• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

SECURITY! password protected directories

S

SebastianK1

Basic Pleskian
He forums,

if I create a password protected directory in plesk 12.5 it will create the directory protection. But just for the directory, not for the files inside!

If I "abort" at the login popup, the page behind is shown!!!!!!

If I know the files behind, I can directly access all files by clicking "abort" at the login popup, e.g. domain.com/secured/file1.php

I deleted and added the directory protection new, but same problem. Any hints?
 
Hmm... I always see 401 Authorization Required page whenever I click "Cancel" for popup password window.
Have you created user with password for protection directory?
 
Try to run

# plesk repair web
# plesk repair fs

and check results.
 
If you use php-fpm for your domain, protect directory not work correctly, it's an bug that I reported in december 2015 and have not been solved yet :
#PPPM-3839
 
Well, answer about support to solve problem is for now this one :

workaround #1: Use non-'PHP-FPM...' PHP-handler. For example set 'FastCGI application served by Apache' via 'Home > Subscriptions > example.com > Websites & Domains > PHP Settings > run PHP as'.

Note: This workaround is applicable if there are no strict requirements to the PHP-handler used on the website:

workaround #2: Set additional nginx directives in the 'Home > Subscriptions > example.com > Websites & Domains > Apache & nginx Settings > Additional nginx directives' field. For example to protect the '/var/www/vhosts/example.com/httpdocs/prot' directory add the following:
==========================
location ~* (/prot/) {
auth_basic "Protected by password";
auth_basic_user_file /var/www/vhosts/example.com/httpdocs/.htpasswd;
root /var/www/vhosts/example.com/httpdocs;
}
==========================

Where '.htpasswd' is a file with user name and password:
==========================
# cat /var/www/vhosts/a.tld/httpdocs/.htpasswd
test_user:$1$-encrypted_test_password
==========================
 
You must log in or register to reply here.

Similar threads

W
Issue Changed behavior regarding password protected directories.
Replies
3
Views
255
webmasterfreya
W
C
Resolved Protected directory not working for php files
2
Replies
31
Views
2K
Peter Debik
P
D
Issue Can't see the button for password protected directories
Replies
4
Views
460
Peter Debik
P
Aethem
Resolved Pwd Protected Dir Pop-Up from Copy Files (Wptoolkit)
Replies
3
Views
472
Peter Debik
P
TorbHo
Issue Problem with basic http auth (password protected dirs)
Replies
3
Views
2K
TorbHo
TorbHo
Back
Top