By using cpanel feature "Directory Privacy " to protect my page.
Authorization check is skpped if username and passwords are empty. How do I solve this ?
Authorization check is skpped if username and passwords are empty. How do I solve this ?
Directory Privacy | cPanel & WHM Documentation
This interface allows you to protect specific directories in your cPanel account's files.
docs.cpanel.net
@Milance - I setup directory privacy without adding a username or password, and that triggers a 500 error on my test account when I try and access the page and just pressing okay on the user/password box. At this point, I can't reproduce this issue.
Can you get me specific details on how I can reproduce what you're seeing, including the cPanel version your server is using?
Can you get me specific details on how I can reproduce what you're seeing, including the cPanel version your server is using?
v100.0.11
I use Privacy Direcotory on my vbulletin forum for the admin panel. When I do not enter the user and password, but only OK, then it appears for me to log in to the admin panel. Bypasses directory protection.
I would hope that CloudLinux doesn't make a difference, but you never know.
I tested with both AlmaLinux and CloudLinux and couldn't make this happen on my system - when I just click the "Sign In" button without entering the username or password, I eventually get redirected to a "401 Unauthorized" page after a few attempts.
Could you submit a ticket to our team so we can check your specific machine?
I tested with both AlmaLinux and CloudLinux and couldn't make this happen on my system - when I just click the "Sign In" button without entering the username or password, I eventually get redirected to a "401 Unauthorized" page after a few attempts.
Could you submit a ticket to our team so we can check your specific machine?
Here's what our team found in that ticket:
"I found that this issue is occurring because your site's .htaccess file is capturing the request for the 401.shtml error document, and is redirecting the request to your site's admin login page instead.
Your .htaccess file is capturing and overriding requests that would normally be handled by the following fallback default configuration.
This tells us that the problem was not one regarding the actual functionality of the blocking mechanism.
Instead it was a problem with how things were configured and which page to show when the block was encountered."
After adjusting the .htaccess you were able to confirm things are now working well with the Directory Privacy tool on the system.
"I found that this issue is occurring because your site's .htaccess file is capturing the request for the 401.shtml error document, and is redirecting the request to your site's admin login page instead.
Your .htaccess file is capturing and overriding requests that would normally be handled by the following fallback default configuration.
This tells us that the problem was not one regarding the actual functionality of the blocking mechanism.
Instead it was a problem with how things were configured and which page to show when the block was encountered."
After adjusting the .htaccess you were able to confirm things are now working well with the Directory Privacy tool on the system.
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| R | Can I Set a Cookie with Directory Privacy? | Security | 2 | |
| L | Maximum number of users (with passwords) in Directory Privacy? | Security | 3 | |
| A | Directory Privacy - Multiple logins required | Security | 1 | |
| O | SOLVED Disable directory privacy? | Security | 4 | |
| K | Directory Privacy: don't print password during confirmation | Security | 1 |