Static Webserver password protection?

I use on a Raspberry Pi. I know that there is a static Webserver running, in /config/www/ and I can browse it on
But the folder is not protected by the home assistant password- so I have to protect it by .htaccess? Am I right? I try it with htaccess but it won’t work- is that the right path in the htaccess file?

AuthType Basic
AuthUserFile /config/www/.htpasswd
AuthName "Admin Bereich"
require valid-user

Thank you

No answer to this? I have the same need. I’ve developed a dashboard in vanilla js that I want to place in the www folder but I don’t want to expose sensitive information.
Would be nice to have an option to include the www folder under the same security as the native web gui.
Or use htaccess


I’m also wondering if this is a bug or intentional. Until now I assumed that only logged in users can load the files.

I would assume best way to protect those is with nginix?

1 Like