Basicauth + browse

Vladimir_Dudr · September 16, 2017, 1:14pm

Hi there,

does basicauth works for limiting access to browse urls?

Having Caddyfile like this:

example.com/files {
basicauth / user pass
root /somefolder
browse
}

It gives direct access to files without need to log in…

tobya · September 16, 2017, 4:33pm

try putting / after browse directive and see if that fixes the issue?

eg

example.com/files {
basicauth / user pass
root /somefolder
browse /
}

tobya · September 16, 2017, 9:04pm

I am unable to reproduce this I get prompted for a username and password with your caddyfile.

What version of Caddy are you using?

matt · September 16, 2017, 11:57pm

And make sure that when you change the Caddyfile, you reload the configuration in Caddy… and clear browser cache. Be sure to use curl to avoid any cache problems.

Vladimir_Dudr · October 4, 2017, 9:14am

Hm, weird. I do not get asked, slash or not, it just lists the files.

@Matt: I of course reloaded Caddy. Curl lets me in, no autorization needed.

Caddy version is 0.10.9, but it was wrong all the earlier versions I was trying it with. (0.9.5, 0.9.0, if I remember correctly).

Whitestrake · October 4, 2017, 12:40pm

Interesting. I couldn’t reproduce the issue, though, check and compare my Caddyfile?

Matt at hermes in ~/Projects/test
→ caddy -version
Caddy 0.10.9

Matt at hermes in ~/Projects/test
→ cat Caddyfile
:2015/files {
  basicauth / foo bar
  root /Users/Matt/Projects/test
  browse
}

Matt at hermes in ~/Projects/test
→ curl -i localhost:2015/files
HTTP/1.1 401 Unauthorized
Caddy-Sponsors: This free web server is licensed only for non-commercial use, made possible by its sponsors: Minio, Uptime Robot, and Sourcegraph
Content-Type: text/plain; charset=utf-8
Server: Caddy
Www-Authenticate: Basic realm="Restricted"
X-Content-Type-Options: nosniff
Date: Wed, 04 Oct 2017 12:40:15 GMT
Content-Length: 17

401 Unauthorized

Matt at hermes in ~/Projects/test
→ curl -i localhost:2015/files -H 'Authorization: Basic Zm9vOmJhcg=='
HTTP/1.1 200 OK
Accept-Ranges: bytes
Caddy-Sponsors: This free web server is licensed only for non-commercial use, made possible by its sponsors: Minio, Uptime Robot, and Sourcegraph
Content-Length: 20
Content-Type: text/html; charset=utf-8
Etag: "ou1q85k"
Last-Modified: Wed, 02 Aug 2017 07:02:29 GMT
Server: Caddy
Date: Wed, 04 Oct 2017 12:42:28 GMT

This is index.html.

system · January 2, 2018, 12:41pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.