When you install HP 3par System Reporter, there is no authentication needed to change the policies. This means that anyone accessing your System Reporter website could change the values.
Obviously, you don’t want that.
In this post we will secure the settings with a username/password.
To enable the password protected access, 2 things are needed: a .htpasswd file somewhere on your System Reporter server (preferably outside of your htdocs folder) and a change in the configuration to tell Apache that the 3par-policy folder is password protected.
First of all we are going to create our .htpasswd file and folder. In this example, we will create a folder in the C:\Program Files\Apache directory, called ‘secure’. This folder will contain our .htpasswd file.
Now we will need to create a .htpasswd file. This is done from the command line and from within the Apache\Bin folder.
The command needed to add a user / password to this file is:
htpasswd -c "C:/Program Files/Apache/secure/.htpasswd" <username>
When you look in the directory, you will see the .htpasswd file that has been created.
Now the only thing left to do is to tell Apache that it needs to secure the “C:/Program Files/Apache/cgi-bin/3par-policy” directory using the .htpasswd file we just created.
To do this, edit the httpd.conf file (located in C:\Program Files\Apache\conf).
Look for the <Directory “C:/Program Files/Apache/cgi-bin> tags and below the </Directory> enter the following lines of code:
# Protect the Policy Directory <Directory "C:/Program Files/Apache/cgi-bin/3par-policy"> AllowOverride None
AuthType Basic AuthName "3Par Protected Configuration" AuthUserFile "C:/Program Files/Apache/secure/.htpasswd" Require valid-user </Directory>
Save the file and restart the Apache service to reload the configuration file. Now, when you want to change something to the policy, you will be asked for a username and password:
Although this is only a ‘Basic’ protection, I already feel a lot more at ease when I know that people cannot change my policies anymore. Optionally, you could also change it to Digest or even SQL authentication if needed.
With thanks to my colleague Jurgen for the great Apache knowledge! 😉