Password protect lightsquid and other cgi files



  • This has been brought up once on the board before.  In my particular case, I have need to password protect the lightsquid folder, but don't know how to approach since it doesn't really work with the auth.inc framework  as of now and mod_auth is disabled in lighty.  I did think of using sessions, but I would have to add snippets to every cgi in the lightsquid folder.  Any ideas would be greatly appreciated.

    Also, if you have tried to enable mod_auth, please let me know if you were successful in doing so!  I'm thinking that his may be an approach that would suffice for my needs also.



  • Edit the file /var/etc/lighty-webConfigurator.conf:

    • Add: "mod_auth",

    modules to load

    server.modules              =  (

    "mod_access", "mod_accesslog", "mod_auth",
                                      "mod_fastcgi", "mod_cgi"
                                    )

    ...

    • Add the text:


    auth.backend                    = "plain"
    auth.backend.plain.userfile  = "/usr/local/www/lightsquid/.htpasswd"

    auth.require = ( "/lightsquid" =>
                      (
                        "method"  => "basic",
                        "realm" => "lightsquid",
                        "require" => "user=admin"
                      )
                    )
    ...

    Create file .htpasswd:
    vi /usr/local/www/lightsquid/.htpasswd

    • write the text:

    admin:MYSCRETPASSWORD

    Restart Lighttpd

    • kill process lighttpd

    • /usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf

    Finish
    (sorry for my bad english)



  • This is mast be maked as package-installation options. Not-good idea hacking system code.



  • Ok

    But in any case solved my problem.



  • @BaNoBi:

    Ok

    But in any case solved my problem.

    If developerd adding way, how this correctly change from package, i promise add this to lightsquid Pkg.  :)


Locked