Exercise 5-4 Masscan User Authentication Issue

Viewing 4 reply threads
  • Author
    Posts
    • #17089
      Mike
      Participant

      This is less a question, and more of a note for anyone having trouble getting the user authentication section of the exercise working.

      When you get to the section where you’re editing the /etc/apache2/sites-enabled/000-default.conf file, we’re instructed to “Add these lines:”
      AuthType Basic
      AuthName “Restricted Content”
      AuthUserFile /etc/apache2/htpasswd
      Require valid-user

      But we’re not told where in the file to add them. I tried different places and couldn’t get the user authentication prompt to appear when reloading the page. It just took me straight to the Masscan web interface as before. When checking the status of apache with “systemctl status apache2.service” There were different errors with starting Apache. They were different depending on where in the .conf file the code block was inserted.

      After doing some digging, I discovered that inside of the main block of the .conf file, under the line that starts with “CustomLog…” if you create the following block of text, save and exit, then restart apache with “systemctl restart apache2” the web interface will then prompt you for user credentials when loading, as expected.

      <Directory “/var/www/html”>
      AuthType Basic
      AuthName “Restricted Content”
      AuthUserFile /etc/apache2/htpasswd
      Require valid-user
      </Directory>

      • This topic was modified 9 months, 1 week ago by Mike.
    • #17237
      Gisung Ryu
      Participant

      Thanks for sharing! This helped me with my issue.

    • #17241
      Christopher
      Participant

      Thanks for this post!

    • #17404
      HappyGilmore
      Participant

      Thank you help me out as well.
      Only issue, I had was not could not copy and paste the lines of codes.
      Had to enter them in manually

      Thank you

    • #17411
      James Aylesworth
      Participant

      I was just coming here to look for an email address to write somebody about this after figuring out. I’m glad to see the post already exists; hopefully others were smarter than I and looked here first.

      Valuable lesson learned… Check the forums first and save oneself the google-time…unless you enjoy those rabbit holes 🙂

      Thank you!

Viewing 4 reply threads
  • You must be logged in to reply to this topic.