How to add Apache2 (XAMPP) runtime argument in Windows - apache

I am trying to set development variable for xampp under Windows in order to do this:
<IfDefine !development>
AuthType Basic
AuthName "Say the secret word"
AuthUserFile /var/www/hostname/.htpasswd
Require valid-user
</IfDefine>
on Linux you do it like this
export APACHE_ARGUMENTS=-Ddevelopment
How do I do this on Windows? I've tried to do
set APACHE_ARGUMENTS=-Ddevelopment
but it didn't work.
Any ideas?
Edit: tried to add startup parameters to apache service config, but didn't help either.

This may be a duplicate of Apache .htaccess - applying basic authentication conditionally based on environment or hostname
I have solved this issue by using the 'Allow from ....' directive.
This way I can blanket enable based off an IP ADDRESS
Here is the contents of my .htaccess file
Order deny,allow
Deny from all
AuthType Basic
AuthName "Secure Area"
AuthUserFile "/path/to/file/.htpasswd"
Require valid-user
Allow from 127.0.0.1
Satisfy Any

Related

Apache2 - display auth only for public IP's, only on testing server

I want to configure universal .htaccess file for my application to protect my testing server. I want to display basic auth for any request that comes from public IP, only if current server is testing.
How to archieve this? I know how to protect domain and exclude some IP:
AuthType Basic
AuthName "Please Log In"
AuthUserFile /some/path/.htpasswd
Require valid-user
Order deny,allow
Deny from all
Allow from 127.0.0.1
Satisfy any
But how I can let this code run only if server is dev/testing? I can't change env variables. I thought about detecting domain (server that I want to protect is on subdomain), and place code from above in some sort of if block, but I don't know how.
You use mod_setenvif to set an env variable based on current host and use it auth later:
SetEnvIfNoCase Host ^sub\.domain\.com$ SECURED
AuthType Basic
AuthName "Please Log In"
AuthUserFile /some/path/.htpasswd
Require valid-user
Order Allow,Deny
Allow from 127.0.0.1
Deny from env=SECURED
Satisfy any

500 Error with .htaccess password protection

I am running latest ubuntu with apache.
I have very simple html directory I want to protect using .htaccess.
I am trying to do it with:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/www/dev/docs/.htpasswd
Require valid-user
On my .htpasswd file I have:
user:pass
I get internal server error with this. I've been digging hard but not sure why this is happening.
If I add a this:
<Directory "/var/www/dev/docs">
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/www/dev/docs/.htpasswd
Require valid-user
</Directory>
I can't login no matter what I do...
Thanks,
I have the same problem. But after a few trial and error, here's the fix.
You must use the full path to the .htpasswd file.
You must encapsulate the path with quotation marks "home/username/public_html/subfolder/protected/.htpasswd"
An example:
AuthUserFile "/home/username/public_html/subfolder/protected/.htpasswd"
AuthType Basic
AuthName "My restricted Area"
Require valid-user
Error #500 just means the web server isn't understanding something in your .htaccess file. There will be nothing in Apache's error log since the request doesn't even get parsed at this point.
Try putting quotes around the path to the .htpasswd file and note on some hosting companies like cough.. godaddy, 1&1 It may take several minutes for the changes in .htaccess to be picked up.
AuthType Basic
AuthName "Restricted Area"
AuthUserFile "/home/. . . . ./.htpasswd"
require valid-user
I have got same situation on Apache/2.4.6 (CentOS)
Path to htpasswd needs to be taken from $_SERVER['DOCUMENT_ROOT']
Apache has some bug (https://bz.apache.org/bugzilla/show_bug.cgi?id=54735), you need to set password from console like this:
htpasswd -nb username newpassw > <path-to>/.htpasswd
btw in Apache 2.4.6 on CentOS 7 problem still exists

