You can restrict access to the entire website or to some of its directories. To open a directory of the website with restricted access, the visitor will need to go through an additional authorization in the browser.

Setting restrictions


To restrict access to the website:

  1. Enter Domains → WWW-domains →  menu
     → Access limits.
  2. Press Add.
  3. Select the directory of the website you want to restrict access to. You can specify it manually in the Path to directory field or select it in the file manager.
  4. Press Next.
  5. Enter your login information:
    1. Username.

      Note

      This username will only be used for authorization in the website directory. It is not associated with ISPmanager user accounts.

    2. Enter or generate a Password.

    3. Re-enter the password in the Confirmation field.
  6. Press Finish.


To delete the restriction, enter DomainsWWW-domains → menu 

Access limits → select the restriction → Delete.

To edit the restriction settings, enter DomainsWWW-domains → menu 

Access limits → select the restriction → Users. Possible actions:

  • Add a new user for the restriction;
  • Edit the settings for the user;
  • Delete the settings for the user;
  • Enable or disable user settings.

Work logic


After creating a restriction, ISPmanager:

  1. Saves username and password in encrypted form in the file /var/www/<user-owner name>/data/etc/access.<domain name>.<part of hash function from domain name>.passwd.
  2. Adds a section to the web server configuration file:

    Example of section for Apache

    <Directory /var/www/www-root/data/www/example.com/tmp>
    Allow from all
    AuthName "Access limited by ISPmanager"
    AuthType Basic
    AuthUserFile /var/www/www-root/data/etc/access.example.com.GHCoKdm8.passwd
    Order allow,deny
    Require valid-user
    </Directory>
    CODE

    Example of section for Nginx

    location /tmp/ {
    		location ~ [^/]\.ph(p\d*|tml)$ {
    			try_files /does_not_exists @php;
    		}
    		auth_basic "Access limited by ISPmanager";
    		auth_basic_user_file /var/www/www-root/data/etc/access.example.com.GHCoKdm8.passwd;
    	}
    CODE