Lab 7.4

lafalasidosi

Issue: apache2 doesn't ask for password.

My understanding of the lab: I expect once done that the user [email protected] can accesss http://localhost in a browser (showing default apache index.html), but user [email protected] would be prompted for a password.

What I've tried:
1. Following the instructions directly:
# mkdir /var/www/html/secure
# vim /etc/apache2/sites-enabled/secure-dir.conf
# htpasswd -c /etc/apache2/secure.users bob

a. tried creating user first then these configurations
b. tried the opposite
c. changed line 1 of secure-dir.conf to
c1. placed /var/www/html/index.html in /var/www/html/secure
d. changed line 4 of secure-dir.conf to /etc/apache2/secure.users
e. tried keeping line 1 the same but making /secure and putting the default apache html file there
f. restarted apache daemon after each change, promise

In the end, bob was never asked for a password---not when opening anything in Nautilus, dumping the html with w3m, or opening the file in Firefox.

2. Following along in http://httpd.apache.org/docs/2.4/howto/auth.html
   Long story short the placement of the file with Location etc. in it and the password file changed. Still no result.
   a. looked for loaded modules such as mod_auth_basic per documentation
   b. no result -> lsmod -> no such modules

Do I misunderstand the lab objective? Has anyone else come across this? Am I missing something really obvious?

lee42x

Hi lafalasidosi !

It seems you are using Debian or Ubuntu, no problem, but you did find a missing step.

For step 7.4.3.a ( new step)

sudo a2enmod auth_basic

Then verify the file "auth_basic.load" file exists in the /etc/apache2/mods-enabled directory.

Ubuntu uses several directories with apache2 configuration, "available" and "enabled" directories for "site", "mod" and "config". The idea is that "available" is just storage and you run from "enabled" directory. There are a couple programs to help out: a2enmod/a2dismod which enables/disables apache modules, a2ensite/a2dissite, enables/disables virtual hosts (sites) and the same for conf. The man pages contains additional information. The a2query -m should list at the enabled modules.

The lab should allow "bob" to access the web document with a valid password. Student user will not be able to access the page because student does not have a valid password.

Thank you for pointing this out, it will be corrected in the next version.

Regards Lee

PS: "lsmod" lists kernel modules not apache2modules.

lafalasidosi

Good morning, lee42x,

Thank you very for the response. I should have seen that after learning in the next labs how to enable modules with ln -s.

In case anyone finds use out of it, let me say what worked after my question was answered:

(Ubuntu 20.04)

# mkdir /var/www/html/secure
# vim /etc/apache2/sites-enabled/secure-dir.conf (exactly as in lab, trust me)
# htpasswd -c /etc/apache2/secure.users bob
# a2enmod auth_basic ___or___ ln /etc/apache2/mods-available/auth_basic.load /etc/apache2/mods-enabled
# systemctl restart apache2

My /var/www/html folder looked like:
index.html secure/

When I went to http://localhost and the same thing happened. I had a duh/aha moment and looked for http://localhost/secure and then bob was prompted for a password.