With the settings below, both user-1 and user-2 can access to site-1 and site-2 after login. However, I want to change access rights as listed below:
user-1 can access only site-1 (http://test.local/site-1)
user-2 can access only site-2 (http://test.local/site-2)
How can I do it?
Site structure
test
site-1
index.php
site-2
index.php
index.php
.htaccess
.htpasswd
.htaccess
AuthType Basic
AuthName "Protected Test Site"
AuthUserFile /var/www/html/local/test/.htpasswd
Require valid-user
.htpasswd
user-1:$apr1$CraA.0n7$JRqS7GyggMKNYcTP65rAW/
user-2:$apr1$NbKoZeyJ$P33C/1ceg1XGfLaPsWBgW1
test.local.conf
<VirtualHost *:80>
ServerName test.local
DocumentRoot /var/www/html/local/test
<Directory /var/www/html/local/test>
AllowOverride AuthConfig
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Either change:
Require valid-user
to:
Require user user-1
alternatively create yourself two group files, and change the line to something along the following lines:
Require group siteOneUsers
see: http://httpd.apache.org/docs/2.2/mod/core.html#require
Along with what I did above in OP, I solved the problem with creating additional .htaccess files right inside site-1 and site-2 so the contents are:
site-1/.htaccess
AuthUserFile /var/www/html/local/test/.htpasswd
Require user user-1
site-2/.htaccess
AuthUserFile /var/www/html/local/test/.htpasswd
Require user user-2
Related
I'm trying to protect a single URI path. In the browser, it pops up the user / pass like normal. Once authenticated, any browser from any IP has access to that path. I'm not sure what I've got messed up.
/var/www/path/to/site/.htaccess:
<If "%{REQUEST_URI} =~ m#/protect-me/?#i">
AuthUserFile /var/www/path/to/site/.htpassword
AuthName "Password protected"
AuthType Basic
Require valid-user
</If>
mysite.conf:
<VirtualHost >
...
<Directory /var/www/path/to/site/>
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride All
</Directory>
...
</VirtualHost>
My goal is similar to the question asked here:
How to remove .htaccess password protection from a subdirectory
a .htaccess file protects all index.html files in subdirectories. I want to exclude a particular subdirectory from this rule.
However, even though I created the .htaccess file in said subdirectiory with the following content:
Require all granted
I am still requested for authentication from a .htaccess file at the higher directory:
DirectoryIndex index.html
<FilesMatch "index.html">
AuthUserFile /etc/users
AuthName "Protected"
AuthGroupFile /dev/null
AuthType Basic
Require valid-user
</FilesMatch>
How can I override this FilesMatch block in a sub directory so the login is not requested? In my apache configuration file:
<Directory />
Options FollowSymLinks
AllowOverride All
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride All
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
I do have AllowOverride set properly. What am I doing wrong?
In your subdirectory/.htaccess have these 2 lines to prevent auth:
Satisfy Any
Allow from all
I've got a file accessible through my web website by typing http://www.mywebsite.com/myfile and the server run on debian.
I'd like to put an authentication with a .htaccess and .htpasswd when trying to access to previous url.
I'm quite new to .htaccess and I tried to configure it with the doc but it doesn't seems to work since when i try nothing change and when i check the error log I've got :
[error] [client IP] client denied by server configuration:
/home/file1/myfile/www/.htaccess
The content of my .htaccess is :
<Directory /home/file1/myfile/www/>
AuthUserFile /home/file1/myfile/.htpasswd
AuthGroupFile /dev/null
AuthName "My authentication"
AuthType Basic
Require valid-user
Otions Indexes FollowSymLinks Multiviews
AllowOverride All
Order allow,deny
allow from all
Redirect permanent /.htaccess http://www.mywebsite.com/myfile
ServerSignature Off
</Directory>
How may I solve this problem please ?
