0

I am trying to add some basic measures of security to the main webpage of my Raspberry Pi project hosted by lighttpd.

I have been looking into the mod_auth plugin and have tried a few things however I am having some issues getting the username and password prompt to pop up when I visit my webpage.

I have a .txt file called details.txt located under /etc/lighttpd/lighttpd.users containing my own simple username and password in the form RobotUser:**********

lighttpd .conf file

server.modules = (
                   *
                   *
                   *          
                   *
                   "mod_auth",
                 )  

***********************************************************  

auth.backend = "plain"
auth.backend.plain.userfile = "/etc/lighttpd/lighttpd.users"
auth.require = ( "10.152.1.105" =>
( "method"   => "basic",
  "realm"    => "Authorised Users Only",
  "require"  => "user=RobotUser"
))

Now when I head over to my webpage via the IP address there is no prompt for username and password. If i change the IP to a directory such as var/www, where my html webpage is located and then access http://MY_IP/var/www/ the prompt pops up however my username and password entry from the .txt file does not seem to pass the prompt.

Any ideas? This is my first time tackling something like this and through various google searches i can't overcome this step.

TheCodingBeefer
  • 21
  • 1
  • 4

1 Answers1

0

Please read the documentation for lighttpd mod_auth. Where you have an IP address in the config, lighttpd takes a url-path, not an IP address and not a directory path on disk. Use "/details.txt" instead if you only want to protect that url-path.

https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAuth

If you only want to allow access from a single IP address, see mod_access

https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAccess

gstrauss
  • 2,091
  • 1
  • 12
  • 16