Ispmanager 6 business documentation

Restricting access to the website


You can restrict access to the entire website or to some of its directories. To open a directory of the website with restricted access, the visitor will need to go through an additional authorization in the browser.

Setting restrictions

To restrict access to the website:

  1. Enter Domains → WWW-domains →  menu  → Access limits.
  2. Press Add.
  3. Select the directory of the website you want to restrict access to. You can specify it manually in the Path to directory field or select it in the file manager.
  4. Press Next.
  5. Enter your login information:
    1. Username.
      This username will only be used for authorization in the website directory. It is not associated with ISPmanager user accounts.
    2. Enter or generate a Password.
    3. Re-enter the password in the Confirmation field.
  6. Press Finish.

To delete the restriction, enter DomainsWWW-domains → menu  Access limits → select the restriction → Delete.

To edit the restriction settings, enter DomainsWWW-domains → menu  Access limits → select the restriction → Users. Possible actions:

  • Add a new user for the restriction;
  • Edit the settings for the user;
  • Delete the settings for the user;
  • Enable or disable user settings.

Work logic

After creating a restriction, ISPmanager:

  1. Saves username and password in encrypted form in the file /var/www//data/etc/access...passwd.
  2. Adds a section to the web server configuration file:

    Example of section for Apache

    <Directory /var/www/www-root/data/www/>
    Allow from all
    AuthName "Access limited by ISPmanager"
    AuthType Basic
    AuthUserFile /var/www/www-root/data/etc/
    Order allow,deny
    Require valid-user

    Example of section for Nginx

    location /tmp/ {
    		location ~ [^/]\.ph(p\d*|tml)$ {
    			try_files /does_not_exists @php;
    		auth_basic "Access limited by ISPmanager";
    		auth_basic_user_file /var/www/www-root/data/etc/;