How do I password protect a subdomain?

[Beun]

How do I password protect a subdomain in Plesk 7.5.3 Reloaded?

The password protect-option only works for directories of the main-site, and not for (directories of) subdomains..

I tried using .htaccess with .htpasswd, of which I know how it works, but for some strange reason it does not work on a server that is being managed with Plesk.

So... How do I password protect a subdomain ?
(Or a directory in a subdomain, for that matter...)

Thanks

 

[judouk]

Have you tried simply creating the .htaccess file manually

 

[Beun]

Originally posted by judouk
Have you tried simply creating the .htaccess file manually

Well.............

Originally posted by Beun
...
I tried using .htaccess with .htpasswd, of which I know how it works, but for some strange reason it does not work on a server that is being managed with Plesk.
...

Plesk does not use .htaccess/.htpasswd for directory-protection, and in some strange way prohibits the use of .htaccess/.htpasswd for manual password-purposes...

 

[jamesyeeoc]

Have you checked to see if your domain's httpd.include file or the main /etc/httpd/conf/httpd.include has the "AllowOverride AuthConfig" enabled? I do not believe that Plesk puts this directive in the files by default. As you know, this would prevent .htaccess/.htpasswd authentication from working.

Also by default, in the /etc/httpd/conf/httpd.conf file, they start out with:

<Directory />
     AllowOverride None
</Directory>

 

[Beun]

Originally posted by jamesyeeoc
Have you checked to see if your domain's httpd.include file or the main /etc/httpd/conf/httpd.include has the "AllowOverride AuthConfig" enabled? I do not believe that Plesk puts this directive in the files by default. As you know, this would prevent .htaccess/.htpasswd authentication from working.

Also by default, in the /etc/httpd/conf/httpd.conf file, they start out with:

<Directory />
     AllowOverride None
</Directory>

I do not see the folder httpd (or any folder, for that matter) in /etc.
I will consult my hosting company on why I cannot see that particular folder.

 

[jamesyeeoc]

Exact location of the file(s) may depend on the *nix distro you are using. My posts use paths which are common to many RH distros.

You could always do a search for httpd.conf

 

[sector29]

Hello,

I need to protect a subdomain also. Can u post the .htpasswd directives for .htaccess.

Also, can I update the vhost.conf for the subdomain or is changing http.include the only route.

 

[Whistler]

Half a dozen threads have already been created on this subject - why don't you use the search button before posting a question?

Manually setting up .htaccess for password protecting a subdomain: http://forum.plesk.com/showthread.php?s=&threadid=21359&highlight=password+subdomain

The more "Plesk friendly way":

1) Create a protected dir in the domain page - ie. /mysubdomain

2) Put the following in a .htaccess in your httpdocs dir of your subdomain:

AuthUserFile /home/<your_domain>/pd/d..mysubdomain
AuthName "Subdomain Test"
AuthType Basic

Require valid-user

3) Now you (or your domain user) can add/remove users via the Plesk Controlpanel for Protected Dirs without problems.

Simple and it works (and remember you have to change the path to home if you don't have it setup in /home)

And I think I've posted this solution before - just coulden't find it right now...

 

[wuetscher]

Password protect for subdomain

It's possible to do this with Plesk.

How to:

Create a new physical hosting: subdomain.domain.tld.
but dont check the www-box (left beside the domain input box).

Now you can easy protect your /.

The subdomain now is a domain

The only disadvantage is that you must create a 2nd ftp account for this domain (you can't use the ftp login off your www.domain.tld)

That's it.

Kind regards from Germany
Christian

 

[sector29]

Thank you wuetscher!!!!

It just so happens I needed to create a secure subdomain today.

I did what you suggested. Restarted apache. It worked.

I really appreciate the info about the additional ftp account. I view it as a an additional security feature.