How to Protect subdomain?

Discussion in 'Setting-up protection' started by cnick79, Sep 19, 2012.

  1. cnick79

    cnick79 New Member

    Joined:
    Jun 23, 2012
    Messages:
    9
    I have amember installed at mydomain.com/amember and I want to protect member.mydomain.com. What's the best way to go about protecting my subdomain?
  2. davidm1

    davidm1 aMember User & Partner

    Joined:
    May 16, 2006
    Messages:
    4,435
    Can you go to protect content / folders and browse down/up to that subdomain?

    David
  3. cnick79

    cnick79 New Member

    Joined:
    Jun 23, 2012
    Messages:
    9
    Yea, I was able to add a new record under Protect Content -> Folders and set /var/www/subdomain/pages/ as the path and http://member.localhost as the URL. When I click on the "link" after creating this record, it takes me to my homepage, http://localhost. The protection does appear to work because the first time I click on member.localhost I get redirect to amember login, but after I login I get sent to localhost, and each time I click on member.localhost (after logged in) takes me to localhost.

    I don't know if it makes a difference, but my Redirect after login is Fixed Url: http://member.localhost.
  4. cnick79

    cnick79 New Member

    Joined:
    Jun 23, 2012
    Messages:
    9
    Also, here's the .htaccess rewrite rule that was created.

    Code:
    # if cookie is set and file exists, stop rewriting and show page
    RewriteCond %{HTTP_COOKIE} amember_nr=([a-zA-Z0-9]+)
    RewriteCond /home/nick/Projects/websites/mysite/www/amember/data/new-rewrite/%1-3 -f
    RewriteRule ^(.*)$ - [S=3]
     
    # if cookie is set but folder file does not exists, user has no access to given folder
    RewriteCond %{HTTP_COOKIE} amember_nr=([a-zA-Z0-9]+)
    RewriteCond /home/nick/Projects/websites/mysite/www/amember/data/new-rewrite/%1-3 !-f
    RewriteRule ^(.*)$ http://localhost/amember/no-access/folder/id/3?url=%{REQUEST_URI}?%{QUERY_STRING} [L,R]
     
    ## if user is not authorized, redirect to login page
    # BrowserMatch "MSIE" force-no-vary
    RewriteCond %{QUERY_STRING} (.+)
    RewriteRule ^(.*)$ http://localhost/amember/protect/new-rewrite?f=3&url=%{REQUEST_URI}?%{QUERY_STRING} [L,R]
    RewriteRule ^(.*)$ http://localhost/amember/protect/new-rewrite?f=3&url=%{REQUEST_URI} [L,R]
    
    Here's the login URL I get when I click on my protected url and not logged in to amember:
    Code:
    http://localhost/amember/protect/new-rewrite?f=3&url=/
  5. cnick79

    cnick79 New Member

    Joined:
    Jun 23, 2012
    Messages:
    9
    Here's the stored cookie being accessed:

    amember_nr
    Code:
    Name:    amember_nr
    Content:    cd7accf74a16fe574f46ca1b5a871953
    Domain:    localhost
    Path:    /
    Send For:    Any kind of connection
    Accessible to Script:    No (HttpOnly)
    Created:    Thursday, September 20, 2012 8:21:59 PM
    Expires:    When I close my browser
    It looks like amember is ignoring my Redirect after login Fixed Url, set to http://member.localhost. Why is this?
  6. cnick79

    cnick79 New Member

    Joined:
    Jun 23, 2012
    Messages:
    9
    I think I have this working. Interestingly enough, I'm not sure what I did to get it to work. I did move my website to mydomain.com locally instead of using localhost.

    Here is how I have my setup and got it working:

    Server file locations:

    Code:
    /var/www/  --> webroot
    /var/www/amember/  ---> amember insttall dir
    /var/www/wordpress/ ---> workdpress install
    /var/www/index.php ---> (see Note1 below)
    /var/www/yii-framework-app/  ---> members.mydomain.com subdomain

    Note1: the /var/www/index.php file is needed to tell a visitor where wp is installed.
    Code:
    /** content of /var/www/index.php **/
     
    define('WP_USE_THEMES', true);
     
    /** Loads the WordPress Environment and Template */
    require('./wordpress/wp-blog-header.php');
    
    This is what my /etc/hosts file looks like:
    Code:
    127.0.0.1      localhost
    127.0.0.1      mydomain.com
    127.0.0.1      www.mydomain.com
    127.0.0.1      member.mydomain.com
    
    Then in my apache config I have:
    Code:
    <VirtualHost *>
            ServerName www.mydomain.com
           DocumentRoot /var/www/
           <Directory /var/www/>
                    Options Indexes FollowSymLinks MultiViews
                    AllowOverride All
                    Order allow,deny
                    allow from all
            </Directory>
    </VirtualHost>
    ## For my subdomain
    <VirtualHost *>
            ServerName member.mydomain.com
           DocumentRoot /var/www/yii-framework-app/
     
    </VirtualHost>
    

Share This Page