Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 19th March 2010, 11:46
neutrino neutrino is offline
Member
 
Join Date: Oct 2008
Posts: 61
Thanks: 13
Thanked 9 Times in 8 Posts
Red face AuthUserFile and ispconfig

Hello,

I'm trying to restrict access to one of my website using AuthUserFile.

The code that works is the next one :

AuthUserFile /var/www/clients/client0/web6/web/supersecretdirectory/password.txt
AuthGroupFile /dev/null
AuthName "Not allowed"
AuthType Basic
Require valid-user

This works perfectly if I add this code between the Directory tags, like this :

<Directory /var/www/clients/client0/web6/web>
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all

AuthUserFile /var/www/clients/client0/web6/web/supersecretdirectory/password.txt
AuthGroupFile /dev/null
AuthName "Not allowed"
AuthType Basic
Require valid-user

</Directory>

Sadly, when I add the code to the apache directives field in ISPconfig, it places the code after the </Directory> tag and then I get the next error :

apache2Syntax error on line 48 of /etc/apache2/sites-enabled/site.domain.com:
AuthUserFile not allowed here

Any idea how I could tell ISPconfig to write between the <Directory> Tags ?

edit: maybe there is something to try with the "Allow Overide" field in the Apache directives ?

Last edited by neutrino; 19th March 2010 at 11:50.
Reply With Quote
Sponsored Links
  #2  
Old 19th March 2010, 11:56
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,176
Thanks: 829
Thanked 5,414 Times in 4,257 Posts
Default

You missed to add the directory tags when you added the lines in the apache directives field.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
neutrino (19th March 2010)
  #3  
Old 19th March 2010, 11:58
giftsnake giftsnake is offline
Senior Member
 
Join Date: Jan 2009
Posts: 108
Thanks: 15
Thanked 9 Times in 8 Posts
Default

i dont know the solution, but it might be more secure, to put the passwordfile not in the web folder.
just use "/var/www/clients/client0/web6/.htsecretpasswords"

did you try to remove the 'allow from all' in your code, since you do not allow all, just the ones with password :-P
Reply With Quote
The Following User Says Thank You to giftsnake For This Useful Post:
neutrino (19th March 2010)
  #4  
Old 19th March 2010, 12:16
neutrino neutrino is offline
Member
 
Join Date: Oct 2008
Posts: 61
Thanks: 13
Thanked 9 Times in 8 Posts
Default

Quote:
Originally Posted by till View Post
You missed to add the directory tags when you added the lines in the apache directives field.
I was afraid that only one <Directory> tag was allowed for each path, that's why I didn't add them. I tried it with the tags and it now works like a charm.

And again, thank you Till
Reply With Quote
  #5  
Old 19th March 2010, 12:18
neutrino neutrino is offline
Member
 
Join Date: Oct 2008
Posts: 61
Thanks: 13
Thanked 9 Times in 8 Posts
 
Default

Quote:
Originally Posted by giftsnake View Post
i dont know the solution, but it might be more secure, to put the passwordfile not in the web folder.
just use "/var/www/clients/client0/web6/.htsecretpasswords"

did you try to remove the 'allow from all' in your code, since you do not allow all, just the ones with password :-P
I've added this, in order to block the acess to the directory containing the file :

<Directory /var/www/clients/client0/web6/web/supersecretdirectory>
Order deny,allow
Deny from all
</Directory>
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Proftp no account created. ISPconfig start warnings jackoob Installation/Configuration 13 20th December 2008 12:31
mod_rewrite and ISPConfig poisen General 3 21st October 2008 15:07
[ADVANCED] - Browsing the SVN Server files using ISPConfig vaio1 Installation/Configuration 5 1st July 2008 21:57
How do you set up WebDAV with ISPConfig? ptr Server Operation 2 13th August 2007 19:07


All times are GMT +2. The time now is 18:35.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.