Hello, I'm trying to restrict access to one of my website using AuthUserFile. The code that works is the next one : AuthUserFile /var/www/clients/client0/web6/web/supersecretdirectory/password.txt AuthGroupFile /dev/null AuthName "Not allowed" AuthType Basic Require valid-user This works perfectly if I add this code between the Directory tags, like this : <Directory /var/www/clients/client0/web6/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all AuthUserFile /var/www/clients/client0/web6/web/supersecretdirectory/password.txt AuthGroupFile /dev/null AuthName "Not allowed" AuthType Basic Require valid-user </Directory> Sadly, when I add the code to the apache directives field in ISPconfig, it places the code after the </Directory> tag and then I get the next error : apache2Syntax error on line 48 of /etc/apache2/sites-enabled/site.domain.com: AuthUserFile not allowed here Any idea how I could tell ISPconfig to write between the <Directory> Tags ? edit: maybe there is something to try with the "Allow Overide" field in the Apache directives ?
i dont know the solution, but it might be more secure, to put the passwordfile not in the web folder. just use "/var/www/clients/client0/web6/.htsecretpasswords" did you try to remove the 'allow from all' in your code, since you do not allow all, just the ones with password
I was afraid that only one <Directory> tag was allowed for each path, that's why I didn't add them. I tried it with the tags and it now works like a charm. And again, thank you Till
I've added this, in order to block the acess to the directory containing the file : <Directory /var/www/clients/client0/web6/web/supersecretdirectory> Order deny,allow Deny from all </Directory>
