I recently migrated from VestaCP to HestiaCP and I am trying to understand why the file path I have in my .htaccess file (to set a directory password) is failing. Its causing a 500 error. The only change is the username which I updated accordingly but the file path is the same and O/S (Debian) is the same. I am sure its silly typo but can’t get it to work.
It could be so great if we could just check a box in the HestiaCP backoffic0e to enable or disable http protection at a site. We’re starting to get used to all those cool little things that make our lives easier, version after version.
I’ve made a small tutorial on how to do this, easily. If someone knows bash, better than me, you can make it a bash command. Or just add it directly to the file explorer in Hestia.
Create a new, encrypted .htpasswd file with the used admin. You can add to this file, just remove the ‘-c’. It will ask you for a password. This file can be anywhere on the server. The file (.htpasswd) can be named anything, it doesn’t matter.
htpasswd -c /home/user/web/domain/.htpasswd admin
Create a .htaccess file in the folder you want to protect
In my case I have an issue, if you send a request to the protected folder :
/test/ = OK it’s asking for auth, and if I cancel I get a 401 error.
/test/index.html : KO (it’s not asking for auth and you gain access)
/test/test.html : KO (it’s not asking for auth and you gain access)
/test/test.avi : KO (it’s not asking for auth and you gain access)
/test/test.test : OK it’s asking for auth, and if I cancel I get a 401 error.
It’s like some regular extension are KO but unknown extension will work.
I tried and reproduced this problem on a fresh installed Hestia : v1.4.17 - Ubuntu 20.04 (x86_64)
If you have configured some basic http auth like this on you server, do you have the same problem ?
I didn’t test this until now, but you are right. It doesn’t work as expected. I assume you have the default Hestia setup, with apache and nginx, like me. I don’t have any servers with apache alone, so I can’t test this, but this short htaccess was taken from my old cpanel install and it should work. I assume it doesn’t because of some nginx caching thing.
I can see that a html file in the folder is displayed first and then the browser prompts me for a password. It might be an nginx proxy thing or a Hestiacp bug…