It is currently Sat Mar 06, 2021 12:48 pm
All times are UTC + 8 hours

Webserver .htaccess password protection

Webserver .htaccess password protection

Postby kijojo » Tue Feb 23, 2021 4:14 pm

Hi there,

I would like to use my NAS for some little webservices activities.
For security reason and for get a simple protection I would like to install my .htaccess and .htpasswd files in the directory "/web".

But I always get an error 500. I tried a lot of things, i.e. changing the path to the .htpasswd.
But the error still persists.

Do you have any suggestions?

Here is my .htaccess file:

Code: Select all
AuthType Basic
AuthName "You need a password for this site!"
AuthUserFile "/volume1/Web/mysite/.htpasswd"
Require valid-user
ErrorDocument 401 "Authorisation Required"


Without the .htaccess file there is no issue and my domain "xyz.com/mysite" works really nice.

Thanks a lot!
kijojo
 
Posts: 6
Joined: Tue Feb 23, 2021 4:08 pm

Re: Webserver .htaccess password protection

Postby father.mande » Tue Feb 23, 2021 4:53 pm

Hi,

I can only suggest to put .htpassword outside Web folder
a working .htaccess (my) hereafter :
Code: Select all
AuthUserFile "/volume1/.@plugins/AppCentral/XXX/bin/.htpassword"
AuthName "XXX_Area"
AuthType Basic
Require valid-user


Also be sure to have done good access right (minimum authorized) for your files
Code: Select all
-rw-r--r--    1 root     root         201 Feb 15  2019 .htaccess (admin administrators work also but root is less accessible)

-rw-r--r--    1 admin    administrators      92 Aug 29 11:04 .htpassword


Philippe.
AS5202T /AS5002T / AS202TE / AS1002T
My Blog specific to my APKG : https://blog.father-mande.ovh/
User avatar
father.mande
 
Posts: 1107
Joined: Sat Sep 12, 2015 2:55 am

Re: Webserver .htaccess password protection

Postby kijojo » Tue Feb 23, 2021 5:29 pm

Thanks for you immediate reply.

Unfortunately I still get the same error.

[an error occurred while processing this directive]


Code: Select all

-rw-r--r--    1 root     root         108 Feb 23 10:29 .htaccess
-rw-r--r--    1 admin    administ      64 Feb 23 10:26 .htpasswd

AuthUserFile "/volume1/.@plugins/AppCentral/.htpasswd"
AuthName "XXX_Area"
AuthType Basic
Require valid-user



Do you have an other idea?
Thanks!
kijojo
 
Posts: 6
Joined: Tue Feb 23, 2021 4:08 pm

Re: Webserver .htaccess password protection

Postby father.mande » Tue Feb 23, 2021 6:33 pm

Hi,

How did you create your .htpasswd ? are you sure it's md5 encryption and (for test) you don't use special characters ?

if yes ... sorry I don't have any more idea ... a check of your configuration must be done ... but it's Asustor support work and possibility.

F.Y.I. ... don't put .htpasswd file in AppCentral ... it can be delete at boot time ... put it in a share resource or in an APKG folder (ex. in mine .htpassword is in .....AppCentral/XXX because it's linked to my XXX APKG)
Philippe.
AS5202T /AS5002T / AS202TE / AS1002T
My Blog specific to my APKG : https://blog.father-mande.ovh/
User avatar
father.mande
 
Posts: 1107
Joined: Sat Sep 12, 2015 2:55 am

Re: Webserver .htaccess password protection

Postby kijojo » Tue Feb 23, 2021 7:04 pm

I created the .htpasswd file in the destination directory with
Code: Select all
htpasswd -c -B user


Ok, I'll change the directory. What ist "APKG"?
kijojo
 
Posts: 6
Joined: Tue Feb 23, 2021 4:08 pm

Re: Webserver .htaccess password protection

Postby father.mande » Wed Feb 24, 2021 2:18 am

Hi,

APKG is for Asustor packages ... this packages can be validated by Asustor so available in AppCentral or for some specific one available directly in the Forum

try creating password with md5 default and not bcrypt (-B) ... then test.

