Mudy’s Blog

I have played Cherokee server on my personal blog a couple of days. I used it for some private file. Some directories need to be password protected. Initially I set it up in this way.

Incorrect password protection for Cherokee webserver

Then I tested against some static files, it obviously worked. However a couple days later, I realize the php script inside this directory was not protected at all including index.php. A rather easy fix, I added the same auth method to php handler as well. However as I add more stuff into my private directory, some of them require individual handler to work correct, so I added same http authentication method to all of them. It is really a pain to maintain such a long auth list, suddenly I realized I must have done this in a wrong way.

After digging into the cherokee document and cookbook, I find this simple solution to protect a whole directory.

1. Add a directory rule which match the directory you want to protect.
2. Set the handler to None in Handler tab
3. Set authentication method in Security tab.
4. Move this rule to the top and uncheck final.

Correct way to password protect cherokee webserver.

That’s it.

 Tweet
 

Yejun Linux, Web cherokee, http authentication, password protection, webserver