Setting up user/password access to my web server

[net_devil69]

I have set up my web server with my index page at http://127.0.0.1:666/, i get my index page when typing that url into the browser, i want to be able to set up serveral users all with access to only certain folders with-in the server. I want every one who accesses the server to have to type a user name and password/username when they get to http://127.0.0.1:666/, and have to type a password and username if the type in the name of a sub-directetory, without going to the index page first( http://127.0.0.1:666/mp3).

I have read all the info i can but still cant work out ow to restrict/allow areas of ther server, i have tried but it does not prompt me for a username/password.
Any help would be great, as you can proberly tell i have never set up a web server before and am still learning, but apart from this problem this i a great bit of software.

[senshi]

you need to make a virtual path to a physical folder, if you want to use that /mp3 as an example, you need to look where on the server your mp3 folder is and note the Physical path to it and then in the server console add that Physical path and give it a virtual path beginning with a / followed by the name, in this case mp3 to make /mp3 as the entry.

So start your console and navigate through the menus...
Server config >> advanced button >> Aliases

input into the virtual path /mp3 and in the physical path put the actual path to the folder, if you get an erro then your wrong somewhere, double check, in my case my path was ... H:\webroot\Abyss Web Server\mp3

then click OK, you have now set up your realm /mp3 which will be accessed by http://***.***.***.***l/mp3 where *** representss your IP address.

You now need to make a group if you are going to allow lots of users to access the folder.

Server config >> advanced button >> users & groups ... in users click add and put your name and a password then click ok. in my example I used the name dave and added a group called /mp3, check the user dave for that group.

Server Configuration >> Advanced >> Access Control now add some security...

put in the /mp3 virtual path name and put in a realm name and check the box for /mp3 (your group which has you as one of its users) anyone you now add to the group /mp3 will hav access tot the http://URL/mp3

I hope i have covered it all, but thats the simplest method I know...

[net_devil69]

Thanks for your help and quick reply senshi,
I did that and it worked first time, it all works apart from when i type in http://127.0.0.1:666/(thats what my server is set up on), i am prompted with the index.html,( in the Address bar it reads ttp://127.0.0.1:666
not http://127.0.0.1:666/index.html and i am unable to password protect it, the console would not allow me to add my root (/files), and you cant protect indervidual files, thats my problem now i will read up some more on the net, and replays to this problem are very welcome, thanks.

[senshi]

http://127.0.0.1/ is local to your machine so be sure to find your IP address.

IM assuming that you put abyss on port 666, if you put your console port on 666 then you dont reference that port, the standard port is 80 for any server.

if you set up abyss server, it will serve up index.html or index.htm as its default page, if no page is present then the contents of the folder is displayed.

Theirs little point in securing individual files in a webserver, if you want to do that you will need to delve into VPN and making trusted connections and allow users on your machine, it is a different kettle of fish altogether.

In saying that their are servers that allow you to selectively allow and disallow access to files, I had one and got rid of it as I dindnt see thepoint, a webserver is for serving and not a security tool for selectively allowing file access, if you add a security password to a user and stuff them into a group and add that group to the realm you created, you are doing a similar task in as far as only allowing access to selected users...

using virtual paths is a good way of making up hosts where security is not an issue, where security is an issue, you need to lock down those virtual paths that you dont want access to from the web.

If you want to add some security to your files, create a folder that will only contain the files you want to protect and make all groups have access to those paths and reference the URL of the virtual path in your main web pages URL clcik links...

eg if you have /secure as a virtual path and you have a file called myaudio.mp3, then /secure/myaudio.mp3 will have security settings applied if the /secure path has security settings applied to it, members of that group will have access to the files after supplying a password, thats they only way I can see you doing it selectively like that, hiding the secure files under a virtual path.

[senshi]