How to config htpasswd with htaccess - apache

i want to make some pages password protected using .htpasswd
How can i do it ??
# Do the regex check against the URI here, if match, set the "require_auth" var
SetEnvIf Request_URI ^/product-category/ require_auth=true
# Auth stuff
AuthUserFile /home1/thetimh6/public_html/htpasswd
AuthName "Password Protected"
AuthType Basic
# Setup a deny/allow
Order Deny,Allow
# Deny from everyone
Deny from all
# except if either of these are satisfied
Satisfy any
# 1. a valid authenticated user
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=!require_auth
I am try it in my htaccess file but it is showing me
500 Server Error

Put the following code in .htaccess in public_html
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/.htpasswd
Require valid-user
Then create a .htpasswd, but put it OUTSIDE public_html
So the /path/to/.htpasswd is pointing to that location

It's quite possible I'm thinking too simple here, but shouldn't the code:
AuthUserFile /home1/thetimh6/public_html/htpasswd
be:
AuthUserFile /home1/thetimh6/public_html/.htpasswd

Related

In htaccess, how to apply FilesMatch only to files in website root

In order to avoid access for specific files that are still under construction, I wrote these lines in the website root .htaccess. This worked perfectly:
<FilesMatch "login.php|reset.php|raport.php">
AuthUserFile /home/myaccount/public_html/.htpasswd
AuthType Basic
AuthName "Restricted area"
Require valid-user
</FilesMatch>
Afterwards, I installed phpBB under /forum. When I try to access its login page... I must authenticate first.
My big question is how to modify the FilesMatch condition in order to apply it for login.php in the website root, but not for login.php in other folders.
Thank you in advance!
You could use SetEnvIf against the URI only form root like this :
SetEnvIf Request_URI "^/?(login|reset|raport)\.php" PASS
AuthUserFile /home/myaccount/public_html/.htpasswd
AuthType Basic
AuthName "Restricted area"
Order Deny,Allow
Deny from all
Satisfy any
Require valid-user
Allow from env=!PASS
So , form here SetEnvIf Request_URI "^/?(login|reset|raport)\.php you make sure that the URI is starting with login|reset|raport only and not sub-directory .

htaccess restrict authentification but exception on file

I've seen a few other relative posts but didn't find any solution.
I need to restrict a folder with authentification, it works.
But in this folder I need to keep one file access opened to everybody, I used this but it doesn't works :
AuthName "Admins Only"
AuthUserFile /home/dd/.htpasswd
AuthGroupFile /dev/null
AuthType basic
require user AuthorizedUser
Options -Indexes
<Files "admin-ajax.php">
Allow from all
Satisfy all
</Files>
Sorry for my bad english and thanks for help !
use SetEnv and Order directive :
#set variable if uri is "/admin-ajax.php"
SetEnvIf Request_URI ^/folder/admin-ajax\.php noauth=1
#auth
AuthName "Admins Only"
AuthUserFile /home/dd/.htpasswd
AuthGroupFile /dev/null
AuthType basic
require user AuthorizedUser
#Here is where we allow/deny
Order Deny,Allow
Satisfy any
Deny from all
Require user AuthorizedUser
Allow from env=noauth
This will let you access your admin-ajax.php without login to server.

Remove .htpasswd protection from a subfolder

I have protected my root folder using .htpasswd
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /home/a1199104/public_html/.htpasswd
Require user lamak
The above code deny access to my whole site/folder/subfolder, I have a subfolder public It has some public files .I want anyone to access this folder and files without password protection, is this possible.?
You can use SetEnv and Order directive to remove password protection :
Try :
#set env variable noauth if uri is "/public/files"
SetEnvIf Request_URI ^/public/ noauth=1
#auth
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /home/a1199104/public_html/.htpasswd
Require user lamak
#Here is where we allow/deny
Order Deny,Allow
Satisfy any
Deny from all
Require user lamak
Allow from env=noauth
Create a file called public/.htaccess and place this code:
Order allow,deny
allow from all
Satisfy any

Apache protect and Rewrite

I have a url www.mywebsite.com/admin and I want to password protect it using this
AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
Require user SomeUsername
However, the site is using a custom framework so /admin gets passed through index.php, so there isn't actually an admin folder so I can't put it in a .htaccess file in it. How can I protect that url using the above code?
You can combine mod_setenvif with mod_auth like this:
SetEnvIfNoCase Request_URI /admin SECURED
AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
Require user SomeUsername
Order allow,deny
Allow from all
Deny from env=SECURED
Satisfy any

What is apache htaccess configuration to require authentication for all except for these URLs?

What is the htaccess lines/config I would require to ensure that all parts of my site (files & URLs) are protected by authentication, EXCEPT for a given limited set of URLs. For example all except "/api/.*" if this makes sense.
The actually authentication could be like the below, but it's how I wrap this in the directives...
AuthName "Dialog prompt" AuthType
Basic AuthUserFile
/home/site/.htpasswd Require
valid-user
thanks
this seems to work:
AuthUserFile /home/.htpasswd
AuthName "Password Protected"
authtype Basic
Order Deny,Allow
Satisfy any
SetEnvIf request_uri "/api/" allow_all
Deny from all
Require valid-user
Allow from env=allow_all
You could use SetEnvIf and <IfDefine>:
SetEnvIf Request_URI ^/api/ no_auth_req
# If no_auth_req is NOT defined then require authentication
<IfDefine !no_auth_req>
AuthName "Dialog prompt"
AuthType Basic
AuthUserFile /home/site/.htpasswd
Require valid-user
</IfDefine>