Project

General

Profile

Forums » Support »

[Solved] Password Protecting Directories

Added by costis about 10 years ago

Hello, I try to password protect a directory named "SecretDirectory", but I am missing something and I cannot get it to work.

1. Does the username has to be a system user? (I tried it both ways: being or not a system user)
2. My lighttpd.conf file is this:

server.modules = (
        "mod_access",
        "mod_alias",
        "mod_compress",
        "mod_redirect",
        "mod_auth",
        "mod_accesslog" 
)

server.document-root        = "/var/www/html" 
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log" 
accesslog.filename = "/var/log/lighttpd/lighttpd.log" 
server.pid-file             = "/var/run/lighttpd.pid" 
server.username             = "www-data" 
server.groupname            = "www-data" 
server.port                 = 80
auth.debug = 2
auth.backend = "htpasswd" ###-> *I also tried with auth.backend = "plain"*
auth.backend.plain.userfile = "/home/censored/.htpasswd" ###-> *This contains "secretuser=HashedPassword" or in the case of "plain", "secretuser=plaintextpassword".
#*Also* " $ ls \-l /home/censored/.htpasswd" returns:
\-rw\-r\-\-r\-\- 1 www-data www-data 18 Feb 28 11:19 /home/censored/.htpasswd *

$HTTP["url"] =~ "/OpenDirectory/" {
     dir-listing.activate = "enable" 
   }

auth.require = ( "/SecretDirectory/" =>
(
"method" => "basic",
"realm" => "Password protected area",
"require" => "user=secretuser" 
)
)
index-file.names            = ( "index.php", "index.xhtml",  "index.html", "index.lighttpd.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", )
server.error-handler-404 = "/index.html" 

compress.cache-dir          = "/var/cache/lighttpd/compress/" 
compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )
include_shell "/usr/share/lighttpd/create-mime.assign.pl" 
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"

I do get the "Authentication Required" window, but then when I enter the username and the password, the "Authentication Required" window pops-up again.

Any ideas?


Replies (1)

RE: Password Protecting Directories - Added by Anonymous about 10 years ago

Yes, it's not working because you are not doing it the right way.

$HTTP["url"] =~ "^/OpenDirectory/" {
     dir-listing.activate = "enable" 
}

$HTTP["url"] =~ "^/SecretDirectory/" {

    auth.require = ( 
        "" => (
            "method" => "basic",
            "realm" => "Password protected area",
            "require" => "user=secretuser" 
        )
    )
}
    (1-1/1)