1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

(newbie) How to password-protect a directory via Plesk CP?

Discussion in 'Plesk for Linux - 8.x and Older' started by rhfactor, Jun 12, 2005.

  1. rhfactor

    rhfactor Guest

    Is there a control built-in to the CP that allows me to set a username/password for any folder?

    If not, how would I otherwise do it.

    I don't know how to use 'shell access'. All i know is the Plesk CP -- and using FTP clients. The one i use most often is Cyberduck on Mac .

    Thank you.
  2. jamesyeeoc

    jamesyeeoc Guest

    In the Plesk control panel, go to Domain, select the domain you wish to have a protected directory, click on the icon 'Directories'. Click on the icon 'Add New Directory', specify directory name, either Non-SSL, SSL, or both, optionally put Header Text, click on Ok.

    Next do 'Add new user'

    Upload files into the new test directory.
  3. rhfactor

    rhfactor Guest

    Hi james, thank you... I did some further searches here after I first posted, and finally figured out that basic sequence.

    But here are some things i observed, and if possible i would like your comments on, so i can understand what is happening. My objective:

    I am working with some local musicians who are wanting to provide mp3s of their songs to people who have a username and password, on a song-by-song basis.

    Not being a webmaster or web developer, but knowing some basic principles, I figured it might be easy to essentially create a password protected folder (directory) for each mp3 song, have unique password for each,... and then when someone comes to www.website.com/1 or www.website.com/2 or www.website.com/3, user gets challenged for a username and password.. then upon submitting, they would have that dircetory contents revealed. And there would be the mp3 file listed as its songname.mp3 in that folder directory.

    PROBLEM 1: Even before attempting to add password protection to a folder which contained an mp3 file, I wanted to test that I uploaded properly. But I found that when I arrived at www.website.com/1 --- I got a 403 Forbidden error message. (again, with no password applied to directory).

    Is this something related to Plesk? because with a prior hosting account which used a different brand control panel, when I would arrive at an address like www.website.com/1 , and assuming I had no index.htm page there, I would see the file directory exposed. Which sometimes is a desired thing.

    PROBLEM 2:
    1. Before I asked here about password protection, I had already created directories named as follows:




    and I had uploaded an mp3 file, songname.mp3 to folder/directory /1 ... such that it was located at the address:


    THAT worked fine and the file played.

    So then I clicked "Directories" in Plesk, and attempted to make folder 1 password-protected. Long story short, this did not work, and I must have been creating a 2nd directory somewhere else....not sure. But in the box I entered


    and then "Add user" ... and specified a username and and password. I'd quit the browser, then go to that address:


    and I'd hit the username/password challenge box, i'd type the username and password, submit, but the challenge box would come up again, and I could never get into that directory or file.

    So I tried to create a new "protected directory" from scratch called /test . I created a username and password, then used the file manager to copy the mp3 file from the /1 directory to the /test directory .

    Now I quit the browser again, went to the address www.website/com/test/songname.mp3 , got the challenge, entered the useranem and password, then (ON A MAC, using Firefox), the MP3 began playing as a quicktime file embedded on the page. I assume i had the quicktime app assigned to the .mp3 file format?

    I wanted to have the song download vs play.


    My preference would be to not have to create index pages for each song directory, but rather to have the file simply listed there as songname.mp3 so it could be clicked for downloading.

    So how can I make it such that when I go to the location:


    the contents of that directory display (after I enter the username and password) -- vs having it give me the 403 Forbidden message?

    hope this makes sense. thank you
  4. jamesyeeoc

    jamesyeeoc Guest

    Yes, it makes perfect sense....

    Once you have created the protected directories in the Plesk Control Panel, then from the shell prompt go to the domain's /conf folder:

    cd /home/httpd/vhosts/domain.com/conf

    If you already have a vhost.conf file, then edit it (else create a new one). You will want a section looking like the following:

    <Directory /home/httpd/vhosts/domain.com>
    Options +Indexes

    Save the file. Restart apache:
    /etc/init.d/httpd restart

    Test it in a browser.

    This will affect *ALL* folders under your /httpdocs/ folder!

    If you create a separate folder under /httpdocs, such as /httpdocs/music and put all the other folders under that one (such as /httpdocs/music/1, /httpdocs/music/2, etc), then you can change the above line to:
    <Directory /home/httpd/vhosts/domain.com/music>

    and it will only follow from that folder downwards. This is a HIGHLY RECOMMENDED way of doing it.
    Using the browser, just right click on the link and select 'Save Target As'
  5. rhfactor

    rhfactor Guest

    James, I follow what you are saying in general. That I have to set a command to enable the display of directory contents, and I am guessing that it is disabled by default for security reasons...

    ... And that i should nest all of these password protected directories into a parent folder, for example: /music

    My problem: I don't know how to use SSH. (I'm a newbie!) I know it has to do with "shell access".

    I googled a bit and found that my Mac (my local client) has SSH built in.. not that I know how to use it.


    Then I looked for SSH clients that might make it more understandable to me than command lines, which confuse me.

    I found this:

    and the app they recommend at bottom, Cyberduck, is the one I already use for FTP. But I really have no idea how to use SSH, and when I read Cyberduck's FAQ, this was too confusing creating private & public keys etc. (SEE BELOW*)

    So, can you help me further -- Is this something I can do thru Plex?

    It's probably so simple but I don't know that environment at all.


    *From Cyberduck's FAQ:

    Public-key authentication allows you to connect to a remote server without sending your password over the Internet. Public-key authentication uses two keys, a private key that only you have--it should be kept in a secure place and protected with a password. And the public key, which is placed on the server you wish to gain access to, usually by the system administrator when your account is set up.

    How do I configure public key authentication?
    1. Run the command 'ssh-keygen' from the Terminal to generate a public/private pair of keys. They will be put in your directory ~/.ssh, though you will probably be asked to approve or change this location.
    When you generate the keys you will be asked for a 'passphrase'. If you use a passphrase then you will have to enter it each time you use the keys for authentication. That is, you will have to type in the pass phrase everytime you log in, just as you would with a password.
    If you don't enter a passphrase (just press the return key) then you will be allowed to log-in without having to enter a passphrase. This is less secure, but it can be really useful.
    jungle:~/.ssh dkocher$ ssh-keygen -t rsa
    2. Copy the public key to the remote host you wish to access and add it to the file authorized_keys in your ~/.ssh directory. (If that file does not exist then you should create it.) Anybody listed in the authorized_keys file (via their public key) is allowed to log-in, provided that they can prove that they possess the corresponding private key. Thus if you have the private key in your .ssh directory on your home machine you'll be allowed in.
    jungle:~/.ssh dkocher$ ssh hostname < id_dsa.pub 'cat >> .ssh/authorized_keys'
    3. In the Connection Dialog or the Bookmark editor in Cyberduck select 'Use Public Key Authentication' and select the private key in your .ssh directory.


    (p.s. - i won't get this til tomorrow )
  6. jamesyeeoc

    jamesyeeoc Guest

    Ok, so you're on a Mac with an SSH client already installed. But you would rather not do it from a command line.

    Ok, so use your Cyberduck to connect, browse to the /home/httpd/vhosts/domain.com/conf folder and see if vhost.conf exists, if it does then download it to your Mac and edit it, then reupload the file.

    If it does not exist, then create the file on your Mac and upload it into the /home/httpd/vhosts/domain.com/conf folder

    You can then use the Plesk control panel to restart the Apache service on the server (from Server, Service Management).