I have a development website in use before deploying to live.
The development website has a password with .htaccess and .htpasswd. The password login works fine.
For a particular functionality related to an external server having to access a page on the server, I got to disable the password temporarily for testing.
Normally this gets done by commenting out the "Require valid-user" line. For some strange reason, I get a 500 error if I comment out that line. This used to work fine in the past.
With password:
AuthType basic
AuthName "***"
Require valid-user
AuthUserFile "/usr/***/.htpasswd"
With password disabled:
AuthType basic
AuthName "***"
#Require valid-user
AuthUserFile "/usr/***/.htpasswd"
The # is the only difference. I also made sure that the file is not in UTF-8-BOM encoding, but stays in UTF-8 encoding. UTF-8-BOM also causes a 500 error.
Any ideas about how to solve this?
Related
Okay this might be a very obvious one however...
I have the following in my .htaccess file
AuthType Basic
AuthName "Message"
AuthUserFile /www/sites/5ce/448/domainname/folder.htpasswd
require valid-user
Which works fine for password protecting the folder it's placed in.
I also have in another .htaccess file (when I remove the first one)
Options +indexes
Which works fine for showing the directory folder and included files on browser.
When I put these together i get Error 500. How do you essentially enable directory view but password protected?
There shouldn't be a space between the + and the indexes.
Try this:
AuthType Basic
AuthName "Message"
AuthUserFile /www/sites/5ce/448/domainname/folder.htpasswd
require valid-user
Options +Indexes
I am running latest ubuntu with apache.
I have very simple html directory I want to protect using .htaccess.
I am trying to do it with:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/www/dev/docs/.htpasswd
Require valid-user
On my .htpasswd file I have:
user:pass
I get internal server error with this. I've been digging hard but not sure why this is happening.
If I add a this:
<Directory "/var/www/dev/docs">
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/www/dev/docs/.htpasswd
Require valid-user
</Directory>
I can't login no matter what I do...
Thanks,
I have the same problem. But after a few trial and error, here's the fix.
You must use the full path to the .htpasswd file.
You must encapsulate the path with quotation marks "home/username/public_html/subfolder/protected/.htpasswd"
An example:
AuthUserFile "/home/username/public_html/subfolder/protected/.htpasswd"
AuthType Basic
AuthName "My restricted Area"
Require valid-user
Error #500 just means the web server isn't understanding something in your .htaccess file. There will be nothing in Apache's error log since the request doesn't even get parsed at this point.
Try putting quotes around the path to the .htpasswd file and note on some hosting companies like cough.. godaddy, 1&1 It may take several minutes for the changes in .htaccess to be picked up.
AuthType Basic
AuthName "Restricted Area"
AuthUserFile "/home/. . . . ./.htpasswd"
require valid-user
I have got same situation on Apache/2.4.6 (CentOS)
Path to htpasswd needs to be taken from $_SERVER['DOCUMENT_ROOT']
Apache has some bug (https://bz.apache.org/bugzilla/show_bug.cgi?id=54735), you need to set password from console like this:
htpasswd -nb username newpassw > <path-to>/.htpasswd
btw in Apache 2.4.6 on CentOS 7 problem still exists
I have this .htaccess
AuthType Basic
AuthName "Protected Area"
AuthUserFile /.htpasswds/.htpasswd
Require valid-user
And a .htpassword
test:$apr1$zXAu7nnl$612DeubGZ9jDrDPB1S8VO0
the directory structure is:
/.htpasswds/.htpasswd
/public_html/.htaccess
any attempt to login give me a 500 error. In cpanel the error is not registered in error log.
I don't know exactly what is the problem, but my host provider suggests this:
In cpanel
Section security
Option Web Protect
That will generate:
AuthType Basic
AuthName "Protected"
AuthUserFile "/home/abvnfj/.htpasswds/public_html/passwd"
require valid-user
if apache can not access .htpasswd, it generate Error 500.
in AuthUserFile write full path to .htpasswd file.
I've had a very similar problem with cPanel - and error 500 "internal error" upon entering the basic authentication credentials.
The problem seems to stem from cPanel putting the password file into a directory that the apache process could not access. Moving it to the root folder for the account (where the public_html directory is created) fixes the problem for me. The AuthUserFile entry in .htaccess must still point to the absolute pathname for the file, for example:
AuthUserFile "/home/myaccount/.passwd"
with the site root being in /home/myaccount/public_html/
Make sure you are using the correct absolute path in .htpaswd.
Example: for my bluehost I need
AuthUserFile /home7/<username>/public_html/...
While the FTP just gave me
/wwww/...
I had same error and I tested htpasswd with adding -p parameter which generates passwordfile as plaintext. The error was disappeared, but now I don't have any idea why default md5 passwords are causing this error.
I've been trying to get this to work for an hour.
I'm protecting a directory with .htaccess and .htpasswd
AuthType Basic
AuthName "Access Denied: Please Enter the Correct Information to Continue"
AuthUserFile /actual/path/based/on/php/info/.htpasswd
require valid-user
Simple stuff. For some reason I'm getting a 401.shtml page instead of asking for login information.
I've tried disabling the other redirects
I'm pretty sure the path is correct
This works just fine on another site, just different web hosts.
Thanks.
I have managed to get authentication at least partly set up but am mystified as to why security isn't working...
In my httpd.conf file for ssl I have....
<Directory /usr/local/apache2.2/cgi-bin/oia>
SSLRequireSSL
Satisfy All
AuthType basic
AuthName "Protected Intranet Area"
AuthUserFile conf/.passwd
AuthGroupFile conf/groups
Require valid-user
</Directory>
I do have the user password in the setup and when accessing the page via https://....../cgi-bin/oia, it does correctly prompt me for the user name and password. Problem is if I use the same URL with http:// there's no prompting for a user name or password.
Any advice is greatly appreciated.
Nikki
You could set up a mod_rewrite rule to always forward the http://x.y.com to https://x.y.com (which is probably what you want to do anyway)