.htaccess password protection not working with domain on a folder - apache

I have 2 domains mapped to the same server.
- Domain-A is mapped to public_html directory
- Domain-B is mapped to public_html/domainb directory
When I set a .htaccess user/password for directories that I access via the first domain (e.g. domain-a.com/wp-admin) everything works like a charm.
But when I try to set the same for directories that I access from the domain-b, I got a ERR_TOO_MANY_REDIRECTS error.
Below .htaccess code. Note that the very same code works on folders of the domain-a but not on domain-b:
AuthType Basic
AuthName "myuseradmin"
AuthUserFile "/home3/desempac/.htpasswds/public_html/domainb/wp-admin/passwd"
require valid-user
Any thoughts?

change the following line in your code accordingly :
AuthUserFile /path/to/password/file/.htpasswd
Make sure you located the .htpasswd file inside the folder that you want to protect it

Related

How do I lock a folder with htaccess file?

I am trying to lock a folder on my site with htaccess file
I created a htaccess file in the root and I created a htpasswd file inside the folder I want to lock
But the problem is that it does not work and I am banned from entering the entire site until I delete the "Require valid-user" from the .htaccess file in order to allow me to enter the site.
htaccess file
ErrorDocument 404 /404.html
#Protect Directory
AuthName "Dialog prompt"
AuthType Basic
AuthUserFile /fares/.htpasswd
Require valid-user
htpasswd file
fares:djefaflia
It does not work on the local server or on the hosting
AuthUserFile /fares/.htpasswd
The file-path provided to AuthUserFile should be an absolute filesystem path, not a root-relative URL-path (ie. relative to the document root) which is what this looks like.
The "absolute filesystem path" is the full file-path to the .htpasswd file on the server. For example, if the server path to your document root directory (where your HTML files are located) is /home/user/public_html and you are wanting to protect the directory /fares within your document root and you are storing the .htpasswd file inside that directory (although that is not recommended - see below) then the AuthUserFile directive should be like the following instead:
AuthUserFile /home/user/public_html/fares/.htpasswd
However, you should avoid storing the password file in the same directory you are protecting (for security reasons). Ideally, this file would be stored outside of the document root (ie. outside of the public HTML space). For example, you could mirror the file structure in a htpasswds directory above the document root in which you store all the relevant .htpasswd files on your system:
AuthUserFile /home/user/htpasswds/fares/.htpasswd
fares:djefaflia
As written, this does not "look" correct (unless you are intentionally trying to store plain text passwords - which won't work on Linux). How are you generating the password file? You should be using a tool like htpasswd.exe (that comes with Apache), or something similar that generates a hash of the password. For example, it should look more like this:
fares:$apr1$6Szn.sq3$7E6ZMJLBAZKWX.wmGRISu1

.htaccess produces permission denied despite correct password

I set up a .htaccess-file to protect a folder which is in the webroot. Let's call the folder /protected.
I placed the .htaccess and the .htusers file in this very folder (/protected). When I try to login into the folder using the correct login credentials I still get 403.
Here is the .htaccess file:
AuthType Basic
AuthName "Service-Bereich"
AuthBasicProvider file
AuthUserFile [FULL_PATH]/.htusers
Require valid-user
.htusers
mary:$afr1$oqJDM12K$iT9QWY4ETerG0LUtRzw8C.
(For security reasons: user data is not real! It is a mockup)
Thank you in advance.
I finally managed to get it working. I left out the AuthBasicProvider file directive and put a file into the directory. However, I would still be interested in getting it to work without placing a file into the directory. :)
Thank you for all who tried to help me solving the issue.

htpasswd outsite the public html not accessible

On the webserver I use, I have multiple sites (subdomains). Some of these have an admin folder for quick edits for each site. In the admin folder I placed a .htaccess file, restricting access to it.
I have placed a htpasswd file outside the public_html folder(because that's what I read, I should), each password file, in a new directory.
So my folder/file structure so far:
/server/public_html/domain.com
/server/public_html/domain.com/admin/.htaccess
/server/domain_password/.htpasswd
The content of the .htaccess file, inside the admin folder:
#Block_External_Access
AuthType Basic
AuthName 'My Protected Area'
AuthUserFile /server/domain_password/.htpasswd
Require valid-user
The problem is, that in this case I get a big fat 500 server error. Looks like it cannot read the password file after all. If I move my htpasswd down to the domain folder, or the admin folder, and update the htaccess file correspondingly, it works.
Is there any setting somewhere, where prohibits my expected behaviour, or I'm missing something else?
Apparently, because the folder creation was automated, it gave the folder a permission of 600. Which was a bad decision. :D

Password protect nested directories with .htaccess

I have multiple directories that look something like this:
root
- directory 1
- directory 2
- directory 3
- sub directory 1
- sub directory 2
- sub directory 3
Root is protected with a .htaccess right now,
What im looking to do is Protect sub directory 1,2, and 3 with different usernames / passwords
Can this be done? If so how?
Right now my .htaccess file that is located in directory 3 looks like this:
AuthUserFile path/path/path/sub directory 1/ .htpasswd
AuthUserFile path/path/path/sub directory 2/ .htpasswd
AuthUserFile path/path/path/sub directory 3/ .htpasswd
AuthName "Please Log In"
AuthType Basic
require valid-user
however it doesnt work...and im getting Internal Error Server
You need a separate htaccess file in each of your subdirectories that point to the specific htpassword file. You can't separate which sub directories use which htpasswd file like you have in your htaccess.
Additionally, don't leave spaces in the page, apache will think you're referring to multiple parameters for a directive.
So in the htaccess file in each subdirectory, try something like:
AuthUserFile .htpasswd
AuthName "Please Log In"
AuthType Basic
require valid-user
but note, it's generally a really really bad idea to leave your password file in the webroot, allowing people to possibly download it.

.htaccess and .htpasswd to prevent access to folder problem

I have a website admin area I want to protect with a password..
so inside the admin folder I put an .htaccess and .htpasswd files containing this:
.htaccess:
AuthUserFile C:/wamp/www/website_project/admin/.htpasswd
AuthName "Restricted Area"
AuthType Basic
Require valid-user
.htpasswd: (generated using an online tool)
admin:sOSDxAdJI4xx2
When I go to the admin folder, a popup is shown where I need to insert username and password... so until now its working fine, BUT no matter if I insert a correct password or not I get the same popup again when I hit 'enter', I can never access the folder...
Any suggestions?
Based on the AuthUserFile line, it looks like you're using Apache on Windows, which has a different default password encryption algorithm than other platforms. Try using the htpasswd command-line tool to generate the password and see if you still have the same problem.