Add Protected Web Directory

Problem with adding Protected Web Directory
Virtualmin Pro 2.90, FC3, fresh install 20051024

Following the process below the directory did not end up being protected. I’m pretty sure it is related to “AllowOverride All” not getting set in httpd.conf for the Virtual site.

Here’s the steps I followed:

login to Webmin as the user of the virtual site

goto Others tab
select Key icon for Protected Web Directories
Shows No protected directrories have been defined yet.
click Add protection for a new directory
select Directory Path /home/somebody/public_html/phpmyadmin
accepted File Containing users = Choos automatically
accepted File containing groups = None
accepted Password encryption = Unix crypt
set Authentication realm to PHPMyAdmin
accepted Users to allow = All users in file

select Create button

shows the protected directory and No users have been defined yet.

select Add a new user.

enter Username as somebody
accept Enabled = Yes
enter Password as xxxxxxx

select Create button

From here I went to another browser window and attempted to login to the /phpmyadmin directory and it went in without the authentication box. Tryed restarting Apache, no change.

Manaully edited httpd.conf and added "AllowOverride All" in the directory section of the correct Virtual server. Then restarted Apache and everything worked as expected.

Was there a step that I somehow missed in going through the Webmin process for Adding Protected Directory or is the program missing the update to httpd.conf?

I managed to get it working via the manual edit, but that seems a bit scary. I hesitated to add this as a Bug since I’m still learning, and I didn’t want to cry wolf.

Cheers, Mark

Hey Mark,

Nah, it’s a bug. It ought to “Just Work” and it didn’t. :wink:

We’ll get it fixed in the next version. You can modify the template for Apache to fix it for new domains in the interim (or you can do it manually the way you’ve done). You probably don’t actually want “AllowOverride All” though, for untrusted users. You may just want to add AuthConfig, and possibly a few others.

This is probably worth hashing out a good sensible default for. Anyone have opinions on what the default override’able options ought to be?

Mark. You have anything to do with Marken INternational ? :slight_smile: hmmmmmmmmmmmmmmmmmmm