Password protect EVERY directory with Apache - apache

Is there a way to password protect every directory requested in Apache? So that regardless what location the request is for, it must be authenticated. Also, can this be done WITHOUT .htaccess, but just in a conf file somewhere?

I found this finally:
<DirectoryMatch ".">
AuthUserFile /path/to/.htpasswd
AuthGroupFile /dev/null
AuthName "Protected Realm"
AuthType Basic
require valid-user
</DirectoryMatch>

Related

How to config htpasswd with htaccess

i want to make some pages password protected using .htpasswd
How can i do it ??
# Do the regex check against the URI here, if match, set the "require_auth" var
SetEnvIf Request_URI ^/product-category/ require_auth=true
# Auth stuff
AuthUserFile /home1/thetimh6/public_html/htpasswd
AuthName "Password Protected"
AuthType Basic
# Setup a deny/allow
Order Deny,Allow
# Deny from everyone
Deny from all
# except if either of these are satisfied
Satisfy any
# 1. a valid authenticated user
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=!require_auth
I am try it in my htaccess file but it is showing me
500 Server Error
Put the following code in .htaccess in public_html
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/.htpasswd
Require valid-user
Then create a .htpasswd, but put it OUTSIDE public_html
So the /path/to/.htpasswd is pointing to that location
It's quite possible I'm thinking too simple here, but shouldn't the code:
AuthUserFile /home1/thetimh6/public_html/htpasswd
be:
AuthUserFile /home1/thetimh6/public_html/.htpasswd

htaccess restrict authentification but exception on file

I've seen a few other relative posts but didn't find any solution.
I need to restrict a folder with authentification, it works.
But in this folder I need to keep one file access opened to everybody, I used this but it doesn't works :
AuthName "Admins Only"
AuthUserFile /home/dd/.htpasswd
AuthGroupFile /dev/null
AuthType basic
require user AuthorizedUser
Options -Indexes
<Files "admin-ajax.php">
Allow from all
Satisfy all
</Files>
Sorry for my bad english and thanks for help !
use SetEnv and Order directive :
#set variable if uri is "/admin-ajax.php"
SetEnvIf Request_URI ^/folder/admin-ajax\.php noauth=1
#auth
AuthName "Admins Only"
AuthUserFile /home/dd/.htpasswd
AuthGroupFile /dev/null
AuthType basic
require user AuthorizedUser
#Here is where we allow/deny
Order Deny,Allow
Satisfy any
Deny from all
Require user AuthorizedUser
Allow from env=noauth
This will let you access your admin-ajax.php without login to server.

Apache protect and Rewrite

I have a url www.mywebsite.com/admin and I want to password protect it using this
AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
Require user SomeUsername
However, the site is using a custom framework so /admin gets passed through index.php, so there isn't actually an admin folder so I can't put it in a .htaccess file in it. How can I protect that url using the above code?
You can combine mod_setenvif with mod_auth like this:
SetEnvIfNoCase Request_URI /admin SECURED
AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
Require user SomeUsername
Order allow,deny
Allow from all
Deny from env=SECURED
Satisfy any

htaccess password protect files with different users

I have a files server and I use mod_autoindex to server the files. I have a username and password in htaccess so only certain people can access the files. I have added another user to htpasswd but I would only like that user to access some of the files/folders.
Here is my htaccess file now:
AuthType Basic
AuthName "restricted"
AuthUserFile E:\\path\\to\\.htpasswd
<Files "filesForAnyUser\\*">
Require valid-user
</Files>
<Files "*">
Require user admin
</Files>
I'm sure I am doing something wrong but I can't find any good documentation on this.
If you have a folder called "filesForAnyUser" and a folder where you have files only for admin, you need to make 2 htaccess files. One in "filesForAnyUser":
AuthType Basic
AuthName "restricted"
AuthUserFile E:\\path\\to\\.htpasswd
Require valid-user
And one in the other directory:
AuthType Basic
AuthName "restricted"
AuthUserFile E:\\path\\to\\.htpasswd
Require user admin
So here is my final solution for anyone else.
Put the following in the root folder:
AuthType Basic
AuthName "restricted"
AuthUserFile E:\\path\\to\\.htpasswd
Require user admin
Put the following in any folder where admin and user1 can access the file:
AuthType Basic
AuthName "restricted"
AuthUserFile E:\\path\\to\\.htpasswd
Require user admin user1 #users separated by space or "Require valid-user" if all users
If you want to allow user1 to only access certain files you can use <FilesMatch>:
AuthType Basic
AuthName "restricted"
AuthUserFile E:\\path\\to\\.htpasswd
Require user admin
<FilesMatch "^(doc1.pdf|doc2.txt|doc3.docx)$">
Require user admin user1 #or valid-user
</FilesMatch>
This gives admin access to all files in that folder but user1 only access to the files listed in <FilesMatch>
Note: The files in <FilesMatch> are for the current directory and any sub directory. I'm not sure how to limit it to only the current directory.

Apache restrict access unless from localhost

The below code is in .htaccess file in /home/cuddle/test/
AuthUserFile "/home/cuddle/.htpasswds/test/passwd"
AuthType Basic
AuthName "Secure Area"
Require valid-user
This works fine, it will prompt for username & password, however when I add another rule to allow internal requests:
Allow from 127.0.0.1
Satisfy Any
It no longer prompts for password for outside users (non localhost) and seems to let all users through, no matter if they validate or what IP they are from. There are no other permissions/allow/deny present within .htaccess
Try this:
AuthUserFile "/home/cuddle/.htpasswds/test/passwd"
AuthType Basic
AuthName "Secure Area"
Require valid-user
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
Satisfy Any
I just signed up to StackOverflow because I stumbled to same problem, and after trial-and-error, the config above worked for me.
Simpler solution:
AuthUserFile "/home/cuddle/.htpasswds/test/passwd"
AuthType Basic
AuthName "Secure Area"
Require valid-user
Require local
Satisfy Any