OS: Ubuntu 8.04 LTS ISPConfig 3.0.1.1 is installed (latest stable) I've set a statistics password in ISPConfig 3 interface, waited 1 min, then verified, that the .htpasswd_stats has been written to the right web folder and has the username admin and my password encrypted. Despite this I can't login into the /stats/ folder of my site. Tried to search all the files under /etc/ for "htpasswd_stats" (without the dot, for simplicity), but haven't found a single configuration file referencing that. So it is not a miracle that I can't login. I get the login dialog, however, so the authentication seems to be configured somewhere. I've tried to find the specification of the /stats/ directory in the Apache config files without success. So I don't know where is it configured at all. Could you please point me to the relevant configuration files? I've read all the related threads and searched the Web already. What did I do wrong? Missing steps?
Found the files More info on this: I've just found the stats folder is in the filesystem: /var/clients/client1/web1/web/stats/ (It is not an Alias or so in a config file as I expected.) There is a .htaccess file there referencing the .htpasswd_stats file: Code: AuthType Basic AuthName "Members Only" AuthUserFile /var/clients/client1/web1/.htpasswd_stats <limit GET PUT POST> require valid-user </limit> So it is in the client's web folder, not somewhere under /etc. It was my mistake. Now trying to figure out why it doesn't let me in...
Seems to be a generic problem with HTTP authentication It seems to be a generic problem with HTTP authentication here. The Web server managed by ISPConfig 3 is behind a firewall and accessed through a Squid proxy server configured in "reverse proxy" mode. I've configured mod_rpaf to the Web server (Apache 2.2) to allow using the contents of the X-Forwarded-For header added by Squid as the client's IP address. But it seems to not relate to HTTP authentication at all AFAIK. Maybe I'm not aware of something special here...
I think I've found the real problem here: http://wiki.squid-cache.org/SquidFaq/ReverseProxy See "Access to password protected content fails via the reverse proxy" at the bottom of the Wiki page: "If the content on the web servers is password protected then you need to tell the proxy to trust your web server with authentication credentials." So I need to configure Squid accordingly. I hope this thread will help others solving such a problem quicker than me.
Working That's all. I had to append this to the end of my cache_peer line in my squid.conf: login=PASS PASS is not your password! You need to append the exact string above to that configuration line. Don't forget to restart or reload squid after changing its configuration file! Thanks for reading. ;-)