Wednesday, August 14, 2013

Smokeping: Password Protecting

In this post, we will be looking at how to password protect Smokeping. As you may know, Smokeping pages are usually not password protected and can be viewed by anyone by defauly. Limit the view to a limited number of users, either of the following ways are possible-
  1. Using the web server configuration file to set passwords
  2. Using htaccess to set passwords
According to Apache, using .htaccess should be avoided whenever possible, as .htaccess may hamper the web server performance (Source). Apache recommends using the web server configuration files for setting up passwords.

Here's how it's done. (I am using an Ubuntu Server)

Phase 1: Creating the password file.

mkdir /etc/apache2/passwd

htpasswd -c /etc/apache2/passwd/passwords username

The -c is used to create a new user. This parameter can be omitted to change the password of an existing user.

Phase 2: Modifying Smokeping Directives

vim /etc/apache2/conf.d/smokeping

### Modify the following directives as necessary ###
<Directory "/usr/share/smokeping/www">
    Options FollowSymLinks
        AuthType Basic
        AuthName "Smokeping"
        AuthBasicProvider file
        AuthUserFile /etc/apache2/passwd/passwords
        Require valid-user
</Directory>


Phase 3: Restarting Apache Web Server

This is the easiest step

/etc/init.d/apache2 restart

Phase 4: Testing
From now on, everytime a new connection is initiated with Smokeping, the web server will request for a username & password.

And it's done. Pretty easy, eh?

NOTE: This method transmits password in cleartext format. Please check here for more secured options.

0 comments: