I can access the below path without any requesting to username and password, but I need to make it allowed only with username and password, HOW to set this?
IMHO your setup is wrong. You’re trying to use a webserver to create remote access to files, which is not how it’s done. Use sftp://username@ipaddress , that will ask for a username/password
I know, but I noticed the IP address, which is on a LAN. And … I recently had an experience with an ignorant student where bidirectional filetransfer was the goal, user/password authentication.
HTTP file sharing (ie using a webserver) is my preferred method, although others might prefer SAMBA, I like the ability to apply Internet-grade security so the Server can be pointed practically anywhere.
When a webserver serves files, security can be applied typically at either or a even a combination of two levels
The OS file permissions, typically the webserver permissions are null or anonymous
Less often done this way, but can be done within a LAN. If you don’t mind remote Users using a local User account on the webserver, this can work. But, typically on Linux this also means granting local login permissions to the User, so can be used only with highly trusted Users. Or, you can implement Network Security so that network account credentials are applied granularly which generally would not permit local logons.
Application permissions set by the webserver, the OS file permissions are then typically set accordingly (usually the security context of the webserver).
In this scenario, the webserver impersonates the User so that the User doesn’t have direct access to the files. To accomplish this, the webserver needs to run and manage its own security model which typically includes its own database and forms for authentication, then permitting access to specified locations.
Conclusion
If you’re running Network Security like LDAP, AD, or similar you can safely grant direct access to the file system through a webserver by permitting only specified Network User access.
If you don’t have Network Security, then granting direct access should only be used with highly trusted Users you don’t mind possibly messing with the system.
If you don’t have Network Security, then you can safely grant User access through a “Webserver Application Gateway” where the website uses its own security model. Examples of this are generally called Content Management Servers(CMS) and include but are not restricted to Drupal and PHPnuke (take a look at this list https://en.wikipedia.org/wiki/List_of_content_management_systems )
I used for this htpasswd2 and in the /etc/apache2./conf.d/vicirecord.conf I did the following configuration:
Alias /RECORDINGS/ “/var/spool/asterisk/monitorDONE/”
<Directory “/var/spool/asterisk/monitorDONE”>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
AuthType Basic
AuthName “MP3 Team Leader Only”
AuthUserFile /var/spool/asterisk/passwd
Require valid-user
<files *.mp3>
Forcetype application/forcedownload
</files>
</Directory>
The problem now that I am facing it:
When I need to access any directory or files under the directory /var/spool/asterisk/monitorDONE, it is requesting username and password, but the problem that if I accessed the page, then if I clicked any link inside the page, it is requesting to enter the username and password again (while already I logged in to the page), how I can resolve this? It is enough to enter one time the username and password to access the page (or directory) and no need for requesting this username and password to be entered again after the login. How this can be resolved?