How to add HTTP Authorization to Synology's web interface

---

Situation

This article is relevant to a DS412+ appliance.

You're using a small Synology server. You use the web interface for whatever purpose. (the one at http://nas.example.com:5001). You'd like to access this interface remotely, but you are afraid to open the port on your firewall since you don't trust the associated CGI scripts.

Solution

Add HTTP auth to httpd, so that any request must go through a password.

Create file /usr/syno/etc/httpd/passwd (here or in whatever location you fancy) and create your credential database.

user:$apr1$mN37yOqk$7wKJq7B710AcJSa7Y6WJD1
user2:$apr1$4zha9SDn$Vcs481LpfkUMx1Y/SybKw.
user3:$apr1$Gq/AeNY4$68DGcCVo6BdOSy1eSDjkP/
user4:$apr1$ihJ0/hfG$1MUZzj3LYKG7tU3P7S9hh/

Create file /etc/httpd/conf/extra/httpd-something.conf and configure httpd to serve on port 5002 the same content as port 5001, but with basic HTTP authentication.

Listen 5002

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authn_file_module modules/mod_authn_file.so


    ServerName *
    ServerAlias *

    SSLEngine on

    
        AuthType Basic
        AuthName "Secure Content"
        AuthBasicProvider file
        AuthUserFile /usr/syno/etc/httpd/passwd
        Require valid-user
    

Edit /etc/httpd/conf/httpd.conf-sys and include the preceding file at the end.

Include conf/extra/httpd-something.conf

Restart httpd.

/usr/syno/etc/rc.d/S97apache-sys.sh restart

Forward port 5002 in your firewall.



Enjoy your (a tiny bit more) secured NAS from anywhere in the world.

---