Password-Protecting The Entire Website
If you want to password-protect your entire web application running on OpenLiteSpeed in RunCloud, you can use the Site Authentication feature from the Tools menu.
To enable Site Authentication, follow these steps:
- Go to the Tools menu of your web application in RunCloud.
- Scroll down to the Site Authentication section.
- Click on “Set Password Authentication“.
- Enter a username and a password for your web application.
- Click on Save Changes.
Now your web application will be password-protected, and visitors will need to enter the username and password before they can access it.
Password-Protecting a Directory/File
It’s easy to password-protect a web application, but it’s a different case if you want to protect a directory/file only using OpenLiteSpeed.
OpenLiteSpeed (OLS) and LiteSpeed WebServer (LSWS) have major differences in how they support .htaccess.
- LSWS supports Apache rewrite rules and the majority of Apache directives. It will automatically detect any changes to .htaccess file and will adjust as necessary without any need for a Litespeed service restart.
- OLS supports Apache rewrite rules but does not support Apache directives. You will need to restart the Litespeed service to load any changes to .htaccess.
Unfortunately, OpenLiteSpeed does not support Apache directives, which means you cannot use .htaccess – you have to use OpenLiteSpeed config to do this.
To do this, follow these steps:
- Log in to your server as root via SSH using your terminal.
ssh root@yourIPaddress- Install
apache2-utilsand use it to create a user and a password for the secret directory using thehtpasswdcommand.
apt-get install apache2-utils -y
htpasswd -cm /etc/lsws-rc/.htpasswd/webappname-secret-path user1234
In the above example, user1234 is the username of the visitor – you can change it to something specific like employee_1939.
For your convenience, you can also change the webappname-secret-path with the name of your web application, and the path that you want to protect.
- Next, you will be asked to enter the password for the user. Type your password and press Enter (it won’t be displayed in the terminal), then type your password once again to confirm it.
- Add a custom config to your web application’s OpenLiteSpeed config in RunCloud.
- After this, go to the LiteSpeed Config menu under your web application in RunCloud dashboard and add this custom config to the bottom of the existing config. Don’t forget to replace
webappname-secret-pathwith the name of your config file from step 2.
realm SecretDirProtectedArea {
userDB {
location /etc/lsws-rc/.htpasswd/webappname-secret-path
maxCacheSize 200
cacheTimeout 60
}
}
The above config defines a realm named SecretDirProtectedArea that will be used in the next step. You can change the realm name if needed.
- Finally, add the following config at the bottom of your LiteSpeed Config. Here, you can replace
my_secret_pathwith the path of the file or directory that you want to protect.
context /my_secret_path {
realm SecretDirProtectedArea
authName Protected
accessControl {
allow *
}
}For example if you want to protect a file served at https://example.com/info.php then you will replace /my_secret_path with /info.php. If you want to protect all the files in a particular folder then you can replace it with the path of that folder.
Optionally, you can add the above configuration multiple times to protect different paths using the same login credentials. After adding all of the necessary config blocks, click on Update Config to save the changes.
In the above configuration, the example.com/info.php file and all the files present inside the example.com/secret directory will be password-protected. Visitors will need to enter the username and password before they can access it.
