Authentication
Learning Focus
By the end of this lesson you will know how to set up HTTP Basic and Digest authentication for protected areas.
What HTTP Authentication Does
HTTP authentication prompts visitors for a username and password before allowing access to specific paths. This is useful for:
- Staging site protection
- Admin area additional security
- Restricting downloads
Setting Up in WebAdmin
- Virtual Hosts → select vhost → Security → Realms
- Create a new realm with a user database file
- Add users to the authentication database
- Apply the realm to a Context for the protected path
Creating Password Files
# Create an htpasswd file
sudo /usr/local/lsws/admin/fcgi-bin/admin_php -r \
"echo password_hash('mypassword', PASSWORD_BCRYPT);"
# Or use Apache-compatible htpasswd tool
sudo apt install apache2-utils
htpasswd -c /usr/local/lsws/conf/.htpasswd admin
info
HTTP Basic authentication transmits credentials in base64 encoding. Always use it over HTTPS to prevent credential interception.
Key Takeaways
- HTTP authentication is a simple way to protect specific paths.
- Always combine with HTTPS to protect credentials in transit.
- Use it for staging, admin, and download-restricted areas.
What's Next
- Continue to IP Restrictions for IP-based access control.