I am using Centos server with apache server.
I have added python script that reads my website's login cookie and based on that it return apache.OK or apache.HTTP_UNAUTHORIZED.
However even if cookies is present, it will pop up that login form.
Any help on how to remove that pop up is appreciated.
I tried removing AuthType Basic, but than i get following error
The server encountered an internal error or misconfiguration and was
unable to complete your request.
<Directory "/var/www/html/reports" >
AddHandler mod_python .py
PythonHandler /tmp/access.py
PythonAuthenHandler /tmp/access.py
PythonDebug On
SSLRequireSSL
AllowOverride AuthConfig
#AuthType Basic
AuthName "Restricted Area"
AuthBasicAuthoritative Off
Options -Indexes
require valid-user
just found out if you don't want login pop up , you will have to set up req.user to something
It was throwing error before that req.user is null.
I did this req.user = "nobody"
Related
I have a development website in use before deploying to live.
The development website has a password with .htaccess and .htpasswd. The password login works fine.
For a particular functionality related to an external server having to access a page on the server, I got to disable the password temporarily for testing.
Normally this gets done by commenting out the "Require valid-user" line. For some strange reason, I get a 500 error if I comment out that line. This used to work fine in the past.
With password:
AuthType basic
AuthName "***"
Require valid-user
AuthUserFile "/usr/***/.htpasswd"
With password disabled:
AuthType basic
AuthName "***"
#Require valid-user
AuthUserFile "/usr/***/.htpasswd"
The # is the only difference. I also made sure that the file is not in UTF-8-BOM encoding, but stays in UTF-8 encoding. UTF-8-BOM also causes a 500 error.
Any ideas about how to solve this?
Alright so I'm having a problem using htaccess to password protect a page. Every time I navigate to the page they are redirected to a "Internal server error" page. I have very minimal knowledge of PHP and am having a hard time getting this fixed. I took a look in the error logs and found this error here "[error] [client 209.91.179.158] client denied by server configuration:"
I have no idea how to access the httpd.conf file on the FTP server nor do I know if it's possible. I have only been using PHP for about 2 weeks.
My .htaccess File
<Directory>
Order allow,deny
Allow from all
Allow from 209.91.179.158
Allow from ::1
</Directory>
AuthType Basic
AuthName "restricted area"
AuthUserFile mydir/.htpasswd
<Files "staff.html">
Require valid-user
</Files>
You're getting 500 error because <Directory> directive isn't allowed in .htaccess. If you can explain what you're trying to do I can help you further.
I am a newbie to Apache, using Apache 2.2.22. I am trying to password protect my whole localhost website using .htaccess; .htaccess is located in /Apache/htdocs and the password file is in /Apache/passwd. Trying to access the site I get prompted for a username/password but it always fails with the error (from error.log) [error] [client 127.0.0.1] user myuser: authentication failure for "/": Password Mismatch.
The password file was created with:
htpasswd -c /Apache/passwd/passwords myuser
My .htaccess file:
AuthType Basic
AuthName "Restricted Files"
AuthUserFile c:/Apache/passwd/passwords
AuthGroupFile /dev/null
require valid-user
My httpd.conf file was modifed with:
<Directory "C:/Apache/htdocs">
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
The Apache doc for Authentication and Authroization states to make sure that the modules mod_authn_core and mod_authz_core have either been built into the httpd binary or loaded by the httpd.conf configuration file. But I don't know how to do this; they are not listed in the Modules section of my httpd.conf file. mod_auth_basic.so, mod_authn_file.so, and mod_authz_groupfile.so are loaded via the httpd.conf file.
Thank you for any help or ideas.
I have trac installed and running great using apache2 and mod_wsgi. However when ever a user tries to access even the front page they are greeted with a login. I've tried several things, but everything I try either disables the authentication all together or won't allow unauthenticated users to view the site. Here's the authentication section of my httpd.conf file:
<Location '/'>
AuthType Basic
AuthName "Trac"
AuthUserFile /home/trac/.htpasswd
Require valid-user
</Location>
I'm almost certain that the solution lies int the require line but I've exhausted my ow creativity. Any thoughts?
EDIT: The answer I selected works great. The link given doesn't have instructions on connecting the password file to the system.
My memory is hazy, but the only solution I found when I had this issue was switching to from Apache authentication to the AccountManagerPlugin.
You can specify when apache should ask about password.
In trac when you select Login it will open site: /trac_folder/login
So defining location for authentication should do the trick.
Check my trac.conf:
WSGIScriptAlias /trac /var/lib/trac/apache/trac.wsgi
## This is required if you plan to use HTTP authorization. Without it the
## user name won't be passed
WSGIPassAuthorization On
<Directory /trac>
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
#AuthType Basic
#AuthName "TracHaselko"
#AuthUserFile /var/lib/trac/authfiles/htpasswd
#Require valid-user
</Directory>
<Location /trac/login>
AuthType Basic
AuthName "TracHaslo"
AuthUserFile /var/lib/trac/authfiles/htpasswd
Require valid-user
</Location>
In you file change:
<Location '/'>
to:
<Location '/login'>
I have managed to get authentication at least partly set up but am mystified as to why security isn't working...
In my httpd.conf file for ssl I have....
<Directory /usr/local/apache2.2/cgi-bin/oia>
SSLRequireSSL
Satisfy All
AuthType basic
AuthName "Protected Intranet Area"
AuthUserFile conf/.passwd
AuthGroupFile conf/groups
Require valid-user
</Directory>
I do have the user password in the setup and when accessing the page via https://....../cgi-bin/oia, it does correctly prompt me for the user name and password. Problem is if I use the same URL with http:// there's no prompting for a user name or password.
Any advice is greatly appreciated.
Nikki
You could set up a mod_rewrite rule to always forward the http://x.y.com to https://x.y.com (which is probably what you want to do anyway)