Sunday, April 5, 2009

Lighttpd password protected folders

If you have followed these guides you should already have a Lihgttpd webserver with some funky things going on. In some cases you will want to password protect a directory. This is how it is done...

Edit /etc/lighttpd/lighttpd.conf
nano /etc/lighttpd/lighttpd.conf

Add "mod_auth" to server.modules section. It should look like...
server.modules = (
"mod_access",
"mod_fastcgi",
"mod_alias",
"mod_compress",
"mod_auth",


Then to the end of the lighttpd.conf add

$HTTP["url"] =~ "^/DIRECTORY_YOU_WANT_TO_PROTECT/" {
auth.debug = 2
auth.backend = "plain"
auth.backend.plain.userfile = "/home/PASSWORD_FILE.pass"
auth.require = ( "/DIRECTORY_YOU_WANT_TO_PROTECT/" =>
(
"method" => "basic",
"realm" => "Password protected area",
"require" => "user=aspedisca"
)
)



You should create a password file at the location you entered above. This file should include a line saying.
username:secretepassword

Change acording to your needs.You may add more than one user though. Make sure that the password file can be read by lighttpd.
chown lighttpd:lighttpd /home/PASSWORD_FILE.pass

Also change the part saying "/DIRECTORY_YOU_WANT_TO_PROTECT/". It should be relative to your www directory.
Finally, restart lighttpd server:
/etc/init.d/lighttpd restart


Test to reach your directory by using your beloved web browser and see if it works..

4 comments:

  1. Hello,
    Nice tutorial, thanks.
    Can you tell how to password protect another folder? The above description is for one folder, I would like to know how to do it for second, third.... folder?
    Thanks

    ReplyDelete
  2. Thnaks you,

    Well you can do the same thing for another folder.

    Add the other folder to the end of the lighttpd.conf then create a password file at the location you entered.

    Hope this helps.

    ReplyDelete
  3. very nice trick..
    how can i rename "Locker" folder name?

    ReplyDelete
  4. missing "}" in the end of config.
    Thank you

    ReplyDelete