Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Directory protected password not working, when IP is used in URL
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Directory protected password not working, when IP is used in URL

Hello guys!

I have a problem. I bought a small VPS and all is working great. I made a directory and made a password for it. And I used A name record to point the IP to another website I have (xxx.domain.com)

So if I go to the IP: xxx.xxx.xxx/directory I can go without any username and password wich is weird.

But if I go to the A record I use: sitea.xxx.com/directory the protected area works which is what I want.

How can i fix it? because I don't want people to see the files inside that directory.

Thanks a lot!

Comments

  • perennateperennate Member, Host Rep

    Show your web server configuration.

  • I suppose your password protection only applies to the named configuration and the default one will be unprotected.

    But as perennate wrote, the configuration is important.

  • Now that's not what you're asking for, but several years ago another LET member @divya made a simple script on my request which do exactly this what you stated above flawlessly.

    For the above scenario put an index.php file in the directory with the following code:

    <html><head><title>Password protected directory</title></head><body>
    <?php
    $user="username";
    $pass="password";
    if(isset($_REQUEST['u']) && isset($_REQUEST['p'])){
        if(strcmp($_REQUEST['u'], $user)==0 && strcmp($_REQUEST['p'], $pass)==0){
            if ($handle = opendir('.')) {
                while (false !== ($file = readdir($handle))) {
                    if ($file{0} != "." && $file != "index.php") {
                        echo "<a href='$file'>$file</a><br />\n";
                    }
                }
                closedir($handle);
            }
        }
        else{
            echo "Access denied!";
        }
        echo "</body></html>";
        exit();
    }
    ?>
    <form action="index.php" method="POST" name="login_frm">
    Username: <input name="u" /><br />
    Password: <input name="p" type="password" /><br />
    <input name="submit" type="submit" value="Login" /><br />
    </form>
    </body></html>
    

    For php virgins: you should login with username as 'username' and password as 'password'. You can change this by changing the values of variables $user and $pass in the above script.

  • Heinz said: Now that's not what you're asking for, but several years ago another LET member @divya made a simple script on my request which do exactly this what you stated above flawlessly.

    Sorry, no offence but there is no need to use PHP for something which every web server is perfectly capable of.

    Thanked by 1marrco
  • Thank you @perennate for your help.

    Here's my apache2 conf file: http://pastebin.com/1kMwTSCs

    If other files are needed let me know, and please tell me the directory where to find them.

  • perennateperennate Member, Host Rep

    How are you adding the password protection? You need to provide more details of your setup. It sounds like you're using some kind of panel but you haven't mentioned that.

  • Includes for everyone!

  • Hello.

    I did this: http://help.1and1.com/hosting-c37630/scripts-and-programming-languages-c85099/htaccess-c37776/manually-password-protect-your-filesfolders-linux-a777001.html

    It works when I type the full address but when I use IP it doesn't work. I tried it on another VPS I have and it works great. But this VPS is different. I also did the same steps in the two VPS.

    Thanks guys for your help!

  • As I already said before

    @alessio said:
    I suppose your password protection only applies to the named configuration and the default one will be unprotected.

    But as perennate wrote, the configuration is important.

Sign In or Register to comment.