TurnKey Linux Virtual Appliance Library

Restricting access to a site for a TKLPatch

I'm workng on a patch, presented here. I'd lile to limit who has access to the application via Apache2. The app resides at /var/www/virtualbox.

I feel like I've done my due diligence, so might try my luck here. Although it's directly related to TKL, it is relevant to a TKLPatch, so I'm hoping I'm not pushing my luck too much.

I've followed all the docs I have access too, even to the point of reading the Apache Cookbook on my iPhone (yes, once again I am ashamed - but listen to this - there's a free app that controls ESXi virtual machines - kinda cool). In any event, I'm stuck.

I've created a htpasswd file at /var/virtualbox/.security. It contains the following:

virtualbox:hashed/password

Ownership is www-data:www-data.

I've created an htaccess file at /var/www/virtualbox/.htaccess. It contains the following:

AuthType basic

AuthName phpvirtualbox

AuthBasicProvider file

AuthUserFile /var/virtualbox/.security

Require user virtualbox

It to0 belongs to www-data:www-data.

WHat am I missing if I'm looking to password protect /var/www/virtualbox to allow just the user named virtualbox into the site?

I have a2enabled auth_basic.

Many thanks in advance for at the very least your patience.

Call it off

Besides the several typos that were reflected in my above post: it seemed it didn't want to take the directives in /var/www/virtualbox/.htaccess .

I moved similar directives between <Directory /> tags in the site conf (000-default, i think in this case) and it worked. Now to get it going in a script.

I can't account from the docs why it would work in the site conf but not in the .htaccess file. any ideas?


Liraz Siri's picture

Maybe you need to AllowOverride

You can configure Apache to allow or disable the htaccess configuration file the AllowOverride directive. Maybe that's what is happening in your tests.See the Apache .htaccess tutorial for details.

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)