On my local system i tried to get password protecting a directory with .htaccess running on Mamp 3.0.7.2 . The Apache version Mamp uses is Apache/2.2.29 (Unix). The httpd.conf file
/applications/mamp/conf/apache/httpd.conf
contains the following active line:
LoadModule authn_file_module modules/mod_authn_file.so
My testproject in
/applications/mamp/htdocs/sandbox/testproject/admin/.htaccess
contains following lines:
AuthBasic Basic
AuthName "Admin Area"
AuthUserFile /applications/mamp/htdocs/sandbox/.htpasswd
require valid-user
the .htpasswd file was created one level beneath in the sandbox folder for testing purpose only with:
htpasswd -c .htpasswd adminuser
with pwd .htpasswd within the sandbox folder i've extracted the exact path to prevent any typos which lead to
/applications/mamp/htdocs/sandbox/.htpasswd
but when i try to access the index.php file in the admin folder i get the following in the browser:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, you#example.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
and the php_error.log outputs the following on every try:
[Mon Dec 29 11:23:30 2014] [alert] [client ::1] /Applications/MAMP/htdocs/sandbox/testproject/admin/.htaccess: Invalid command 'AuthBasic', perhaps misspelled or defined by a module not included in the server configuration
But how could the AuthBasic command be misspelled or not included, cuz it actually is defined properly as shown above. :/
I am trying to connect to my wampserver 2.4 online but I have the following error:
Forbidden You don't have permission to access /clientServerTest/ on this server.
The error log shows:
[Sun Jun 08 21:53:45.281433 2014] [access_compat:error] [pid 6696:tid 1492] [client 192.168.0.7:52659] AH01797: client denied by server configuration: C:/wamp/www/favicon.ico
I have browsed a while and looked at this answer and this other one but no luck so far.
The server is already online and I can access it just fine using localhost. However, when I try to connect to it using the ipv4 of my pc on my local network I got the error.
I am using windows 7.
The firewall is already off.
Can anybody please help me out on this?
A better solution would be to do
# onlineoffline tag - don't remove
Require local
Require ip 192.168.0
Or whatever the first 3 quartiles of your local subnet is.
This uses the Apache 2.4 syntax rather than the Apache 2.2 syntax, and gives access to all the possible localhost variants and the local network, but not the world.
This way when you decide to open up your router you wont accidentally allow acccess to the world to all your development sites.
You will have to do this to all 3 app configs in the alias folder.
Ah... apparently I am found what was wrong...
In the httpd.config file in the following snippet (can access from the wamp menu):
# onlineoffline tag - don't remove
Order Deny,Allow
Deny from all
I removed Deny form all and put in Allow from all so now it looks like:
# onlineoffline tag - don't remove
Order Deny,Allow
Allow from all
Not sure it is the right solution... but at least I can connect
I'm having trouble setting up my Subversion.
I'm currently able to access repository directories within the parent directory. i.e http://server.com/svn/project but I receive a Forbidden error if I try to access the parent directory directly http://server.com/svn/
Ideally, I would like to be able to see all my repositories from a single url so I'm trying to get this configured properly.
I have looked at /etc/apache2/conf.d/subversion.conf and I have set
<Location /svn>
DAV svn
SVNParentPath /usr/local/svn
SVNListParentPath on
AuthType Basic
AuthName "My SVN"
AuthUserFile /etc/apache2/conf/user_authentication.conf
AuthzSVNAccessFile /etc/apache2/conf/svn_authorization.conf
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>
In /etc/apache2/conf/svn_authorization.conf I have configured
[/]
* = r
[project:/]
user1 = rw
etc..
I'm not quite sure why I am getting forbidden on parent since I believe I have read enabled for all users. I have even tried removing the * = r and putting myUsername = r but still forbidden.
What am I doing wrong?
Subversion won't show you the parent path directly. So "out of the box" you can't get the list of repositories this way. When using the web browser to access your repository, you should use viewvc, because that has many advantages to directly pointing the browser at the repository location (i.e. you can browse the history that way). If you're using a bundled SVN installation such as CollabNet, viewvc is automatically configured for your server, too.
After hours of searching the web and trying dozens of unsuccessful solutions - here is my question.
