SOLVED Directory Privacy

Operating System & Version
cloudlinux
cPanel & WHM Version
100.0.11

Milance

Member
Apr 6, 2013
20
1
53
cPanel Access Level
Root Administrator
By using cpanel feature "Directory Privacy " to protect my page.
Authorization check is skpped if username and passwords are empty. How do I solve this ?
 

Spirogg

Well-Known Member
Feb 21, 2018
700
160
43
chicago
cPanel Access Level
Root Administrator

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,457
1,965
363
cPanel Access Level
Root Administrator
@Milance - I setup directory privacy without adding a username or password, and that triggers a 500 error on my test account when I try and access the page and just pressing okay on the user/password box. At this point, I can't reproduce this issue.

Can you get me specific details on how I can reproduce what you're seeing, including the cPanel version your server is using?
 

Milance

Member
Apr 6, 2013
20
1
53
cPanel Access Level
Root Administrator
@Milance - I setup directory privacy without adding a username or password, and that triggers a 500 error on my test account when I try and access the page and just pressing okay on the user/password box. At this point, I can't reproduce this issue.

Can you get me specific details on how I can reproduce what you're seeing, including the cPanel version your server is using?

v100.0.11
I use Privacy Direcotory on my vbulletin forum for the admin panel. When I do not enter the user and password, but only OK, then it appears for me to log in to the admin panel. Bypasses directory protection.
 

Spirogg

Well-Known Member
Feb 21, 2018
700
160
43
chicago
cPanel Access Level
Root Administrator
v100.0.11
I use Privacy Direcotory on my vbulletin forum for the admin panel. When I do not enter the user and password, but only OK, then it appears for me to log in to the admin panel. Bypasses directory protection.
@cPRex have you tested with cloudlinux and cPanel or would that not make a difference ??
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,457
1,965
363
cPanel Access Level
Root Administrator
I would hope that CloudLinux doesn't make a difference, but you never know.

I tested with both AlmaLinux and CloudLinux and couldn't make this happen on my system - when I just click the "Sign In" button without entering the username or password, I eventually get redirected to a "401 Unauthorized" page after a few attempts.

Could you submit a ticket to our team so we can check your specific machine?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,457
1,965
363
cPanel Access Level
Root Administrator
Here's what our team found in that ticket:

"I found that this issue is occurring because your site's .htaccess file is capturing the request for the 401.shtml error document, and is redirecting the request to your site's admin login page instead.

Your .htaccess file is capturing and overriding requests that would normally be handled by the following fallback default configuration.

This tells us that the problem was not one regarding the actual functionality of the blocking mechanism.

Instead it was a problem with how things were configured and which page to show when the block was encountered."

After adjusting the .htaccess you were able to confirm things are now working well with the Directory Privacy tool on the system.