The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to password protect root / default webpage

Discussion in 'General Discussion' started by Greg M, Jul 31, 2017.

  1. Greg M

    Greg M Member

    Joined:
    May 26, 2016
    Messages:
    13
    Likes Received:
    5
    Trophy Points:
    3
    Location:
    Glasgow, Scotland
    cPanel Access Level:
    Root Administrator
    Hi there,

    I am trying to figure out how I can password protect the server hostname default page.

    i.e. server.domain.com (which auto forwards to -> /cgi-sys/defaultwebpage.cgi)

    The reason I want to do this is because I have installed mod_pagespeed and I am trying to enable its admin GUI.

    The problem I have is that for some daft reason I cannot access the /pagespeed_admin/ from a subdomain, such as cache.domain.com - for some reason it just doesn't load up, however it does load from the servers hostname - server.domain.com/pagespeed_admin/

    However this would allow anyone who discovers the link to interact with this GUI which is not very secure. I am aware I could restrict it to my IP but I I'd need to access it from various locations, some of which are dynamic IPs

    So my hopeful resolution is to password protect server.domain.com.


    Is there a way to do this?

    Thanks
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,204
    Likes Received:
    1,297
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  3. Greg M

    Greg M Member

    Joined:
    May 26, 2016
    Messages:
    13
    Likes Received:
    5
    Trophy Points:
    3
    Location:
    Glasgow, Scotland
    cPanel Access Level:
    Root Administrator
    Hi Michael, thanks for the reply.

    Just to clarify, I am looking to do this for the root hostname of the server / main IP address.

    I believe the correct directory is /var/www/html/ (checked this by editing the main html page that calls the default system cgi page) however when adding an htaccess file it doesn't seem to have an effect?

    Thanks
     
  4. Greg M

    Greg M Member

    Joined:
    May 26, 2016
    Messages:
    13
    Likes Received:
    5
    Trophy Points:
    3
    Location:
    Glasgow, Scotland
    cPanel Access Level:
    Root Administrator
    I actually managed to work it out,

    I had to add

    Code:
    <Directory "/var/www/html/">
      Options Indexes FollowSymLinks MultiViews
      AllowOverride AuthConfig
      Order allow,deny
      Allow from all
    </Directory>
    to the Pre main include - I was avoiding updating httpd.conf direct.

    Seems to be working great now



    EDIT: IF anyone is attempting this, I had to put my passwd file within the /var/www/.passwds/ directory and set the folder to 755 permissions otherwise the file was unreadable by apache
     
    #4 Greg M, Aug 2, 2017
    Last edited: Aug 2, 2017
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,204
    Likes Received:
    1,297
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Keep in mind you may want to upload your custom script to a subdirectory within "/var/www/html/" and apply the workaround to the specific subdirectory (e.g. /var/www/html/directory-name). Otherwise, access attempts to the other templates (e.g. suspended page, error documents) will require authentication.

    Thank you.
     
  6. Greg M

    Greg M Member

    Joined:
    May 26, 2016
    Messages:
    13
    Likes Received:
    5
    Trophy Points:
    3
    Location:
    Glasgow, Scotland
    cPanel Access Level:
    Root Administrator
    Hi Michael,


    Thank you for the response, because I am using mod_pagespeed there is no actual physical directory created (that I can find) which is why I am having to protect the root level.

    However in terms of what you were saying I suspended an unused account and accessed it via private tab in different browser and it did not require any authentication for the suspended page so I don't think I will have any issues?
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,204
    Likes Received:
    1,297
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    In that case, no further steps should be required.

    Thank you.
     
  8. Greg M

    Greg M Member

    Joined:
    May 26, 2016
    Messages:
    13
    Likes Received:
    5
    Trophy Points:
    3
    Location:
    Glasgow, Scotland
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    Thanks for that, I will keep an eye on it just incase there are issues further down the line.

    Thanks

    Greg
     
    cPanelMichael likes this.
  9. Greg M

    Greg M Member

    Joined:
    May 26, 2016
    Messages:
    13
    Likes Received:
    5
    Trophy Points:
    3
    Location:
    Glasgow, Scotland
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    Turned out that this did indeed cause an issue,

    Code:
    server lfd[1410]: STATS: Unable to retrieve Apache Server Status [http://127.0.0.1/whm-server-status?auto] - Unable to download: Unauthorized
    Turns out creating a /pagespeed_global_admin/ directory in the apache root and password protecting that works even though pagespeed doesnt physically reside there. I had originally though this would have caused an issue but that seems to be the full solution !
     
    cPanelMichael likes this.
Loading...

Share This Page