Forum

Hello,

I've tried for several hours now to protect a directory with a password with no success. I've tried everything, relative/absolute paths, .hiawatha files(Local config) or the hiawatha.conf, Basic, digest, and all combinations of those parameters but nothing works . What I got is either no password asked or my credentials who never works (the dialog box for credentials input pop up indefinitely).

I think I did the same as this guy : https://www.hiawatha-webserver.org/forum/topic/2289
except I can't give up and do IP restriction because that is not what I need...

Thank you for explaining me what I may have done wrong and how it is possible to password protect a folder.

Have you seen this HOWTO yet?

Hello Hugo, of course I did I'v read it and read it and read it again and again, followed it by the letter and also tried many things I seen elsewhere, triple checked every things, but no matter what this doesn't work

I'm no expert so I probably made a mistake somewhere but really *can't* see where :/

What does the error logfile say?

There's nothing in that file (last entry 15 november 2016) nor the others logs

hiawatha version : 10.4
OS : debian jessie

Hello,

Did you create the password file on your computer or directly on the server with nano or vim ? I had a similar problem (no access but no error in the log) and it was because Hiawatha wasn't able to "understand" the password file created on my Mac.

I found two working solutions (after trying for hours with simple username / password like test / test to avoid typing mistake) :
- I added an empty line at the end of the file created on my computer.
- I created the file directly on the server with nano.

Hello Nicolas,

I pasted the output of
# wigwam -d user 'Private Page'
In a file created with emacs on my server (my server is my computer, as I host a website at home)

The added last empty line change nothing for me. I also used simple user/password to avoid typing mistake.

Here is the relevant part of my conf (one of the many conf I tried actually) :

## in hiawatha.conf

Directory {
	  DirectoryId = prive 
	  StartFile = index.html
	  Path = prive/
#	  LoginMessage = Login # If i set this I get a syntax error, with 'Login' as well
	  PasswordFile = digest:prive/.pswd
}

VirtualHost {
	Hostname = www.mysite.win, mysite.win
	WebsiteRoot = /var/www/mysite
	AccessLogfile = /var/www/mysite/log/access_mysite.log
	ErrorLogfile = /var/www/mysite/log/error_mysite.log
	RequireTLS = yes
	UseLocalConfig = no
	UseDirectory = prive
}

The directory I want to password protect is /var/www/mysite/prive and the password file is at /var/www/mysite/prive/.pswd

With that set up anyone can acces the page (no login asked).

I forgot :
$ ls -lh /var/www/mysite/prive/.pswd
-rw-r--r-- 1 user user 56 déc. 12 18:58 .pswd

This part of your config seems strange with the / at the end.

Path = prive/

Did you try with the / at the beginning ?

Path = /prive

Also, specify the full path to the password file:

PasswordFile = digest:/full/path/to/prive/.pswd

with :
PasswordFile = digest:/var/www/mysite/prive/.pswd
Path = /prive

Then logins are asked but never work. Still nothing in the logs.

Is the webserver allowed to read the password file? Check access rights for all directories and the password file itself.

The LoginMessage is only valid in a VirtualHost section, not in a Directory section.

# ls -lh / |grep var
drwxr-xr-x 13 root root 4,0K janv. 27 2015 var

# ls -lh /var |grep www
drwxr-xr-x 6 root root 4,0K nov. 6 19:15 www

# ls -lh /var/www |grep mysite
drwxr-xr-x 16 user user 4,0K déc. 11 17:09 mysite

# ls -lh /var/www/mysite |grep prive
drwxr-xr-x 2 user user 4,0K déc. 14 13:14 prive

# ls -lh /var/www/mysite/prive/.pswd
-rw-r--r-- 1 user user 56 déc. 14 13:14 /var/www/mysite/prive/.pswd

Is there something wrong ? (by the way, I run hiawatha as root, that's what I'm suppose to do right ?)