We Keep Coding

Override subdirectory access for a certain user with htaccess

My Website is locked with htaccess in the apache2.conf, so you can only access it with user and password.
Now I want a subdirectory beeing only accessible for a certain user
<Directory /var/www/>
Options Indexes FollowSymLinks
AuthType Basic
AuthName "Access denied"
AllowOverride All
AuthBasicProvider file
AuthUserFile /home/pi/.htpasswd
Require valid-user
</Directory>
<Directory /var/www/html/MySite/MySubDirectory>
AllowOverride none
Require user alloweduser
</Directory>
What am I missing?

Apache basic authentication prompt not showing

I'm trying to setup very basic username/password protection for my site using apache v2.4.7. I have the following in my sites conf file:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
DocumentRoot /var/my.site
DirectoryIndex index.html
<Directory /var/my.site>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
Options +ExecCGI
AddHandler cgi-script .pl
Require all granted
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/etc/my-site/.htpasswd"
Require valid-user
</Directory>
...
...but it's serving all requests without any auth challenges. I've also tried putting the auth options into their own separate <Location> block, but it's the same. I haven't explicitly enabled any additional auth mods myself, but I've checked auth_basic, authn_core, authn_file and authz_user mods and they're all enabled.

Separate security directives for each repository in hgweb and Apache

I have several Mercurial repositories published using hgweb and secured with Apache 2.2
Is there any way to have multiple security configurations?
I'd like to have a default configuration for most repositories, and then separate configurations for specific repositories.
The httpd.conf file looks like this
WSGIScriptAlias /hg "C:/hg/hgweb/hgweb.wsgi"
<Directory "/hg/repo_one">
Order deny,allow
AuthType Basic
AuthName "R1 Secure Area"
AuthBasicProvider file
AuthUserFile c:/apache2.2/repo_one.pwd
Require valid-user
</Directory>
<Directory "/hg">
Order deny,allow
AuthType Basic
AuthName "Secure Area"
AuthBasicProvider file
AuthUserFile c:/apache2.2/passwords
Require valid-user
</Directory>

Here's what I did to get this working.
I moved the repository that needed separate security into its own directory that was a siblng, not a child, and made a copy of the hgweb.wsgi.
My directory structure now looks like this
c:\hg-pub\hgweb.wsgi
c:\hg-pub\hgweb.config
c:\hg-pub\repo-one\.hg
...
c:\hg\hgweb.wsgi
c:\hg\hgweb.config
c:\hg\repo-two\.hg
c:\hg\repo-three\.hg
And my httpd.conf file looks like this
WSGIScriptAlias /hg "C:/hg/hgweb.wsgi"
WSGIScriptAlias /pub/hg "C:/hg-pub/hgweb.wsgi"
<Directory "C:/hg-pub">
Order deny,allow
AuthType Basic
AuthName "R1 Secure Area"
AuthBasicProvider file
AuthUserFile c:/apache2.2/repo_one.pwd
Require valid-user
</Directory>
<Directory "C:/hg">
Order deny,allow
AuthType Basic
AuthName "Secure Area"
AuthBasicProvider file
AuthUserFile c:/apache2.2/passwords
Require valid-user
</Directory>
The important things to note are
The two repository locations are completely separate on disk
The two WSGIScriptAlias paths are completely independent

.htaccess not working at all

I've got a file accessible through my web website by typing http://www.mywebsite.com/myfile and the server run on debian.
I'd like to put an authentication with a .htaccess and .htpasswd when trying to access to previous url.
I'm quite new to .htaccess and I tried to configure it with the doc but it doesn't seems to work since when i try nothing change and when i check the error log I've got :
[error] [client IP] client denied by server configuration:
/home/file1/myfile/www/.htaccess
The content of my .htaccess is :
<Directory /home/file1/myfile/www/>
AuthUserFile /home/file1/myfile/.htpasswd
AuthGroupFile /dev/null
AuthName "My authentication"
AuthType Basic
Require valid-user
Otions Indexes FollowSymLinks Multiviews
AllowOverride All
Order allow,deny
allow from all
Redirect permanent /.htaccess http://www.mywebsite.com/myfile
ServerSignature Off
</Directory>
How may I solve this problem please ?

You can't use a <Directory> container in an htaccess file. Remove them so you just have:
AuthUserFile /home/file1/myfile/.htpasswd
AuthGroupFile /dev/null
AuthName "My authentication"
AuthType Basic
Require valid-user
Options Indexes FollowSymLinks Multiviews
AllowOverride All
Order deny,allow
deny from all
Redirect permanent /.htaccess http://www.mywebsite.com/myfile
ServerSignature Off
(you have Otions mispelled)
Also, by looking at your error, it looks as if you were trying to access the htaccess file directly, instead of myfile. It's possible there's extra configuration on the server to deny accessing htaccess files (or all files that start with a .).

It seems that deleting et creating again the user is enough to fix the FTP connexion problem.
I've modified my global apache configuration with the following :
DirectoryIndex index.html index.htm index.xhtml index.php index.txt
ServerName debian.domain.tld
#ServerName localhost
HostnameLookups Off
ServerAdmin myadressemail
UserDir www
UserDir disable root
<Directory />
Options -Indexes FollowSymLinks
AllowOverride All
</Directory>
ServerSignature Off
An now my .htaccess is :
AuthUserFile /home/file1/myfile/.htpasswd
AuthGroupFile /dev/null
AuthName "My authentification"
AuthType Basic
Require user user1
But I still have got no authentication asked, what did I do wrong ?

Password protect directories when accessed from external IPs using Apache

Currently have password protection on my main and sub directories, however I'd like to make it only required when connecting from an outside IP address and password free when connecting from the local subnet.
Currently /etc/apache2/sites-available/default looks like this:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
<Location / >
AuthType Digest
AuthName "intranet"
AuthDigestDomain /var/www/ http://10.1.2.2
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require user user1
SetEnv R_ENV "/var/www"
</Location>
<Location /dir1>
AuthType Digest
AuthName "dir"
AuthDigestDomain /var/www/dir1/ http://10.1.2.2/dir1
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require user user2
SetEnv R_ENV "/var/www/dir1"
</Location>
<Location /dir2>
AuthType Digest
AuthName "dir"
AuthDigestDomain /var/www/ http://10.1.2.2/dir2
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require user user2
SetEnv R_ENV "/var/www/dir2"
</Location>
</VirtualHost>
I've had a loot at Apache's documentation on auth but can't make sense of how I'd then implement the password protection in with that.

A bit of searching brought this up http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html
Basically changed this:
<Location / >
AuthType Digest
AuthName "intranet"
AuthDigestDomain /var/www/ http://10.1.2.2
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require user user1
SetEnv R_ENV "/var/www"
</Location>
to this:
<Location />
Order deny,allow
Deny from all
AuthType Digest
AuthName "intranet"
AuthDigestDomain /var/www/ http://10.1.2.2
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require valid-user
SetEnv R_ENV "/var/www"
Allow from 10.1.2.0/24
Satisfy Any
</Location>
Tested and it's all running smoothly.