Philippe.
AS5202T /AS5002T / AS202TE / AS1002T
My Blog specific to my APKG : https://blog.father-mande.ovh/
User avatar
father.mande
 
Posts: 1107
Joined: Sat Sep 12, 2015 2:55 am

Re: Webserver .htaccess password protection

Postby kijojo » Wed Feb 24, 2021 10:48 pm

Thanks for your help.

Unfortunately I didnt manage to configure it correct. There's still the same issue.
I'll try to contact the support team..
kijojo
 
Posts: 6
Joined: Tue Feb 23, 2021 4:08 pm

Re: Webserver .htaccess password protection

Postby kijojo » Thu Feb 25, 2021 3:30 pm

Does anybody have an additional idea?

The Asustor Support is simple stupid and doesnt help
Thanks for contacting us.

Adding apache-related documents to NAS does not mean it will definitely work, as NAS is designed for storing data.

---
Regards,


Thanks!
kijojo
 
Posts: 6
Joined: Tue Feb 23, 2021 4:08 pm

Re: Webserver .htaccess password protection

Postby father.mande » Thu Feb 25, 2021 4:35 pm

Hi,

Please provide NAS model and firmware version (A.D.M.)

as a workaround (but with some difficulty due to the usage of port 80 & 443 by Asustor, even Apache not started or using other ports than 80 & 443) you can try to used your own server ...
multiple are available in Entware APKG like a version of Apache (Entware is a collection of +2500 packages with opkg as package manager)

Code: Select all
[/volume1/.@root] # opkg list | grep apache | cut -f 1-12 -d " "
apache - 2.4.46-2 - The Apache HTTP Server Project is a collaborative
apache-ab - 2.4.46-2 - The Apache HTTP Server Project is a collaborative
apache-error - 2.4.46-2 - The Apache HTTP Server Project is a collaborative
apache-icons - 2.4.46-2 - The Apache HTTP Server Project is a collaborative
apache-mod-deflate - 2.4.46-2 - Deflate support for the Apache HTTP server.
apache-mod-http2 - 2.4.46-2 - HTTP/2 transport layer for the Apache HTTP Server.
apache-mod-ldap - 2.4.46-2 - LDAP authentication/authorization module for the Apache HTTP Server.
apache-mod-lua - 2.4.46-2 - Lua support for the Apache HTTP server.
apache-mod-md - 2.4.46-2 - Managed Domain handling.
apache-mod-proxy - 2.4.46-2 - Proxy modules for the Apache HTTP Server.
apache-mod-proxy-html - 2.4.46-2 - HTML and XML content filters for the Apache
apache-mod-session-crypto - 2.4.46-2 - Session encryption support for the Apache HTTP Server.
apache-mod-ssl - 2.4.46-2 - SSL/TLS module for the Apache HTTP Server.
apache-mod-suexec - 2.4.46-2 - suEXEC module for the Apache HTTP Server.
apache-mod-webdav - 2.4.46-2 - WebDAV support for the Apache HTTP Server.
apache-suexec - 2.4.46-2 - The Apache HTTP Server Project is a collaborative
apache-utils - 2.4.46-2 - The Apache HTTP Server Project is a collaborative
collectd-mod-apache - 5.12.0-1 - apache status input plugin


BUT other light server exist like lighttpd ...

Philippe.
AS5202T /AS5002T / AS202TE / AS1002T
My Blog specific to my APKG : https://blog.father-mande.ovh/
User avatar
father.mande
 
Posts: 1107
Joined: Sat Sep 12, 2015 2:55 am

Re: Webserver .htaccess password protection

Postby kijojo » Sat Feb 27, 2021 8:06 pm

Thanks!

I have a AS5202T with ADM 3.5.4.RE11 and BIOS 1.24

My network is not limited to use ports 80/443 for my webserver - I could choose any other port, too.

I'll take a look at your suggested packages! Thanks!

Could it be a option to use a apache-docker installation?
kijojo
 
Posts: 6
Joined: Tue Feb 23, 2021 4:08 pm

Next

Return to [Official] For AS52xx/53xx/66xx Series

  • You cannot post new topics in this forum
    You cannot reply to topics in this forum
    You cannot edit your posts in this forum
    You cannot delete your posts in this forum
    You cannot post attachments in this forum
  • Who is online

    Users browsing this forum: No registered users and 1 guest