You can't use a <Directory> container in an htaccess file. Remove them so you just have:
AuthUserFile /home/file1/myfile/.htpasswd
AuthGroupFile /dev/null
AuthName "My authentication"
AuthType Basic
Require valid-user
Options Indexes FollowSymLinks Multiviews
AllowOverride All
Order deny,allow
deny from all
Redirect permanent /.htaccess http://www.mywebsite.com/myfile
ServerSignature Off
(you have Otions mispelled)
Also, by looking at your error, it looks as if you were trying to access the htaccess file directly, instead of myfile. It's possible there's extra configuration on the server to deny accessing htaccess files (or all files that start with a .).
It seems that deleting et creating again the user is enough to fix the FTP connexion problem.
I've modified my global apache configuration with the following :
DirectoryIndex index.html index.htm index.xhtml index.php index.txt
ServerName debian.domain.tld
#ServerName localhost
HostnameLookups Off
ServerAdmin myadressemail
UserDir www
UserDir disable root
<Directory />
Options -Indexes FollowSymLinks
AllowOverride All
</Directory>
ServerSignature Off
An now my .htaccess is :
AuthUserFile /home/file1/myfile/.htpasswd
AuthGroupFile /dev/null
AuthName "My authentification"
AuthType Basic
Require user user1
But I still have got no authentication asked, what did I do wrong ?
I am having trouble understanding how I can get to edit files on a WebDAV setup. I have set up the Auth correctly, as verified by loads of online tutorials, yet there are some files like .htaccess which I can't edit.
The contents of the VirtualHost setup are
<VirtualHost *:80>
ServerAdmin xxx
ServerName xxx
DocumentRoot /data/www/vhosts/xxx
<Directory /data/www/vhosts/xxx>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
<Location />
DAV On
AuthType Basic
AuthName "WebDAV Access"
AuthUserFile /data/www/.htpasswd-webdav
Require valid-user
</Location>
</VirtualHost>
I've generated the correct username in the file too, and I can log in successfully and see all the files. Like I say, the problem is that certain files are unreadable and unwritable, the main culprits being .htaccess and .gitignore.
I have set the permissions on all files to 664 and all folders to 775 and a user:group of xxx:www-data. The reason being that this allows PHP to read/write the files ok, and our remote login user xxx to do the same without permissions issues.
Is there something specific I need to do to allow reading writing to these hidden dot files? I'm completely stumped, as most tutorials I've read are telling me that if I don't set the rights on dot files to root:root then they will be writable. I am using a Mac to connect to the WebDAV service, which runs on Ubuntu, if this makes any difference
Just for clarity, all of the xxx in this question is to hide info.
So it seems that I can allow access to specific files using the below
<Files .htaccess>
order allow,deny
deny from all
</Files>
I forgot that .htaccess files are blocked over HTTP by default.
EDIT:
The final working setup, to make all files writeable in the webdav environment, with Digest secure authentication is:
<VirtualHost *:80>
ServerAdmin xxx
ServerName www.domain.name
DocumentRoot xxx
<Directory xxx>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
<FilesMatch "\.(htaccess|php)$">
Order allow,deny
allow from all
ForceType text/plain
</FilesMatch>
<Location />
DAV On
AuthType Digest
AuthName "Webdav Access"
AuthDigestDomain / http://www.domain.name/
AuthDigestProvider file
AuthUserFile /data/www/digest.users
Require valid-user
php_value engine off
</Location>
</VirtualHost>
I hope this helps someone else. It took days to find all this info out on the web.
Also check the permissions of /data/www/ itself. It should be writable for the apache user.
I have the following htaccess, directory listing is enabled, however when go to the directory the .htaccess file is in, there's no access control. what's wrong?
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/xxx/.htpasswd
AuthGroupFile /dev/null
require valid-user
The solution is that I need to have AllowOverride All to allow .htaccess at the directory levels.
<Directory /var/www/vhosts/localhost>
Options Indexes FollowSymLinks
AllowOverride All
</Directory>
Try removing AuthGroupFile from there, perhaps it is causing trouble.
Everything else looks absolutely correct. One possibility is that your copy of Apache doesn't have the AuthConfig AllowOverrides enabled for your files. This would disable Auth* entries in .htaccess.
You must type to the top: RewriteEngine On
If that does not work, that means you may not have RewriteEngine at all