Skip to main content

How to password protect root / default webpage

Comments

8 comments

  • cPanelMichael
    Hello, You could manually password protect the directory the script is located at by creating a .htaccess file in the directory and following the instructions discussed on the following third-party URL: Password protecting a directory and all of it's subfolders using .htaccess Thank you.
    0
  • Greg M
    Hi Michael, thanks for the reply. Just to clarify, I am looking to do this for the root hostname of the server / main IP address. I believe the correct directory is /var/www/html/ (checked this by editing the main html page that calls the default system cgi page) however when adding an htaccess file it doesn't seem to have an effect? Thanks
    0
  • Greg M
    I actually managed to work it out, I had to add
    Options Indexes FollowSymLinks MultiViews AllowOverride AuthConfig Order allow,deny Allow from all
    to the Pre main include - I was avoiding updating httpd.conf direct. Seems to be working great now EDIT: IF anyone is attempting this, I had to put my passwd file within the /var/www/.passwds/ directory and set the folder to 755 permissions otherwise the file was unreadable by apache
    0
  • cPanelMichael
    Hello, Keep in mind you may want to upload your custom script to a subdirectory within "/var/www/html/" and apply the workaround to the specific subdirectory (e.g. /var/www/html/directory-name). Otherwise, access attempts to the other templates (e.g. suspended page, error documents) will require authentication. Thank you.
    0
  • Greg M
    Hi Michael, Thank you for the response, because I am using mod_pagespeed there is no actual physical directory created (that I can find) which is why I am having to protect the root level. However in terms of what you were saying I suspended an unused account and accessed it via private tab in different browser and it did not require any authentication for the suspended page so I don't think I will have any issues?
    0
  • cPanelMichael
    However in terms of what you were saying I suspended an unused account and accessed it via private tab in different browser and it did not require any authentication for the suspended page so I don't think I will have any issues?

    In that case, no further steps should be required. Thank you.
    0
  • Greg M
    Hi Michael, Thanks for that, I will keep an eye on it just incase there are issues further down the line. Thanks Greg
    0
  • Greg M
    Hi Michael, Turned out that this did indeed cause an issue,
    server lfd[1410]: STATS: Unable to retrieve Apache Server Status [http://127.0.0.1/whm-server-status?auto] - Unable to download: Unauthorized
    Turns out creating a /pagespeed_global_admin/ directory in the apache root and password protecting that works even though pagespeed doesnt physically reside there. I had originally though this would have caused an issue but that seems to be the full solution !
    0

Please sign in to leave a comment.