaccess, change the /path/to/.htpasswd to match the location you stored the file in.

    then type:

    http://servername/foldername

    in your address bar, and it should bring up a pop-up window saying "Password Protected Area", at which point you can use any of the username : password combinations inside of .htpasswd to get in.
    Last edited by Merrick ap'Milandra; August 24th, 2016 at 10:41 AM.
    For copyright purposes, all of my posts are covered under the "Do What The Fuck You Want To Public License"
    http://sam.zoy.org/wtfpl/
    Noone should sue or be sued ambiguously.

  3. #3
    Elder Arcanist

    Join Date
    Jun 2003
    Posts
    4,878

    Re: Simple Web Development

    Quote Originally Posted by Merrick ap'Milandra View Post
    You could do it yourself following this template that I just whipped up.

    It's not the most secure thing in the world, but if it's only accessible internally, then you probably don't have to worry about it.

    Create a folder on the apache server.

    Create the following files:

    index.php
    Code:
    <html>
    <head></head>
    <body>
    <a href="URL of device goes here"> Device name goes here</a><br>
    <a href="URL of other device here"> Device2 name here</a><br>
    </body>
    </html>
    Then save this as .htaccess
    Code:
    AuthType Basic
    AuthName "Password Protected Area"
    AuthUserFile /path/to/.htpasswd
    Require valid-user
    and save this as .htpasswd
    Code:
    username:password
    user2:pass2
    adding as many users and passwords as you want.

    Make sure .htaccess and index.php are in the root of your new folder.

    Then, put .htpasswd in some arcane subfolder, and inside of .htaccess, change the /path/to/.htpasswd to match the location you stored the file in.

    then type:

    http://servername/foldername

    in your address bar, and it should bring up a pop-up window saying "Password Protected Area", at which point you can use any of the username : password combinations inside of .htpasswd to get in.
    Two things:

    1: save the file as an .html, it doesn't need to be .php

    2: the .htpasswd file (IIRC) can't be plain text, the password is encrypted. Use "htpasswd -c <file name> <username>" to create the file and "htpasswd <file name> <username>" to add additional logins

  4. #4
    Poof make squid!
    Merrick ap'Milandra's Avatar
    Join Date
    Jan 2004
    Posts
    13,540
    Blog Entries
    1

    Re: Simple Web Development

    Quote Originally Posted by Eremius View Post
    Two things:

    1: save the file as an .html, it doesn't need to be .php
    Absolutely correct.

    Quote Originally Posted by Eremius View Post
    2: the .htpasswd file (IIRC) can't be plain text, the password is encrypted. Use "htpasswd -c <file name> <username>" to create the file and "htpasswd <file name> <username>" to add additional logins
    Is the encryption required now? I thought you used to be able to get away without it. It's been a decade since I did any apache work.

    By the way, HerbertDypp, those commands need to be run from a terminal window on the apache server after you've navigated to your directory.
    For copyright purposes, all of my posts are covered under the "Do What The Fuck You Want To Public License"
    http://sam.zoy.org/wtfpl/
    Noone should sue or be sued ambiguously.

  5. #5
    Elder Arcanist

    Join Date
    Jun 2003
    Posts
    4,878

    Re: Simple Web Development

    For bonus points I would also put the htaccess information in it's own block so it only applies to that one file as below:


    Code:
    <FilesMatch "file.html">
    AuthName "Member Only"
    AuthType Basic
    AuthUserFile .htpasswd
    require valid-user
    </FilesMatch>
    
    <Files ".htpasswd">
    Order Allow,Deny
    Deny from all
    </Files>

  6. #6
    Elder Arcanist

    Join Date
    Jun 2003
    Posts
    4,878

    Re: Simple Web Development

    Quote Originally Posted by Merrick ap'Milandra View Post
    Is the encryption required now? I thought you used to be able to get away without it. It's been a decade since I did any apache work.
    Yeah, it's been required for quite a few years now.

  7. #7

    Re: Simple Web Development

    That's great guys, thanks.
    Herb
    Blog

  8. #8

    Re: Simple Web Development

    Are you working for an insurance agent that sells insurance policies directly, or for the company that actually issues the policy that agents sell? I ask because of the Department of Insurance policies and regulations regarding security protocols that they must follow even for internal facing applications.

    So, before you do that, I suggest you look into what the security requirements are. I work for Farmers Insurance as an application developer. I support the applications that all the agents (both exclusive and independent) use to quote auto insurance for a few of Farmers owned brands. Company wide, our security protocols are extremely tight and there are no 'exceptions' ... like ever. All of our applications are web based. To access anything within the company, you have to have access to the VPN that everything resides in. We use a secure sharepoint site as an intranet site and access is then given to who needs it to the particular areas of the intranet site which of course is locked in with several additional lsecurity protocols.

    Even when I am on call, if a production server application triggers an alert to the on call phone, I may not have the credentials to log on to the server to triage the issue. In which case, I call my manager and if needed create a help desk ticket for production control to look into. That is how tight our controls are.

    The insurance industry is as regulated as banks are for security. I would be extremely cautious on doing anything before checking first, or you might find yourself in a whole heap of do do.
    CeeNedra

    ---------------
    Men.. it's not their fault. You can't give someone two heads and expect them to think straight!

  9. #9

    Re: Simple Web Development

    I'm in the UK, so whilst insurance is a regulated industry here (and I work in motor insurance) it is obviously regulated differently. I've worked in this industry over here for 20years (crikey, where did those years go!)

    What I'm trying to do will only be accessible from the internal network (only one site, no one needs VPN access, so I don't provide a VPN), it will only have access to software that does not contain client data, so as far as our regulatory bodies are concerned it would be outside of their jurisdiction.

    Basically, I'm just trying to make my life a little easier - the IT at this company is pretty primitive still (somethnig I'm trying to rectify, but the guy who owns the company hates to spend his money on something that isn't another Aston Martin, so it's a slow process)
    Herb
    Blog

  10. #10

    Re: Simple Web Development

    At the very least, I suggest you look into some form of encryption. Your software may not contain client data but it does reside on the company server and that is all it takes for a hacker to do bad things.


    Sent from my iPhone using Tapatalk
    CeeNedra

    ---------------
    Men.. it's not their fault. You can't give someone two heads and expect them to think straight!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •