Hi there,
does basicauth works for limiting access to browse urls?
Having Caddyfile like this:
example.com/files {
basicauth / user pass
root /somefolder
browse
}
It gives direct access to files without need to log in…
Hi there,
does basicauth works for limiting access to browse urls?
Having Caddyfile like this:
example.com/files {
basicauth / user pass
root /somefolder
browse
}
It gives direct access to files without need to log in…
try putting / after browse directive and see if that fixes the issue?
eg
example.com/files {
basicauth / user pass
root /somefolder
browse /
}
I am unable to reproduce this I get prompted for a username and password with your caddyfile.
What version of Caddy are you using?
And make sure that when you change the Caddyfile, you reload the configuration in Caddy… and clear browser cache. Be sure to use curl
to avoid any cache problems.
Hm, weird. I do not get asked, slash or not, it just lists the files.
@Matt: I of course reloaded Caddy. Curl lets me in, no autorization needed.
Caddy version is 0.10.9, but it was wrong all the earlier versions I was trying it with. (0.9.5, 0.9.0, if I remember correctly).
Interesting. I couldn’t reproduce the issue, though, check and compare my Caddyfile?
Matt at hermes in ~/Projects/test
→ caddy -version
Caddy 0.10.9
Matt at hermes in ~/Projects/test
→ cat Caddyfile
:2015/files {
basicauth / foo bar
root /Users/Matt/Projects/test
browse
}
Matt at hermes in ~/Projects/test
→ curl -i localhost:2015/files
HTTP/1.1 401 Unauthorized
Caddy-Sponsors: This free web server is licensed only for non-commercial use, made possible by its sponsors: Minio, Uptime Robot, and Sourcegraph
Content-Type: text/plain; charset=utf-8
Server: Caddy
Www-Authenticate: Basic realm="Restricted"
X-Content-Type-Options: nosniff
Date: Wed, 04 Oct 2017 12:40:15 GMT
Content-Length: 17
401 Unauthorized
Matt at hermes in ~/Projects/test
→ curl -i localhost:2015/files -H 'Authorization: Basic Zm9vOmJhcg=='
HTTP/1.1 200 OK
Accept-Ranges: bytes
Caddy-Sponsors: This free web server is licensed only for non-commercial use, made possible by its sponsors: Minio, Uptime Robot, and Sourcegraph
Content-Length: 20
Content-Type: text/html; charset=utf-8
Etag: "ou1q85k"
Last-Modified: Wed, 02 Aug 2017 07:02:29 GMT
Server: Caddy
Date: Wed, 04 Oct 2017 12:42:28 GMT
This is index.html.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.