Basicauth + browse


(Vladimír Dudr) #1

Hi there,

does basicauth works for limiting access to browse urls?

Having Caddyfile like this:

example.com/files {
basicauth / user pass
root /somefolder
browse
}

It gives direct access to files without need to log in…


(Toby Allen) #2

try putting / after browse directive and see if that fixes the issue?

eg

example.com/files {
basicauth / user pass
root /somefolder
browse /
}


(Toby Allen) #3

I am unable to reproduce this I get prompted for a username and password with your caddyfile.

What version of Caddy are you using?


(Matt Holt) #4

And make sure that when you change the Caddyfile, you reload the configuration in Caddy… and clear browser cache. Be sure to use curl to avoid any cache problems.


(Vladimír Dudr) #5

Hm, weird. I do not get asked, slash or not, it just lists the files.

@Matt: I of course reloaded Caddy. Curl lets me in, no autorization needed.

Caddy version is 0.10.9, but it was wrong all the earlier versions I was trying it with. (0.9.5, 0.9.0, if I remember correctly).


(Matthew Fay) #6

Interesting. I couldn’t reproduce the issue, though, check and compare my Caddyfile?

Matt at hermes in ~/Projects/test
→ caddy -version
Caddy 0.10.9

Matt at hermes in ~/Projects/test
→ cat Caddyfile
:2015/files {
  basicauth / foo bar
  root /Users/Matt/Projects/test
  browse
}

Matt at hermes in ~/Projects/test
→ curl -i localhost:2015/files
HTTP/1.1 401 Unauthorized
Caddy-Sponsors: This free web server is licensed only for non-commercial use, made possible by its sponsors: Minio, Uptime Robot, and Sourcegraph
Content-Type: text/plain; charset=utf-8
Server: Caddy
Www-Authenticate: Basic realm="Restricted"
X-Content-Type-Options: nosniff
Date: Wed, 04 Oct 2017 12:40:15 GMT
Content-Length: 17

401 Unauthorized

Matt at hermes in ~/Projects/test
→ curl -i localhost:2015/files -H 'Authorization: Basic Zm9vOmJhcg=='
HTTP/1.1 200 OK
Accept-Ranges: bytes
Caddy-Sponsors: This free web server is licensed only for non-commercial use, made possible by its sponsors: Minio, Uptime Robot, and Sourcegraph
Content-Length: 20
Content-Type: text/html; charset=utf-8
Etag: "ou1q85k"
Last-Modified: Wed, 02 Aug 2017 07:02:29 GMT
Server: Caddy
Date: Wed, 04 Oct 2017 12:42:28 GMT

This is index.html.

(system) #7

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.