How to password protect root / default webpage

Greg M

Active Member
May 26, 2016
42
13
8
Glasgow, Scotland
cPanel Access Level
Root Administrator
Hi there,

I am trying to figure out how I can password protect the server hostname default page.

i.e. server.domain.com (which auto forwards to -> /cgi-sys/defaultwebpage.cgi)

The reason I want to do this is because I have installed mod_pagespeed and I am trying to enable its admin GUI.

The problem I have is that for some daft reason I cannot access the /pagespeed_admin/ from a subdomain, such as cache.domain.com - for some reason it just doesn't load up, however it does load from the servers hostname - server.domain.com/pagespeed_admin/

However this would allow anyone who discovers the link to interact with this GUI which is not very secure. I am aware I could restrict it to my IP but I I'd need to access it from various locations, some of which are dynamic IPs

So my hopeful resolution is to password protect server.domain.com.


Is there a way to do this?

Thanks
 

Greg M

Active Member
May 26, 2016
42
13
8
Glasgow, Scotland
cPanel Access Level
Root Administrator
Hi Michael, thanks for the reply.

Just to clarify, I am looking to do this for the root hostname of the server / main IP address.

I believe the correct directory is /var/www/html/ (checked this by editing the main html page that calls the default system cgi page) however when adding an htaccess file it doesn't seem to have an effect?

Thanks
 

Greg M

Active Member
May 26, 2016
42
13
8
Glasgow, Scotland
cPanel Access Level
Root Administrator
I actually managed to work it out,

I had to add

Code:
<Directory "/var/www/html/">
  Options Indexes FollowSymLinks MultiViews
  AllowOverride AuthConfig
  Order allow,deny
  Allow from all
</Directory>
to the Pre main include - I was avoiding updating httpd.conf direct.

Seems to be working great now



EDIT: IF anyone is attempting this, I had to put my passwd file within the /var/www/.passwds/ directory and set the folder to 755 permissions otherwise the file was unreadable by apache
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,211
363
Hello,

Keep in mind you may want to upload your custom script to a subdirectory within "/var/www/html/" and apply the workaround to the specific subdirectory (e.g. /var/www/html/directory-name). Otherwise, access attempts to the other templates (e.g. suspended page, error documents) will require authentication.

Thank you.
 

Greg M

Active Member
May 26, 2016
42
13
8
Glasgow, Scotland
cPanel Access Level
Root Administrator
Hi Michael,


Thank you for the response, because I am using mod_pagespeed there is no actual physical directory created (that I can find) which is why I am having to protect the root level.

However in terms of what you were saying I suspended an unused account and accessed it via private tab in different browser and it did not require any authentication for the suspended page so I don't think I will have any issues?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,211
363
However in terms of what you were saying I suspended an unused account and accessed it via private tab in different browser and it did not require any authentication for the suspended page so I don't think I will have any issues?
In that case, no further steps should be required.

Thank you.
 

Greg M

Active Member
May 26, 2016
42
13
8
Glasgow, Scotland
cPanel Access Level
Root Administrator
Hi Michael,

Turned out that this did indeed cause an issue,

Code:
server lfd[1410]: STATS: Unable to retrieve Apache Server Status [http://127.0.0.1/whm-server-status?auto] - Unable to download: Unauthorized
Turns out creating a /pagespeed_global_admin/ directory in the apache root and password protecting that works even though pagespeed doesnt physically reside there. I had originally though this would have caused an issue but that seems to be the full solution !
 
  • Like
Reactions: cPanelMichael