Page 1 of 2
Webserver .htaccess password protection
Posted: Tue Feb 23, 2021 4:14 pm
by kijojo
Hi there,
I would like to use my NAS for some little webservices activities.
For security reason and for get a simple protection I would like to install my .htaccess and .htpasswd files in the directory "/web".
But I always get an error 500. I tried a lot of things, i.e. changing the path to the .htpasswd.
But the error still persists.
Do you have any suggestions?
Here is my .htaccess file:
Code: Select all
AuthType Basic
AuthName "You need a password for this site!"
AuthUserFile "/volume1/Web/mysite/.htpasswd"
Require valid-user
ErrorDocument 401 "Authorisation Required"
Without the .htaccess file there is no issue and my domain "xyz.com/mysite" works really nice.
Thanks a lot!
Re: Webserver .htaccess password protection
Posted: Tue Feb 23, 2021 4:53 pm
by father.mande
Hi,
I can only suggest to put .htpassword outside Web folder
a working .htaccess (my) hereafter :
Code: Select all
AuthUserFile "/volume1/.@plugins/AppCentral/XXX/bin/.htpassword"
AuthName "XXX_Area"
AuthType Basic
Require valid-user
Also be sure to have done good access right (minimum authorized) for your files
Code: Select all
-rw-r--r-- 1 root root 201 Feb 15 2019 .htaccess (admin administrators work also but root is less accessible)
-rw-r--r-- 1 admin administrators 92 Aug 29 11:04 .htpassword
Philippe.
Re: Webserver .htaccess password protection
Posted: Tue Feb 23, 2021 5:29 pm
by kijojo
Thanks for you immediate reply.
Unfortunately I still get the same error.
[an error occurred while processing this directive]
Code: Select all
-rw-r--r-- 1 root root 108 Feb 23 10:29 .htaccess
-rw-r--r-- 1 admin administ 64 Feb 23 10:26 .htpasswd
AuthUserFile "/volume1/.@plugins/AppCentral/.htpasswd"
AuthName "XXX_Area"
AuthType Basic
Require valid-user
Do you have an other idea?
Thanks!
Re: Webserver .htaccess password protection
Posted: Tue Feb 23, 2021 6:33 pm
by father.mande
Hi,
How did you create your .htpasswd ? are you sure it's md5 encryption and (for test) you don't use special characters ?
if yes ... sorry I don't have any more idea ... a check of your configuration must be done ... but it's Asustor support work and possibility.
F.Y.I. ... don't put .htpasswd file in AppCentral ... it can be delete at boot time ... put it in a share resource or in an APKG folder (ex. in mine .htpassword is in .....AppCentral/XXX because it's linked to my XXX APKG)
Philippe.
Re: Webserver .htaccess password protection
Posted: Tue Feb 23, 2021 7:04 pm
by kijojo
I created the .htpasswd file in the destination directory with
Ok, I'll change the directory. What ist "APKG"?
Re: Webserver .htaccess password protection
Posted: Wed Feb 24, 2021 2:18 am
by father.mande
Hi,
APKG is for Asustor packages ... this packages can be validated by Asustor so available in AppCentral or for some specific one available directly in the Forum
try creating password with md5 default and not bcrypt (-B) ... then test.
Philippe.
Re: Webserver .htaccess password protection
Posted: Wed Feb 24, 2021 10:48 pm
by kijojo
Thanks for your help.
Unfortunately I didnt manage to configure it correct. There's still the same issue.
I'll try to contact the support team..
Re: Webserver .htaccess password protection
Posted: Thu Feb 25, 2021 3:30 pm
by kijojo
Does anybody have an additional idea?
The Asustor Support is simple stupid and doesnt help
Thanks for contacting us.
Adding apache-related documents to NAS does not mean it will definitely work, as NAS is designed for storing data.
---
Regards,
Thanks!
Re: Webserver .htaccess password protection
Posted: Thu Feb 25, 2021 4:35 pm
by father.mande
Hi,
Please provide NAS model and firmware version (A.D.M.)
as a workaround (but with some difficulty due to the usage of port 80 & 443 by Asustor, even Apache not started or using other ports than 80 & 443) you can try to used your own server ...
multiple are available in Entware APKG like a version of Apache (Entware is a collection of +2500 packages with opkg as package manager)
Code: Select all
[/volume1/.@root] # opkg list | grep apache | cut -f 1-12 -d " "
apache - 2.4.46-2 - The Apache HTTP Server Project is a collaborative
apache-ab - 2.4.46-2 - The Apache HTTP Server Project is a collaborative
apache-error - 2.4.46-2 - The Apache HTTP Server Project is a collaborative
apache-icons - 2.4.46-2 - The Apache HTTP Server Project is a collaborative
apache-mod-deflate - 2.4.46-2 - Deflate support for the Apache HTTP server.
apache-mod-http2 - 2.4.46-2 - HTTP/2 transport layer for the Apache HTTP Server.
apache-mod-ldap - 2.4.46-2 - LDAP authentication/authorization module for the Apache HTTP Server.
apache-mod-lua - 2.4.46-2 - Lua support for the Apache HTTP server.
apache-mod-md - 2.4.46-2 - Managed Domain handling.
apache-mod-proxy - 2.4.46-2 - Proxy modules for the Apache HTTP Server.
apache-mod-proxy-html - 2.4.46-2 - HTML and XML content filters for the Apache
apache-mod-session-crypto - 2.4.46-2 - Session encryption support for the Apache HTTP Server.
apache-mod-ssl - 2.4.46-2 - SSL/TLS module for the Apache HTTP Server.
apache-mod-suexec - 2.4.46-2 - suEXEC module for the Apache HTTP Server.
apache-mod-webdav - 2.4.46-2 - WebDAV support for the Apache HTTP Server.
apache-suexec - 2.4.46-2 - The Apache HTTP Server Project is a collaborative
apache-utils - 2.4.46-2 - The Apache HTTP Server Project is a collaborative
collectd-mod-apache - 5.12.0-1 - apache status input plugin
BUT other light server exist like lighttpd ...
Philippe.
Re: Webserver .htaccess password protection
Posted: Sat Feb 27, 2021 8:06 pm
by kijojo
Thanks!
I have a AS5202T with ADM 3.5.4.RE11 and BIOS 1.24
My network is not limited to use ports 80/443 for my webserver - I could choose any other port, too.
I'll take a look at your suggested packages! Thanks!
Could it be a option to use a apache-docker installation?