• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

SECURITY! password protected directories

S

SebastianK1

Basic Pleskian
He forums,

if I create a password protected directory in plesk 12.5 it will create the directory protection. But just for the directory, not for the files inside!

If I "abort" at the login popup, the page behind is shown!!!!!!

If I know the files behind, I can directly access all files by clicking "abort" at the login popup, e.g. domain.com/secured/file1.php

I deleted and added the directory protection new, but same problem. Any hints?
 
Hmm... I always see 401 Authorization Required page whenever I click "Cancel" for popup password window.
Have you created user with password for protection directory?
 
Try to run

# plesk repair web
# plesk repair fs

and check results.
 
If you use php-fpm for your domain, protect directory not work correctly, it's an bug that I reported in december 2015 and have not been solved yet :
#PPPM-3839
 
Well, answer about support to solve problem is for now this one :

workaround #1: Use non-'PHP-FPM...' PHP-handler. For example set 'FastCGI application served by Apache' via 'Home > Subscriptions > example.com > Websites & Domains > PHP Settings > run PHP as'.

Note: This workaround is applicable if there are no strict requirements to the PHP-handler used on the website:

workaround #2: Set additional nginx directives in the 'Home > Subscriptions > example.com > Websites & Domains > Apache & nginx Settings > Additional nginx directives' field. For example to protect the '/var/www/vhosts/example.com/httpdocs/prot' directory add the following:
==========================
location ~* (/prot/) {
auth_basic "Protected by password";
auth_basic_user_file /var/www/vhosts/example.com/httpdocs/.htpasswd;
root /var/www/vhosts/example.com/httpdocs;
}
==========================

Where '.htpasswd' is a file with user name and password:
==========================
# cat /var/www/vhosts/a.tld/httpdocs/.htpasswd
test_user:$1$-encrypted_test_password
==========================
 
You must log in or register to reply here.

Similar threads

C
Question nginx reverse proxy and password protected directory
Replies
2
Views
1K
Raul A.
R
H
Question SSH user can see other subdomain directories even with chrooted shell?
Replies
3
Views
1K
Raul A.
R
W
Issue Changed behavior regarding password protected directories.
Replies
3
Views
1K
webmasterfreya
W
C
Resolved Protected directory not working for php files
2
Replies
31
Views
7K
Peter Debik
P
K
Question Disable Plesk login link
Replies
1
Views
897
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top