Apdrummer Posted July 11, 2010 Share Posted July 11, 2010 Hi, So I recently bought a FON2100 router to put Jasager on. I followed the Jasager Install Guide and the Jasager v2.1 Install Guide and successfully got OpenWRT running with Jasager. My question is how can I password protect the HTTP/HTML settings pages? I have modified the first lines of /etc/httpd.conf from : [original] /:root:$p$root /:admin:$p$root to be /:root /:admin which got no protection (as I recall... ) and then added ":$p" by itself in each line and then tried just ":$root" in each line. With both of those two by themselves I got an endless string of username and password prompts. But these attempts are just me flinging the proverbial spaghetti at the wall to see what sticks. I honestly had no idea what I was changing or how it would affect it. In its current/original form, it password prompts once, and then whether I restart the router, or just reopen the browser, it doesn't prompt for the root password again. I tried: killall httpd httpd via SSH, but that just prevented me from being able to get to any html page on it at all. Thanks for any help/guidance that can be provided. I googled httpd.conf pages and httpd in general, but all I could find was stuff about Apache. Thanks! Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted July 11, 2010 Share Posted July 11, 2010 I'm pretty sure they are password protected when you do passwd initially. I could be wrong. Did you install Digininja's firmware or all by scratch? Quote Link to comment Share on other sites More sharing options...
Apdrummer Posted July 11, 2010 Author Share Posted July 11, 2010 (edited) I'm not 100% sure what you mean, I used the ap51-flash-fonera utility with openwrt-atheros-2.6-root.squashfs and openwrt-atheros-2.6-vmlinux.lzma. Those were the files included in the zip file at the end of both Wikis. I've been looking more into httpd, and found that I should have done the following to restart httpd killall httpd httpd -p 80 -h /www -r OpenWrt [or] killall httpd /etc/init.d/httpd start But no matter how often I restart httpd on the FON, it won't reprompt for the password. This seemed to be a potential security flaw to me, unless it was somehow storing my browser/computer identity so I don't have to logon each time. So I tried chrome and IE (Firefox is my default), both of which prompted for the password. I also tried Firefox on another computer, and it also prompted for a password. So I guess I have a few questions about this: 1) How does it remember the computer/browser? 1.1) Is this storage area secure? 2)What do the variables $p and $root in /etc/httpd.conf refer to? 2.1)Why are they both required in that order for both root and admin? 3)It would seem to me to be more secure if it reprompted for the password every time a new session is opened - even on the same computer/browser. Is there anyway to modify httpd.conf to do this? Thanks again. Edited July 11, 2010 by Apdrummer Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted July 11, 2010 Share Posted July 11, 2010 http://www.digininja.org/jasager/ Download his firmware. Flash with that firmware. That will solve a lot of issues. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.