Lighttpd Protect Different Directories With Different Password Files

Posted by Vivek Gite [Last updated: August 18, 2008]

There is a way to protect different directories with different username/password under Lighttpd server.

If you use different userfile files for authenticating in different directories, you can attach each to the correct directory by using conditionals.

Let us see how to protect two different directories using conditionals directives:
/docs/ with username tom
/sales/ with username jerry

Open lighttpd configuration file:
# vi lighttpd.conf
Make sure mod_auth is loaded:
server.modules += ( "mod_auth" )
Now add first conditionals directive to protect /docs/:

$HTTP["url"] =~ "^/docs/" {
auth.backend = "plain"
auth.backend.plain.userfile = "/home/lighttpd/.lighttpdpassword-DOCS"
auth.require = ( "/docs/" =>
 	(
	"method" => "basic",
	"realm" => "Password protected area",
	"require" => "user=tom"
	)
   )
}

Add second conditionals directive to protect /sales/:

$HTTP["url"] =~ "^/sales/" {
auth.backend = "plain"
auth.backend.plain.userfile = "/home/lighttpd/.lighttpdpassword-SALES"
auth.require = ( "/sales/" =>
 	(
	"method" => "basic",
	"realm" => "Password protected area",
	"require" => "user=jerry"
	)
   )
}

Save and close the file. Now create a password for tom user:
# vi /home/lighttpd/.lighttpdpassword-DOCS
Append username:password for tom:
tom:TomsPassword
Save and close the file. Also, create a password for jerry user:
vi /home/lighttpd/.lighttpdpassword-SALES
Append username:password for jerry:
jerry:JerrysPassword
Save and close the file. Restart lighttpd:
# /etc/init.d/lighttpd restart

E-mail this to a Friend Printable Version