I want to protect the complete /var/www/html/* area with a Password, but exclude one File.
I tried this Code:
<Files *.*>
AuthType Basic
AuthName "Service-Login"
AuthUserFile /path/tomypasswdfile/...
Require valid-user
</Files>
<Files /index.alternetive.php>
#Order allow,deny
Require all granted
#Allow from All
#Allow from env=allow
#Satisfy any
</Files>
The Login is functioning, but for ALL files including the "index.alternetive.php"-File.
My apache2 is running on Ubuntu-Xenial.
Thanks Alot
Files doesn't work on path names, but only on file names. If you want a specific path, you must enclose it in a Directory directive or put it in a .htaccess where it belongs. In your case this seems to be the root directory
AuthType Basic
AuthName "Service-Login"
AuthUserFile /path/tomypasswdfile/...
Require valid-user
<Files index.alternetive.php>
Require all granted
</Files>
Also look at the spelling, e.g. alternetive vs alternative.
The file name is your problem. Change it to something like index_alternetive.php and that should work for you.
Related
I've seen a few other relative posts but didn't find any solution.
I need to restrict a folder with authentification, it works.
But in this folder I need to keep one file access opened to everybody, I used this but it doesn't works :
AuthName "Admins Only"
AuthUserFile /home/dd/.htpasswd
AuthGroupFile /dev/null
AuthType basic
require user AuthorizedUser
Options -Indexes
<Files "admin-ajax.php">
Allow from all
Satisfy all
</Files>
Sorry for my bad english and thanks for help !
use SetEnv and Order directive :
#set variable if uri is "/admin-ajax.php"
SetEnvIf Request_URI ^/folder/admin-ajax\.php noauth=1
#auth
AuthName "Admins Only"
AuthUserFile /home/dd/.htpasswd
AuthGroupFile /dev/null
AuthType basic
require user AuthorizedUser
#Here is where we allow/deny
Order Deny,Allow
Satisfy any
Deny from all
Require user AuthorizedUser
Allow from env=noauth
This will let you access your admin-ajax.php without login to server.
I have a .htpasswd file in the root of my domain and a .htaccess file which should protect a single index.php file. Unfortunately it appears asif index.php files in subdirectories are also protected.
Is it possible to make this work on a single file and leave files in subdirectories untouched?
This is my current .htaccess file.
<Files "index.php">
AuthName "Users zone"
AuthType Basic
AuthUserFile /home/deb69824/domains/.htpasswd
require valid-user
</Files>
Interesting problem. Using Files or FilesMatch won't help you since that only matches file names irrespective of the directory files reside in. Unfortunately Location directive is not allowed in .htaccess file.
Luckily there is a directive that you can make use of here, i.e. mod_setenvif
# set env variable if URI is /index.php
SetEnvIf Request_URI "^/index\.php$" HOME_INDEX
# use BASIC authentication only when env variable HOME_INDEX is set
AuthType Basic
Authname "Users zone"
AuthUserFile /home/deb69824/domains/.htpasswd
Require valid-user
Satisfy any
Order allow,deny
Allow from all
Deny from env=HOME_INDEX
Include a slash, which indicates the exact location of the file, e.g. in the root of the directory?
<Files "./index.php">
AuthName "Users zone"
AuthType Basic
AuthUserFile /home/deb69824/domains/.htpasswd
require valid-user
</Files>
I have the following htaccess, directory listing is enabled, however when go to the directory the .htaccess file is in, there's no access control. what's wrong?
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/xxx/.htpasswd
AuthGroupFile /dev/null
require valid-user
The solution is that I need to have AllowOverride All to allow .htaccess at the directory levels.
<Directory /var/www/vhosts/localhost>
Options Indexes FollowSymLinks
AllowOverride All
</Directory>
Try removing AuthGroupFile from there, perhaps it is causing trouble.
Everything else looks absolutely correct. One possibility is that your copy of Apache doesn't have the AuthConfig AllowOverrides enabled for your files. This would disable Auth* entries in .htaccess.
You must type to the top: RewriteEngine On
If that does not work, that means you may not have RewriteEngine at all
I set some htaccess with htpasswd on my server. Here is it's content:
Order Allow,Deny
AuthType Basic
AuthName "Password"
AuthUserFile /var/www/.htpasswd
Require valid-user
Satisfy Any
It works for all /var/www/* directories.
Is it possible to ignore some of that /var/www/* directories ?
You can place those directives in a <Directory> directive, so they only apply to one directory.
I have a new website I'm working on that the client wants to keep a secret, but at the same time, I want to put an under construction page with some info on it. I would like to have everything except index.html require a user/password--index.html would be available to everyone.
I have the following, but I'm not sure what I need to add:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/file/.htpasswd
AuthGroupFile /dev/null
require valid-user
There are too many files and possibly new files to say "for this set of files require a user/password".
I think it has something to do with something similar to:
<Files index.html>
order deny,allow
allow from all
</Files>
But I'm not exactly sure how.
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/file/.htpasswd
AuthGroupFile /dev/null
<Files "*">
Require valid-user
</Files>
<Files "index.html">
Allow from all
Satisfy any
</Files>
I used empi response almost exactly, but I realized that I'm loading a logo and reset-min.css on the under construction page, so I modified it like the following:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/examplecom/example.com/html/.htpasswd
AuthGroupFile /dev/null
<Files "*">
Require valid-user
</Files>
<FilesMatch "(index\.html|reset-min\.css|logo-temp\.gif)$">
Allow from all
Satisfy any
</FilesMatch>
have you tried reversing the order to first allow, then deny?
For further reading: apache htaccess directive are a good reference.