using http basic auth to login to mutiple virtual hosts at once under apache

I have 2 virtual hosts under one domain: a.mydomain.com, b.mydomain.com.
And in the global configuration of apache I have the following:
<Directory />
Options FollowSymLinks
AllowOverride None
AuthType Basic
AuthName "Restricted Area"
AuthBasicProvider file
AuthUserFile /etc/httpd/password_http_auth
Require user mydomain_user
</Directory>
This works well for all the virtual hosts to have basic auth protection. However, I need to enter username and password for a.mydomain.com and b.mydomain after I went to mydomain.com and authenticate there.
So my question is: is there a way to do authentication on mydomain.com only and that user do not need to enter username and password again for all the virtual hosts under this domain?
Thanks advance.
Any configuration done in the httpd.conf or apache2.conf is a global configuration and will apply to all of your configured sites.
To only have it apply to one of the sites. Move the auth configurations to the specific virtual host configuration file
<Directory />
# keep these
Options FollowSymLinks
AllowOverride None
# move these to the vhost configuration you want to protect
AuthType Basic
AuthName "Restricted Area"
AuthBasicProvider file
AuthUserFile /etc/httpd/password_http_auth
Require user mydomain_user
</Directory>
This might be useful for someone:
I have a single virtual host with many aliases. It is a multisite set up with a single source code for multiple websites. I needed a basic authentication for some of the hosts but not for others while the virtual host is common for all the hosts/domains.
Here is ow I did it and it works fine (Apache 2.4 / Ubuntu 18LTS):
SetEnvIf Host "secure\.host\.com" SECURED
SetEnvIfNoCase Request_URI "^/secure-dir/" SECURED
AuthType Basic
AuthName "Basic Auth Message"
AuthUserFile /var/www/public-html/.htpasswd
Require valid-user
Satisfy any
Order allow,deny
Allow from all
Deny from env=SECURED
In the above example I also have a secured directory (line 2) which works with regular expression so it will match with any file in that directory.
On line 1 is the secured host name. Please note the backslash before each dot character!
Add as many lines for hosts or directories as you need.

Allowing anonymous users in Trac (apache/mod_wsgi)

I have trac installed and running great using apache2 and mod_wsgi. However when ever a user tries to access even the front page they are greeted with a login. I've tried several things, but everything I try either disables the authentication all together or won't allow unauthenticated users to view the site. Here's the authentication section of my httpd.conf file:
<Location '/'>
AuthType Basic
AuthName "Trac"
AuthUserFile /home/trac/.htpasswd
Require valid-user
</Location>
I'm almost certain that the solution lies int the require line but I've exhausted my ow creativity. Any thoughts?
EDIT: The answer I selected works great. The link given doesn't have instructions on connecting the password file to the system.
My memory is hazy, but the only solution I found when I had this issue was switching to from Apache authentication to the AccountManagerPlugin.
You can specify when apache should ask about password.
In trac when you select Login it will open site: /trac_folder/login
So defining location for authentication should do the trick.
Check my trac.conf:
WSGIScriptAlias /trac /var/lib/trac/apache/trac.wsgi
## This is required if you plan to use HTTP authorization. Without it the
## user name won't be passed
WSGIPassAuthorization On
<Directory /trac>
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
#AuthType Basic
#AuthName "TracHaselko"
#AuthUserFile /var/lib/trac/authfiles/htpasswd
#Require valid-user
</Directory>
<Location /trac/login>
AuthType Basic
AuthName "TracHaslo"
AuthUserFile /var/lib/trac/authfiles/htpasswd
Require valid-user
</Location>
In you file change:
<Location '/'>
to:
<Location '/login'>

htaccess: only do [some lines of code] for one domain, no others

Say I have a htaccess file shared by "dev.server" and "server.site.com".
The first domain should allow all users to access it unchallenged (it only exists on my local development server).
The second domain I want to authenticate users with Apache (NOT by database).
The code to authenticate users is:
AuthType Basic
AuthName "Server Admin"
AuthUserFile "/path/to/passwd"
require valid-user
What I can't do is make those 4 lines only matter if the domain is "server.site.com". How can I do this?
I searched for something like <IfEnv HTTP_HOST "site.server.com"> but had no luck.
This appears to work, still need to do some testing on it though.
Order Deny,Allow
Deny from all
SetEnvIf Host domain.for.no.auth dev
Allow from env=dev
AuthUserFile .pwd
AuthType Basic
AuthName MySite
Require valid-user
Satisfy Any
As far as I know, this can't be done in a .htaccess file. You'd have to put this into a Directory or VirtualHost section, both of which can't be used in a .htaccess file.
You would have to define it in two separate files, or directly in the server's configuration in the VirtualHost section.