.htpasswd for Admin Page with API allow?

StasSav · April 23, 2020, 6:14am

serjoscha87 · April 24, 2020, 9:11am

could you please formulate a complete question?

StasSav · April 27, 2020, 6:20am

Admin Page …/cockpit/.htpasswd Pass work
Api Get …/cockpit(.htpasswd)/api/collection/… dont work (js fetch undefined)

serjoscha87 · April 27, 2020, 6:53am

I still don’t get it, sorry

raffaelj · April 28, 2020, 6:37pm

I guess, @StasSav wants to protect the root folder with .htaccess and .htpasswd to have a second layer of security, while keeping the api calls publicly available without entering a user name and a password.

If so, than it is a bit tricky, because .htaccess protection works well in a folder based setup. E. g. in Wordpress, you can protect the admin folder easily, because it is in a sub directory of the installation.

Cockpit uses the same index.php in the root for the backend and for api calls. So it is a bit tricky, to solve that task.

@StasSav If you manage to restrict specific routes, especially /auth/login and /auth/check with Apache rewrite rules - without breaking the /api route, please share it with us.

PS: I also enjoy reading questions in full sentences with a few words about what your actual goal is.

Topic		Replies	Views
Can't access api	13	3867	April 4, 2020
How to create protected custom API end points? Cockpit v2	2	238	October 3, 2023
How to create custom API Endpoints Support	9	4127	April 26, 2019
Ip restriction for api key? Support	2	706	May 7, 2020
How acces to api? Support	1	635	August 7, 2019

.htpasswd for Admin Page with API allow?

Related Topics