• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

SECURITY! password protected directories

S

SebastianK1

Basic Pleskian
He forums,

if I create a password protected directory in plesk 12.5 it will create the directory protection. But just for the directory, not for the files inside!

If I "abort" at the login popup, the page behind is shown!!!!!!

If I know the files behind, I can directly access all files by clicking "abort" at the login popup, e.g. domain.com/secured/file1.php

I deleted and added the directory protection new, but same problem. Any hints?
 
Hmm... I always see 401 Authorization Required page whenever I click "Cancel" for popup password window.
Have you created user with password for protection directory?
 
Try to run

# plesk repair web
# plesk repair fs

and check results.
 
If you use php-fpm for your domain, protect directory not work correctly, it's an bug that I reported in december 2015 and have not been solved yet :
#PPPM-3839
 
Well, answer about support to solve problem is for now this one :

workaround #1: Use non-'PHP-FPM...' PHP-handler. For example set 'FastCGI application served by Apache' via 'Home > Subscriptions > example.com > Websites & Domains > PHP Settings > run PHP as'.

Note: This workaround is applicable if there are no strict requirements to the PHP-handler used on the website:

workaround #2: Set additional nginx directives in the 'Home > Subscriptions > example.com > Websites & Domains > Apache & nginx Settings > Additional nginx directives' field. For example to protect the '/var/www/vhosts/example.com/httpdocs/prot' directory add the following:
==========================
location ~* (/prot/) {
auth_basic "Protected by password";
auth_basic_user_file /var/www/vhosts/example.com/httpdocs/.htpasswd;
root /var/www/vhosts/example.com/httpdocs;
}
==========================

Where '.htpasswd' is a file with user name and password:
==========================
# cat /var/www/vhosts/a.tld/httpdocs/.htpasswd
test_user:$1$-encrypted_test_password
==========================
 
You must log in or register to reply here.

Similar threads

C
Question nginx reverse proxy and password protected directory
Replies
2
Views
940
Raul A.
R
H
Question SSH user can see other subdomain directories even with chrooted shell?
Replies
3
Views
772
Raul A.
R
W
Issue Changed behavior regarding password protected directories.
Replies
3
Views
1K
webmasterfreya
W
C
Resolved Protected directory not working for php files
2
Replies
31
Views
6K
Peter Debik
P
K
Question Disable Plesk login link
Replies
1
Views
697
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top