How to password protect root / default webpage
Hi there,
I am trying to figure out how I can password protect the server hostname default page.
i.e. server.domain.com (which auto forwards to -> /cgi-sys/defaultwebpage.cgi)
The reason I want to do this is because I have installed mod_pagespeed and I am trying to enable its admin GUI.
The problem I have is that for some daft reason I cannot access the /pagespeed_admin/ from a subdomain, such as cache.domain.com - for some reason it just doesn't load up, however it does load from the servers hostname - server.domain.com/pagespeed_admin/
However this would allow anyone who discovers the link to interact with this GUI which is not very secure. I am aware I could restrict it to my IP but I I'd need to access it from various locations, some of which are dynamic IPs
So my hopeful resolution is to password protect server.domain.com.
Is there a way to do this?
Thanks
-
Hello, You could manually password protect the directory the script is located at by creating a .htaccess file in the directory and following the instructions discussed on the following third-party URL: Password protecting a directory and all of it's subfolders using .htaccess Thank you. 0 -
Hi Michael, thanks for the reply. Just to clarify, I am looking to do this for the root hostname of the server / main IP address. I believe the correct directory is /var/www/html/ (checked this by editing the main html page that calls the default system cgi page) however when adding an htaccess file it doesn't seem to have an effect? Thanks 0 -
I actually managed to work it out, I had to add Options Indexes FollowSymLinks MultiViews AllowOverride AuthConfig Order allow,deny Allow from all
to the Pre main include - I was avoiding updating httpd.conf direct. Seems to be working great now EDIT: IF anyone is attempting this, I had to put my passwd file within the /var/www/.passwds/ directory and set the folder to 755 permissions otherwise the file was unreadable by apache0 -
Hello, Keep in mind you may want to upload your custom script to a subdirectory within "/var/www/html/" and apply the workaround to the specific subdirectory (e.g. /var/www/html/directory-name). Otherwise, access attempts to the other templates (e.g. suspended page, error documents) will require authentication. Thank you. 0 -
Hi Michael, Thank you for the response, because I am using mod_pagespeed there is no actual physical directory created (that I can find) which is why I am having to protect the root level. However in terms of what you were saying I suspended an unused account and accessed it via private tab in different browser and it did not require any authentication for the suspended page so I don't think I will have any issues? 0 -
However in terms of what you were saying I suspended an unused account and accessed it via private tab in different browser and it did not require any authentication for the suspended page so I don't think I will have any issues?
In that case, no further steps should be required. Thank you.0 -
Hi Michael, Thanks for that, I will keep an eye on it just incase there are issues further down the line. Thanks Greg 0 -
Hi Michael, Turned out that this did indeed cause an issue, server lfd[1410]: STATS: Unable to retrieve Apache Server Status [http://127.0.0.1/whm-server-status?auto] - Unable to download: Unauthorized
Turns out creating a /pagespeed_global_admin/ directory in the apache root and password protecting that works even though pagespeed doesnt physically reside there. I had originally though this would have caused an issue but that seems to be the full solution !0
Please sign in to leave a comment.
Comments
8 comments