Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Auto SSL and Password Protected Directory

Discussion in 'Security' started by jeffstu, Nov 16, 2017.

  1. jeffstu

    jeffstu Registered

    Joined:
    Feb 12, 2015
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Leyland, Lancashire, UK
    cPanel Access Level:
    Root Administrator
    I came across an issue this morning where Auto SSl was failing due to the directory being password protected.

    Example Log.


    To get around this I've added a .htaccess file in the .well-known directory

    Code:
    Satisfy Any
    Order Allow,Deny
    Allow from all 
    This seems to work but it is unclear if this will get removed at some point.

    An alternative I found prior to this was to add an Allow from into the .htaccess with the AuthuserFile lines but this bypasses the password to the entire directory for that IP.

    Code:
    AuthUserFile "/home/.../passwd"
    AuthName "Password"
    AuthType Basic
    require valid-user
    #Added lines below
    Order deny,allow
    Allow from 91.199.212.132
    Satisfy Any
    I wanted to allow secure.comodo.net, but this failed so I looked up the IP and allowed that instead which worked and AutoSSL obtained a new IP, (secure.comodo.net currently has address 91.199.212.132) I can see this failing if the IP ever changes so opted for the .htaccess in the .well-known directory.

    I'm going to continue looking into why the fqdn didn't work as the documentation suggests a fqdn should work, but i'll be looking to put it in the .well-known/.htaccess to make that directory as secure as possible.

    I couldn't find a suitable solution on the forums so thought i'd share my findings this morning.
     
  2. jeffstu

    jeffstu Registered

    Joined:
    Feb 12, 2015
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Leyland, Lancashire, UK
    cPanel Access Level:
    Root Administrator
    Another alternative

    Code:
    <FilesMatch  "[A-F0-9]{32}\.txt">
    Satisfy Any
    Order Allow,Deny
    Allow from all
    </FilesMatch>
    
    To allow access to files that contain letters or Numbers and are 32 characters long and end in .txt

    I've raised a case with Cpanel to see if this can be added by default so that Auto SSL can work for password protected Directories.
     
  3. cPWilliamL

    cPWilliamL cP Technical Analyst II
    Staff Member

    Joined:
    May 15, 2017
    Messages:
    258
    Likes Received:
    29
    Trophy Points:
    103
    Location:
    America
    cPanel Access Level:
    Root Administrator
    Hi,

    Similar to the previous user suggested, I would recommend excluding the path from your Basic Auth; although, the filematch is not a bad solution either. I could certainly see this making it into the product down the road. I'd still recommend submitting a feature request just so other's could vote and voice their opinion.

    Thanks,

    Edit: We are tracking this improvement to AutoSSL via case CPANEL-16958
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 cPWilliamL, Nov 16, 2017
    Last edited: Nov 16, 2017
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,423
    Likes Received:
    1,957
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    To update, internal case CPANEL-16958 is scheduled for inclusion with cPanel version 70. The case adds new functionality to the "Use a Global DCV Passthrough instead of .htaccess modification (requires EA4)" option in "WHM >> Tweak Settings" so that it whitelists AutoSSL validation attempts for websites using password protected directories.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    linux4me2 likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice