Comments on: Lighttpd setup a password protected directory (directories)

By: michiel

michiel — Thu, 08 Dec 2011 12:40:33 +0000

Hi,

I got plain authorization working, but it seems there is a very long timeout before you have to enter login&password again. Is there a way to set it to about 30 minutes or so?

By: przemek

przemek — Thu, 16 Jun 2011 07:22:55 +0000

what is domain name? i got index.php as my website in ww folder and how i do domain name?

By: kurt krueckeberg

kurt krueckeberg — Tue, 05 Apr 2011 14:20:52 +0000

Great article. The most helpful one I’ve found.

By: Chalai

Chalai — Fri, 30 Apr 2010 01:10:22 +0000

Hi!
How to restrict access to a folder/subfolder only?
Using Apache I can restrict user access to a folder/subfolder only by setting a value for open_basedir and include_path, how do I do that with Lighttpd?

By: mahal24

mahal24 — Thu, 15 Apr 2010 06:02:54 +0000

Can somebody please tell me if Lighttpd supports “GROUP” authentication and if it does how do you configure it? Thanks in advance!

By: Tapas Mallick

Tapas Mallick — Mon, 29 Mar 2010 09:53:22 +0000

I believe there should have a post on “Access restriction based on IP/Subnet Address” (like: order allow, deny; allow from 192.168.1.0/24; deny from all; directives normally used in apache)

By: lopes

lopes — Mon, 01 Mar 2010 22:44:56 +0000

Hi!

How I can use the same password and user for two folder? How I can setup this?

Many thanks

By: Lopes

Lopes — Mon, 01 Mar 2010 22:33:08 +0000

Thanks Vivek!

Just a question how can I protect two folders? Using same user and password?

By: Charlie

Charlie — Wed, 06 Jan 2010 17:38:18 +0000

Thanks, Vivek.
I looked the error.log file. The message are password mismatch. I figured out that the problem is with password file “.pwd_Yuemeng”. One user without line feed at the end of line will make it work. However, for two users “user=TEST|user=TEST2″, The password file have two lines, the first line with line feed, the second line without line feed. The first user cannot login, but second folder can login. Do you have any idea to deal with the line feed issue? Can some other symbol to put at the end of line to make it works?

By: Vivek Gite

Vivek Gite — Wed, 06 Jan 2010 07:59:34 +0000

Check error log and the following debug options and restart lighttpd:
auth.debug = 2
Take a look at your error.log for detailed info.

By: Charlie

Charlie — Wed, 06 Jan 2010 01:05:37 +0000

Hi,
My web server is DNS-323 with fun_plug 0,5 and lighttpd
I have changed the lighttpd.conf to include the following:

server.modules              = (
                                "mod_access",
                                "mod_auth",
                                "mod_fastcgi",
                                "mod_accesslog" )
server.document-root        = "/mnt/HD_a2/www/pages/"
$HTTP["url"] =~ "^/Yuemeng/" {
auth.debug = 2
auth.backend = "plain"
auth.backend.plain.userfile = "/mnt/HD_a2/www/pwd/.pwd_Yuemeng"
auth.require = ( "/Yuemeng/" =>
 	(
	"method" => "basic",
	"realm" => "Password protected area",
	"require" => "user=TEST"
	)
   )
},

Only one line in the file /mnt/HD_a2/www/pwd/.pwd_Yuemeng
TEST:xxyyzz

The “Yuemeng” is sub directory of “/mnt/HD_a2/www/pages/”

after restart lighttpd, I do got popup window asking for username and password,
but entering the usename and passwod will not let me to got in the Yuemeng directory. after trying three times, It give me “401 – Unauthorized”

I could not figure out what is wrong.

I do not know my server has SSL support or not, Do I need SSL to make it wroks?

Thanks.

By: Pep

Pep — Sat, 05 Sep 2009 09:15:16 +0000

Hi,
I followed this how-to. I get it to state, when it says no errors. But authentification still doesn`t work. I would like to describe it more in detail but all I can say is: no errors; web works as before setting authentification; but webpage doesn`t require any username and password. I`ve restarted OpenWRT, which maked no difference.
Thank you for help.

By: Clive

Clive — Thu, 11 Jun 2009 22:59:05 +0000

yeah thats the second time that has been suggested to me, I should really have said I’ve already looked at mod_secure_download. The php app has to be written to make use of it so it’s not an option. I was hoping for a solution by the webserver only, something to put in the lighttpd.conf file to achieve this but its looking like it isnt possible :(

By: Vivek Gite

Vivek Gite — Thu, 11 Jun 2009 19:53:18 +0000

Try mod_secdownload.

By: Clive

Clive — Thu, 11 Jun 2009 19:51:21 +0000

Hi,

I’m just wondering if password protection is the answer to my problem. I want to only allow files to be downloaded via pages on my website and nowhere else, I can stop hotlinking from other sites with the following:

$HTTP["referer"] !~ “^($|http://www\.mydomain\.com)” {
url.access-deny = ( “.mp3″, “.zip” )
}

But that doesnt prevent people from typing the url of a file directly into the browser, they can still download it that way. Is there any other way to prevent this? I’d prefer to just have a 403 forbidden to appear if a file is accessed directly or from another site, but I cant find a solution anywhere so I may consider using a password protected directory.

By: Marcus

Marcus — Tue, 24 Mar 2009 15:28:13 +0000

Along the lines of what Paul posted, I'm trying to password protect a directory for multiple users. You posted that you should simply append a new user to the end of the /etc/lighttpd/lighttpd.conf file, but I'm confused about the formatting. Should it look like:


auth.require = ( "/media/" =>
(
"method" => "basic",
"realm" => "Media",
"require" => "user=user1"
"require" => "user=user2"
)

Or should it look like:


auth.require = ( "/media/" =>
(
"method" => "basic",
"realm" => "Media",
"require" => "user=user1|user=user2"
)

? Also, what should the password file look like in order to do this? Thanks!

By: yannick coulombe

yannick coulombe — Tue, 03 Mar 2009 15:51:08 +0000

Thanks,

without having to do some more google searches !!

By: dikshie

dikshie — Sat, 24 Jan 2009 15:07:06 +0000

hi,
i just migrate apache to lighttpd. i found i can not find easy and straightforward way
to enable auth for every users since all my users has .htpassword in public_html
any straightforward way to enable auth for every /home/$user/public_html/ ?

thanks!

By: mad

mad — Sat, 20 Dec 2008 20:28:13 +0000

Hi,

how can I password protect main folder (server.document-root=/usr/local/www)

Thanks.

By: DanielS

DanielS — Wed, 17 Sep 2008 05:32:14 +0000

Just a quick note as far as step one, a simple command would be lighty-enable-mod auth
Otherwise Great Post! Thanks!