Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I protect a directory within github-pages?

Tags:

github-pages

jekyll

I am building my personal website using Jekyll and hosting it at github-pages. I would like to have a password protected area (just password protected directory, not the whole website). I have tried a few options and tricks to get htaccess to work but failed.

I would like to know if someone managed to use htaccess, or any other method, to protect a directory on github-pages.

Listing solutions which did not work for me (or I failed to get them to work):
*Flohei.
*Jeremy Ricketts.

like image 208
Mustafa Avatar asked Nov 21 '14 15:11

Mustafa

People also ask

Are GitHub Pages secure?

About HTTPS and GitHub PagesGitHub Pages sites shouldn't be used for sensitive transactions like sending passwords or credit card numbers. Warning: GitHub Pages sites are publicly available on the internet, even if the repository for the site is private.

Can GitHub Pages Repo be private?

With access control for GitHub Pages, you can restrict access to your project site by publishing the site privately. A privately published site can only be accessed by people with read access to the repository the site is published from.

Can you use your own domain with GitHub Pages?

On GitHub, navigate to your site's repository. Under your repository name, click Settings. In the "Code and automation" section of the sidebar, click Pages. Under "Custom domain", type your custom domain, then click Save.

2 Answers

GitHubPages (like Bitbucket Pages and GitLab Pages) only serve static pages, so the only solution is something client side (Javascript).

A solution could be, instead of using real authentication, just to share only a secret (password) with all the authorized persons and implement one of the following scheme:

  1. put all the private files in a (not listed) subdirectory and name that with the hash of the chosen password. The index page asks you (with Javascript) for the password and build the correct start link calculating the hash.

    See for example: https://github.com/matteobrusa/Password-protection-for-static-pages

    PRO: Very simple approach protecting a whole subdirectory tree

    CONS:

    • possible attack: sniffing the following requests to obtain the name of the subdirectory
    • the admins on the hosting site have access to the full contents

  2. crypt the page with password and decrypt on the fly with javascript

    see for example: https://github.com/robinmoisson/staticrypt

    PRO: no plaintext page code around (decrypting happens on the client side)

    CONS:

    • just a single page, and need to reinsert the password on every refresh
    • an admin could change your Javascript code to obtain the password when you insert it
like image 190
Carlo Bellettini Avatar answered Sep 28 '22 04:09

Carlo Bellettini

One option is to use Cloudflare Access to control access at the DNS level. After setting up a custom domain for your Git pages using Cloudflare for DNS, you can use their Access rules policy to require authentication at the specified url path.

This could still be bypassed if someone is familiar with bypassing DNS blocks.

https://www.cloudflare.com/products/cloudflare-access/

like image 28
user3546867 Avatar answered Sep 28 '22 05:09

user3546867
Sign in to Comment

Related questions

Jekyll/Ruby Kramdown Missing Dependency
Underscore issues: Jekyll + redcarpet == Github flavored markdown?
Jekyll on Github Pages not rendering CSS
How do I check the deploy status of Github Pages? (Specifically: Project Pages w/ Jekyll)
Using Liquid tags in a Jekyll page not working
How can I install Jekyll on OSX 10.11?
jekyll 2.2.0 | Error: Address already in use - bind(2)
Excluding page from Jekyll navigation bar
How to support scrolling when using pygments with Jekyll
How to make my post not public for a while?
Permanent redirect from Github gh-pages
Jekyll remote theme doesn't work locally
Jekyll raw HTML in post
Getting a specific item from a collection in Jekyll
How can I add a button in a .md file with Jekyll
Get Jekyll Configuration Inside Plugin
Can a Rails app and a Jekyll blog live together?
How do I create an IF ELSE statement if there are no Jekyll posts in a category?
In Jekyll How do I grab a post's first image?
For loop, wrap every two posts in a div

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!