Thursday, September 27, 2012

Smokeping: Password Protecting

In this post, we will be looking at how to password protect Smokeping. As you may know, Smokeping pages are usually not password protected and can be viewed by anyone by defauly. Limit the view to a limited number of users, either of the following ways are possible-
  1. Using the web server configuration file to set passwords
  2. Using htaccess to set passwords
According to Apache, using .htaccess should be avoided whenever possible, as .htaccess may hamper the web server performance (Source). Apache recommends using the web server configuration files for setting up passwords.

Here's how it's done. (I am using an Ubuntu Server)

Phase 1: Creating the password file.

mkdir /etc/apache2/passwd

htpasswd -c /etc/apache2/passwd/passwords username

The -c is used to create a new user. This parameter can be omitted to change the password of an existing user.

Phase 2: Modifying Smokeping Directives

vim /etc/apache2/conf.d/smokeping

### Modify the following directives as necessary ###
<Directory "/usr/share/smokeping/www">
Options FollowSymLinks
AuthType Basic
AuthName "Smokeping"
AuthBasicProvider file
AuthUserFile /etc/apache2/passwd/passwords
Require valid-user
</Directory>


Phase 3: Restarting Apache Web Server

This is the easiest step

/etc/init.d/apache2 restart

Phase 4: Testing
From now on, everytime a new connection is initiated with Smokeping, the web server will request for a username & password.

And it's done. Pretty easy, eh?

NOTE: This method transmits password in cleartext format. Please check here for more secured options.

0 comments:

Post a Comment