Jump to content

Password Protecting Jasager And Webif


Recommended Posts

Hi, So I recently bought a FON2100 router to put Jasager on. I followed the Jasager Install Guide and the Jasager v2.1 Install Guide and successfully got OpenWRT running with Jasager. My question is how can I password protect the HTTP/HTML settings pages? I have modified the first lines of /etc/httpd.conf from :

[original]

/:root:$p$root
/:admin:$p$root

to be

/:root
/:admin

which got no protection (as I recall... )

and then added ":$p" by itself in each line and then tried just ":$root" in each line. With both of those two by themselves I got an endless string of username and password prompts. But these attempts are just me flinging the proverbial spaghetti at the wall to see what sticks. I honestly had no idea what I was changing or how it would affect it. In its current/original form, it password prompts once, and then whether I restart the router, or just reopen the browser, it doesn't prompt for the root password again. I tried:

killall httpd
httpd

via SSH, but that just prevented me from being able to get to any html page on it at all. Thanks for any help/guidance that can be provided. I googled httpd.conf pages and httpd in general, but all I could find was stuff about Apache. Thanks!

Link to comment
Share on other sites

I'm not 100% sure what you mean, I used the ap51-flash-fonera utility with openwrt-atheros-2.6-root.squashfs and openwrt-atheros-2.6-vmlinux.lzma. Those were the files included in the zip file at the end of both Wikis.

I've been looking more into httpd, and found that I should have done the following to restart httpd

killall httpd
httpd -p 80 -h /www -r OpenWrt
[or]
killall httpd
/etc/init.d/httpd start

But no matter how often I restart httpd on the FON, it won't reprompt for the password. This seemed to be a potential security flaw to me, unless it was somehow storing my browser/computer identity so I don't have to logon each time. So I tried chrome and IE (Firefox is my default), both of which prompted for the password. I also tried Firefox on another computer, and it also prompted for a password. So I guess I have a few questions about this:

1) How does it remember the computer/browser?

1.1) Is this storage area secure?

2)What do the variables $p and $root in /etc/httpd.conf refer to?

2.1)Why are they both required in that order for both root and admin?

3)It would seem to me to be more secure if it reprompted for the password every time a new session is opened - even on the same computer/browser. Is there anyway to modify httpd.conf to do this?

Thanks again.

Edited by Apdrummer
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...