• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Plesk 12.5.30 Password Protected Directory Problem

David Jimenez

David Jimenez

Basic Pleskian
I have cPanel experience but have been forced to move to Network Solutions and Plesk 12.5.30. I have a single subdomain with a small number of folders that need password protection. All of the folders were present with data and I then went to the subdomain in Plesk and Password-Protected Directories. There I indicated the name of the folder and then setup a username and password.

However, when I use a browser to go to that directory, it asks for my username and password, which I enter. Then it says Forbidden. So, I must have missed something. Any help for this new bee would be appreciated.
 
Last edited:
UPDATE: I did more testing. I created a folder in our subdomain called "test" and placed a single file inside. I DID NOT password-protect the directory. If I use the URL subdomain.domain.com/test/filename, then the actual file opens in the browser (jpg for this example); however, if I enter subdomain.domain.com/test/ I get the same forbidden message that I am getting on the password-protected directories. All the directories have permissions as rwx r-x r-x.
 
By default the web server disallows directory listing, e.g. when you do not provide and index.htm, index.html, neither index.php file as the directory standard file. If you try to access a directory without such an index page, the web server will return the "forbidden" error. The behavior is by design, it is correct. If you want directory listing enabled, you could create an .htaccess file and enter
Code: 
Options +Indexes
into it.
 
Thank you for the information. Since I am new to Plesk, can you direct me to any procedures on how to create the access file? Also, would I just need to provide that at the subdomain level or inside each folder that is password-protected. I would assume the latter.
 
This has nothing to do with password protection or Plesk. It is a general Apache web server feature for directory listing (or not). If you know how to create a text file, you know how to create an .htaccess file, because that is simply a text file. Place the file in the document root directory (for example /httpdocs) of your domain.
 
added a file called _htaccess to the httpdocs directory that simply said +Indexes...that didn't allow me to log into my password-protected directories. Since this isn't a Plesk issue, I will take my research on the road. By the way, as a long time cPanel user, cPanel does all this automatically. You just tell it the name of the directory to protect, then you give it a username and password and it works.

P.S. didn't know if the word Options needed to be there so tried with and without.
 
Hi David Jimenez,

David Jimenez said:
By the way, as a long time cPanel user, cPanel does all this automatically. You just tell it the name of the directory to protect, then you give it a username and password and it works.
Click to expand...
You might be interested, that Plesk as well has options for each (sub)domain, to protect folders with a password... over the Plesk Control Panel. It is even more secure, because it places the ".htaccess" - files outside of the docroot and implements the needed configuration in the (sub)domain - specific configuration file. ;)

For Plesk 12, pls. have a look at:

 
Yes, I followed that to the letter. I went to the area for my subdomain and clicked the link Password-Protected Directories. I then click on Add Protected Directory. I then type in the name of the directory I want to protect. It then shows up in my list of protected directories. I click on the name of that directory and get the option for Add a User which I provide as well as the password. However, Plesk is adding a file to the directory called _htaccess. It is not .htaccess and it does place the file in the directory I just protected. Here is an example of what it is putting in that file.

AuthType BasicAuthName "Restricted Area"require valid-userAuthUserFile "/home/products/.htpasswds/public_html/wwk/passwd"

As previously discussed, these directories do not have an index.xxx file, so I added Options +Indexes to the front of that statement, but I still get the access forbidden message after entering the username and password in my browser. Also, I have searched for the .htpasswds file in every directory back to the /home directory and can't find it. I'll read over the links you provided in the hope of finding a solution. While Plesk may provide better protection, I could do this in a few seconds per directory with cPanel and can't understand what is so difficult about getting this to work with Plesk.
 
Hi David Jimenez,

my additional links should help you with new informations, because Plesk uses another/different vhosts - structure and different configuration files ( as stated before ), for the ".htaccess" - files ( i.e.: => /var/www/vhosts/system/(sub.)YOUR-DOMAIN.COM/pd/d..httpdocs ). Could you pls. read the informations first and have a closer look to your (sub)domain - specific configuration files ( i.e.: => /var/www/vhosts/system/(sub.)YOUR-DOMAIN.COM/conf )? This is much easier, than asking you to post your configuration files, to point you directly to the Plesk - related configurations. :)

If you experience any issues here, pls. consider to re-create the configuration files, using the command:

/usr/local/psa/admin/sbin/httpdmng --reconfigure-all
or
/usr/local/psa/admin/sbin/httpdmng --reconfigure-domain YOURDOMAIN.COM

... and be sure, that apache ( and nginx, if you use it as well! ) has been restarted after the re-creation of the configuration files.

Pls. post your (sub)domain - specific configuration files, if you experience issues, so that people willing to help you have something to start with their investigations. ;) Screenshots and log - files help as well to investigate issues/errors/problems.
 
OK, problem solved so I am out of the woods, but I have to say I am still very confused. The solution was to create a file called .htaccess and simply put the Options +Indexes statement inside and place that file in the password-protected directory of interest. So, I have no idea why Plesk created the _htaccess file since deleting it creates no issues as far as I can tell. The server still requires the correct username and password to open the directory.
 
I wanted to add one more bit of detail. I may be that Plesk didn't create the _htaccess files. I may have been an incompetent tech with Network Solutions MyTime group. We paid them to migrate our server and all they did was make a mess of it, take our money, and then tell us to do it ourselves...I did some testing on new directories and Plesk is NOT creating the _htaccess files. This is making a lot more sense now...if I could only get my cgi scripts to run : /
 
You must log in or register to reply here.

Similar threads

D
Issue Can't see the button for password protected directories
Replies
4
Views
805
Peter Debik
P
M
Issue Very strong password problem...
Replies
2
Views
893
MicheleP
M
TorbHo
Issue Problem with basic http auth (password protected dirs)
Replies
3
Views
2K
TorbHo
TorbHo
Aethem
Resolved Pwd Protected Dir Pop-Up from Copy Files (Wptoolkit)
Replies
3
Views
675
Peter Debik
P
Hassan Saeed
Question Password Protected Main Directory-Subdomains-Is not Possible
Replies
0
Views
3K
Hassan Saeed
Hassan Saeed
Back
Top