Jump to content
Froxlor Forum
  • 0

Global htpasswd for securing the froxlor root

froxloruser42

Asked by froxloruser42,

Question

froxloruser42 Newbie

froxloruser42

Posted
Posted

Hello,

 

Is it possible to generate a "global" .htpasswd with all froxlor customers to secure the directory where froxlor and other third-party apps like phpmyadmin, webftp or webmail are located. The idea is to get an additional security layer between outsiders and the system.

 

Thanks in advance!

Link to comment
Share on other sites

6 answers to this question

Recommended Posts

hk@ Contributor

hk@

Posted
Posted

Well, given the information-leak yesterday, I'd vote for something additionally :)

 

Especially as phpMyAdmin and other additional apps do not provide features against brute-force-attacks, this would benefit all users and having to enter ones access-credentials twice would not do much harm anyways.

 

Authentication could be done using mysql (at least in apache) directly and I'd appreciate this additional layer of security.

 

Thank you in advance,

hk

Link to comment
Share on other sites
rolo2912 Explorer

rolo2912

Posted
Posted

In an earlier post it was mentioned:

 

not from within the panel...but just add something like this to a manually created config file that you are able to include in apache.conf

 

I tried the following:

 

In the apache2.conf I added this:

 

IncludeOptional sites-enabled_froxlor/*.conf
 

In the newly created folder I added a file froxlor.conf with the following content:

 

<Directory "/var/www/froxlor/">
  Options -Indexes
  AuthType Basic
  AuthName "Restricted Area"
  AuthUserFile /etc/apache2/froxlor_htpasswd/froxlor.htpasswd
  require valid-user
</Directory>
 

The password file is stored in the /etc/apache2/froxlor_htpasswd/froxlor.htpasswd file.

 

However the Apache is not picking up the directions. It is reading the file froxlor.conf for sure. If for example the </Directory> is missing it gives an error message on restart.

 

My guess is, that it is ignored, because the file 10_froxlor_ipandport_xx.xxx.xxx.xx.xx.conf contains the <Virtual Host> including the <Director> options for the var/www/froxlor directory and

everything outside the Virtual Host is ignored.

 

Is there any possibility to get the Baisc Authentification working for the froxlor directory?

 

Thank you for any hint.

 

 

Link to comment
Share on other sites
d00p Grand Master

d00p

Posted
Posted

not from within the panel...but just add something like this to a manually created config file that you are able to include in apache.conf:

<Directory "/var/www/froxlor/">
  Options -Indexes
  AuthType Basic
  AuthName "Nothing here"
  AuthUserFile /etc/apache2/my-generated-user-passwd.htpasswd
  require valid-user
</Directory>
Link to comment
Share on other sites
froxloruser42 Newbie

froxloruser42

Posted
  • Author
Posted

Thanks you for your answer!

 

Of course I can create the files myself, but the problem is, that I have to distribute and control the passwords for that file. It would be great if the users actual password are stored in this file automatically and would be updated when the user changes his password. Then I could just use this file where I need it.

 

Is this worth a feature request?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to question listing


×
×
  • Create New...