Basic / Digest authenification to certain pages

Arefu · December 5, 2017, 8:03pm

Expected Behaviour:

I currently have
auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/etc/lighttpd/lighttpd.user"
auth.require = ( "/automation/" =>
(
"method" => "basic",
"realm" => "automation",
"require" => "user=auto"
)
)
In my lighttpd confi, the file exists and is owned by www-data with the perms of 644.

However, when I go to the sub-directory with pi-hole it doesn't ask for password like I expect it to.

Actual Behaviour:

Page loads with no hint that is even wanting to ask for a password.

I'm not sure if this is something I should post here to see if pi-hole is somehow stopping it, or ask on the lighttpd forums, but I figured I should check here first since this isn't exactly a stock install of lighttpd.

Mcat12 · December 6, 2017, 8:40pm

Did you restart lighttpd after adding that? You might want to add it to the /etc/lighttpd/external.conf file so that it isn't overridden by updates.

Arefu · December 6, 2017, 8:45pm

Yep restated the service and everything I'll triple check again when I get near my computer and report back

Arefu · December 7, 2017, 7:45pm

Nope, I triple checked, even checked a few other websites to see if anyone else has had this problem, I even tried doing url.access-deny = ("") on the subdir doing a quick url check like you do... But it didn't even deny it so I think something bigger is hiphop happening...

Mcat12 · December 8, 2017, 4:39am

So you are trying to go to http://pi.hole/automation/ and it is not asking for authentication?

Otherwise I don't see anything in the default Pi-hole config which would stop this from working.

Arefu · December 8, 2017, 5:34am

I didn't try pi.hole but it does the same thing, I am beginning to wonder if it's somehow related to the fact it isn't in a subfolder, but another one of my denies work fine... But when I put

$HTTP["url"] =~ "^/automation/" {
url.access-deny = ("")
}

AND restarted the service it still let me view the page.

Edit: What I meniontioned is infact untrue.

Mcat12 · December 8, 2017, 9:03pm

Is the page you are viewing under /automation and are you going directly to it? Or is it the block page?

Arefu · December 8, 2017, 10:54pm

It's going directly to it; host/automation loads with no issues, but I've also recently noticed that all stuff like this is being ignored especially url blocks, I do have mod_auth in my server modules and can post the whole config if it would help

Mcat12 · December 10, 2017, 2:38am

The lighttpd forums might be more knowledgeable on this issue than us, sorry.

Arefu · December 10, 2017, 4:48am

It's all good thought it was worth a try checking here first

Arefu · December 22, 2017, 1:16am

So, if anyone else stuffs up as bad as me, do these steps.

sudo htdigest -c /etc/lighttpd/.passwd 'Authorized users only' <USER>

replace USER with who you want to have access, put this either in your lighttpd or external conf

auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/etc/lighttpd/.passwd"
auth.debug = 2
auth.require = ( "/<DIR>/" =>
(
"method" => "digest",
"realm" => "Authorized users only",
"require" => "valid-user"
)
)

Replace DIR with the directory.

Then restart the pi or server with
/etc/init.d/lighttpd restart

Then it works for me.