password protect sub folders for different users doesn't appear to work
Added by drbubbles over 15 years ago
Linux 2.6.12.6-arm1 (on a DNS-323 toaster)
Lighttpd/1.4.23 (ssl)
I'm having difficulty password protecting sub directories. Part of my config file is below. if a valid user that is not me or family logs into the web page root / they can still browse to /family and /me
Is this the way it is supposed to work? ie, if I want separate folders to authenticate with different users, should I use separate directories with the same root rather than sub directories of each other?
Thanks,
dbub.
auth.require = ( "/" =>
(
"method" => "digest",
"realm" => "Everyone",
"require" => "valid-user"
),
"/family" =>
(
"method" => "digest",
"realm" => "Family",
"require" => "user=family"
),
"/me" =>
(
"method" => "digest",
"realm" => "Me",
"require" => "user=me"
)
)Replies (3)
RE: password protect sub folders for different users doesn't appear to work - Added by drbubbles over 15 years ago
Maybe I wasn't clear:
Once authenticated with digest, every directory below becomes accessible.
Is it possible to use another digest entry to password protect a subdirectory of that same tree? I tried with the config below, but a valid-user that successfully logs in but isn't called "family" or "me" can still browse to /family or /me Is that the way it should work?
Thanks. DBubs.
auth.require = ( "/" =>
(
"method" => "digest",
"realm" => "Everyone",
"require" => "valid-user"
),
"/family" =>
(
"method" => "digest",
"realm" => "Family",
"require" => "user=family"
),
"/me" =>
(
"method" => "digest",
"realm" => "Me",
"require" => "user=me"
)
RE: password protect sub folders for different users doesn't appear to work - Added by thoth_amon about 14 years ago
I'd like to echo this question. I've been searching all over the Internet for this. If lighttpd can't do this, then "sorry, that capability is not supported" is a perfectly fine answer. At least it's an answer!
I want to set one general password for the top level of my site, but have subdirectories use a different password, exactly as in the example given by drbubbles. An example of my config:
auth.require = ("/" =>
(
"method" => "basic",
"realm" => "a secure location",
"require" => "user=demo"
),
"/kyn/" =>
(
"method" => "basic",
"realm" => "a secure location",
"require" => "user=kyn"
)
)
What happens in this case is that only the password for / is used, kyn is totally ignored. If I remove the entry for /, kyn is protected correctly but the rest of my website is completely open. I could individually protect every subdirectory of the site, but frankly I don't want anyone without a password to even see the possible directories in /, even if they can't access them.
Again, the question is, how can I provide general overall password protection for my site, but override that protection with a different user/pass combination for selected subdirectories?
RE: password protect sub folders for different users doesn't appear to work - Added by kendon about 13 years ago
has this ever been resolved? i am failing at exactly the same thing, and i can only repeat:
If lighttpd can't do this, then "sorry, that capability is not supported" is a perfectly fine answer. At least it's an answer!
fwiw, here is the config for lighty 1.4.26 on ubuntu 10.04 x64:
$HTTP["host"] =~ "." {
auth.require = (
"/" => (
"method" => "basic",
"realm" => "Authorized users only",
"require" => "valid-user"
),
"/private/" => (
"method" => "basic",
"realm" => "Authorized users only",
"require" => "kendon"
)
)
}
a user is required (as expected), however every user is accepted for the /private subdirectory. once authenticated every user can access the subdir, not only the user "kendon".