I'm currently configuring a webserver on RHEL 6.4 and httpd 2.2.15 behind another RHEL 6.4 server using squid 3.1.10 and HTTPS only. I'm also using mod_rpaf to simplify logging and identification of visitors behind the proxy.
My problem is to configure a simple password protected folder. When I try to access the folder, the password dialog pops up with the configured AuthName. So I know that the .htaccess is being parsed. But the dialog does not accept the correct credentials and gives me an error 401.
I messed around with:
different permissions for .htaccess, .htpasswd and parent folders
different absolute locations for the .htpasswd
all activated Apache modules that are available on my system
different encryption algorithms for .htpasswd (crypt, md5, sha, salted sha...)
AllowOverride All on the protected and parent folder
But what I really do not understand that even if I put a wrong location for AuthUserFile there is no error message in Apaches error_log like the well known Permission denied: Could not open password file. Even on LogLevel debug Therefore I think that something is wrong with that Directive AuthUserFile.
I hope there is someone out there knowing better methods to identify the problem.
This is my simple .htaccess I'm using for testing:
AuthType Basic
AuthName "Test123"
#AuthUserFile /var/www/test/.htpasswd
AuthUserFile /notexisting
Require valid-user
Finally I got it to work!
I tracked the error down to the squid reverse proxy by using lynx on my webserver and successfully accessing the protected folder from there.
With my new focus on squid I started googling again. Already the first link took me to the correct answer: squid did not allow the apache to handle user authentication.
Resulution:
Add login=PASS to the cache_peer command in your squid.conf
OS: Linux OpenSUSE
Version control - Mercurial
Apache2
I run http ://my.os.name/ it gives me a page - thus apache is running.
I run http ://my.os.name:/hg - It shows me Mercurial page, thus mercurial is
showing up on http Internet Explorer page.
I'm able to create repositories/or do normal work in Mercurial.
What I need.
1. When I open the above Hg link
then, instead of showing me the Mercurial(Hg) repository page home page, it should first check whether I belong to my company or not i.e. it should authenticate using Windows Active Directory or LDAP server.
If I'm making any changes to a file or create a directory / repository in Hg, then it should make sure / authenticate/verify whether I have valid access to do that operation or not.
HOW can I do this, I need step by step help as I'm new in Apache/Mercurial authentication setup.
I have almost read all the Online help in setting this up and so far I'm able to get to a point whether when I open Hg link, I get a popup for username/password prompt, but its not taking it / not working.
I also dont want to create .htpasswd/ .htaccess or digest files. What I'm wondering is that if in Windows Active Directory, if I have a Security group created for ex: Company/Project1_readers, Company/Project1_Contributors, Company/Project1_Repository1_Readers, Company/Project1_Repository2_Contributors... and in those AD security group ids, if I have all the developers added, then using these groups in AD, I want to grant access to developers instead of adding those users in .hg/hgrc file.
(This is what usually we do in TFS (Team foundation Server) to grant/revoke access) instead of messing with files (adding/removing users) in every repository etc.
How can I do the above?
Kindly advise if the best way is only creating .htpasswd/.htaccess/.htdigest etc files...if I'm wrong in achieving the above scenario.
My httpd.conf file Includes another .conf file (which contains)
=========================================
<Directory /srv/www/hg>
Order deny,allow
Deny from All
AuthType Basic
# #AuthName "Apache Web Site: Login with your AD(Active Directory) credentials"
AuthName "Mercurial Repositories"
#
#
# AuthBasicProvider ldap
# AuthzLDAPAuthoritative off
# #AuthLDAPURL ldap://10.211.16.1:389/OU=TSH,DC=tsh,DC=Mason,DC=com?sAMAccountName
# AuthLDAPURL "ldap://10.211.16.1:389/?samAccountName?sub?(objectClass=user)"
## #ldap://ldap.your-domain.com:389/o=stooges?uid?sub
# AuthLDAPBindDN "cn=xyzserver,OU=Services,OU=Users,OU=Infrastructure,OU=DEN,OU=KSH,DC=Psh,DC=Mason,DC=com"
# #"cn=StoogeAdmin,o=stooges"
# AuthLDAPBindPassword secret1
require valid-user
# require ldap-user
Satisfy any
</Directory>
When I'm using the abvoe LDAP URL in Jenkins, Jenkins is successfully authenticating a user while logging in, then why the same is not working when it's in this server's .conf file. Note, in apache2, the above doesn't have to be in httpd.conf file. Include concept is letting me include the file.conf and file.conf contains the above code. This is as per Apache2 directions as mentioned in httpd.conf file.
