[Solved] Setting Digest Auth for two folders - no authentication prompt
Added by tester almost 5 years ago
Hi!
I'm starting to feel like I'm crazy cause I can't find what my mistake is. I'm trying to set access controls for two different folders and only allow to access any file inside of them after authentication. Also, I want to deny access to any folder other than the authenticated ones.
Right now, when I navigate to the folder it just shows "403 Forbidden". However, any file inside is still accessible or inaccessible (404).
here is my config:
https://pastebin.com/S7ip3ZEc
Hints or Feedback is appreciated!
Cheers,
tester
Replies (2)
RE: Setting Digest Auth for two folders - no authentication prompt - Added by gstrauss almost 5 years ago
You might try testing a simpler config (with fewer lines) trying to do fewer things.
Your config contains duplicated lines and probably does not load, so you're probably not restarting lighttpd and using the test config you think you're using.
You have enabled index-file.names, but have not said whether or not such a file exists. In the config you shared, you did not enable dir-listing.activate, but since we can't read your mind, this may or may not be relevant.
You do not have a config which configures mod_access to reject access to other locations.
You should simplify your messy test environment and run under you own user privileges, and then should troubleshoot your selinux policy if you try something else.
Slow down and test more methodically.
RE: Setting Digest Auth for two folders - no authentication prompt - Added by tester almost 5 years ago
gstrauss wrote:
You might try testing a simpler config (with fewer lines) trying to do fewer things.
Your config contains duplicated lines and probably does not load, so you're probably not restarting lighttpd and using the test config you think you're using.
You have enabled index-file.names, but have not said whether or not such a file exists. In the config you shared, you did not enable dir-listing.activate, but since we can't read your mind, this may or may not be relevant.
You do not have a config which configures mod_access to reject access to other locations.
You should simplify your messy test environment and run under you own user privileges, and then should troubleshoot your selinux policy if you try something else.
Slow down and test more methodically.
Well, thanks I get it. I started off with the tutorial config and added the features I need. I'm pretty sure the "mess" is not the (only) issue here.
After your hint regarding the config, I decided to check the service status and there it is:
Jul 14 22:29:28 storage-pi systemd[1]: Starting Lighttpd Daemon...
Jul 14 22:29:28 storage-pi lighttpd[4224]: 2019-07-14 22:29:28: (server.c.1493) WARNING: unknown config-key: auth.backend (ignored)
Jul 14 22:29:28 storage-pi lighttpd[4224]: 2019-07-14 22:29:28: (server.c.1493) WARNING: unknown config-key: auth.require (ignored)
Jul 14 22:29:28 storage-pi systemd[1]: Started Lighttpd Daemon.
Is the documentation not up to date?
edit:
ok, I've added the mod_auth to the first line, so now it works (minus sha 256, which does not work because RasPi Zero receives the 1.4.53 version through apt). I misunderstood the documentation, thinking mod_auth was not required once mod_authn_file is enabled.
Cheers!