Require HTTP auth to access roundcube

Perhaps this will serve as an extra layer of protection against any
vulnerabilities in Roundcube.

diff --git a/htgroups b/htgroups
index 7befaa4129011034f1e7279af5484342b90ba062..6ceae1db1092f9fefb2074e4e8c684d9f500c16e 100644 (file)
--- a/htgroups
+++ b/htgroups
@@ -1 +1,2 @@
 logs: alex
+roundcube: alex

diff --git a/sites-common/default b/sites-common/default
index febad9afa3c4817acc2cd9b2be80218fa6778a40..ac775b37a4ea285929d71f505d9e6d0781aabe92 100644 (file)
--- a/sites-common/default
+++ b/sites-common/default
@@ -24,6 +24,13 @@ ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
 
 Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/
 Alias /roundcube /var/lib/roundcube
+<Directory "/var/lib/roundcube">
+       AuthUserFile  /etc/apache2/htdigest
+       AuthGroupFile /etc/apache2/htgroups
+       AuthName "Secure"
+       AuthType Digest
+       Require group roundcube
+</Directory>
 
 ErrorLog ${APACHE_LOG_DIR}/error.olinda.log