Rest of the mercurial files hgwebdir.cgi, hgweb.cgi, hgweb.config are all good (as per online blogs I have read).
I have all the required modules loaded (as they are visible in /etc/apache2/sysconfig.d/loadmodule.conf file (modules which are required for LDAP auth i.e. mod_ldap, mod_authz_ldap etc etc related to ldap and apache).
OK, Prompt part which was not taking my Windows Ldap credentials is now working.
What did I put wrong.
- See line: for AuthLDAPURL and AuthLDAPBindPassword, those were the culprits in my post shown above.
- Cause was, I was new to Windows AD/LDAP concept, so couldn't get a hold of anyone from Systems team in my company. So tried my own hands. The first line for AuthLDAPURL, I got from the GLOBAL configuration file (config.xml) of one of our Jenkins instance.
Jenkins GUI for showing config doesn't show passwords (as they are masked) so there you'll see Manager's DN password as "* * * * * *".
So, I thought I should open the config.xml file of Jenkins instance and got the password "secret1" from there. Actually "secret1" is just an example, in reality it was some crazy value over there like "VVX12##!5GH".
So basically I used that earlier which didn't work as for LDAP authentication to work correctly, you have to talk to someone in SYSTEMS team or the person WHO actually did the setup in Jenkins instance for LDAP authentication there.
Finally I got the password, and it worked.
Resolution: See below what I changed.
One important thing to notice is that, in Jenkins, AUTHURL for LDAP was:
AuthLDAPURL ldap://10.211.16.1:389/OU=TSH,DC=tsh,DC=Mason,DC=com?sAMAccountName
but,
from a Unix/Linux/in my case, SUSE machine, we have to change this line a little bit to
AuthLDAPURL ldap://10.211.16.1:389/OU=TSH,DC=tsh,DC=Mason,DC=com?sAMAccountName?sub
For more on this (Apache2.2 on connecting to Windows AD(Active Directory) authentication):
PS: http://www.yolinux.com/TUTORIALS/LinuxTutorialApacheAddingLoginSiteProtection.html
and then
- I put the correct password for cn=xyzserver (Manager DN user id) in the file and all was good then.
Snapshot of apache config file or the file which you have created separately and included in your httpd.file or through /etc/sysconfig/apache2 filer (variable APACHE_INCLUDE...) now looks like:
<Directory /srv/www/htdocs/hg>
Order deny,allow
Deny from All
AuthType Basic
AuthName "LDAP Access - Mercurial"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL ldap://10.211.16.1:389/OU=TSH,DC=tsh,DC=Mason,DC=com?sAMAccountName?sub
#AuthLDAPURL "ldap://10.211.16.1:389/OU=TSH,DC=Mason,DC=com?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "cn=xyzserver,OU=Services,OU=Users,OU=Infrastructure,OU=DEN,OU=KSH,DC=Psh,DC=Mason,DC=com"
AuthLDAPBindPassword CorrectPassword!
# require ldap-user c149807
# AuthUserFile "/dev/null"
require valid-user
Satisfy any
</Directory>
I'll work on getting the user access part now on the actual repository as Auth part is done from IE(Internet Explorer) to Hg(Mercurial) from Linux/Unix/OpenSUSE machine.
if prompted multiple times for user credentials in mercurial. Setup Mercurial_Keyring and then
this question comes which nobody explained in an easy way.
??? how to make the [auth] xx.prefix = servername/hg_or_something work for all repositories under servername/hg location either if I use servername, servername's IP or servername's FQDN ?
ANSWER: Arun • 2 minutes ago
−
OK, I put this in ~/.hgrc (Linux/Unix -home directory's .hgrc hidden file) or Windows users %UserProfile%/mercurial.ini or %HOME%/mercurial.ini file.
[auth]
default1.schemes = http https
default1.prefix = hg_merc_server/hg
default1.username = c123456
default2.schemes = http https
default2.prefix = hg_merc_server.company.com/hg
default2.username = c123456
default3.schemes = http https
default3.prefix = 10.211.222.321/hg
default3.username = c123456
Now, I can checkout using either Server/IP/Server's FQDN.