I'm trying to make a directory for my website password protected and I so far I've followed apache instructions to do that: http://httpd.apache.org/docs/current/howto/auth.html
and
http://wiki.apache.org/httpd/PasswordBasicAuth
I then created a password file using htpasswd, and then I edited my httpd.conf with
<Directory /var/www/html/project/app.project.com/Admin/>
AuthType Basic
AuthName "Restricted Area"
# (Following line optional)
AuthBasicProvider file
AuthUserFile "/var/www/html/admin/.password"
Require valid-user
Order allow,deny
Allow from all
</Directory>
But when I go to the website that supposed to ask me for the password it doesn't!
I'm just trying to figure out what I'm doing wrong.
Thanks!
The problem that I didn't think was related to this is that I was trying to access that protected directory using one of my vhosts in the configuration file so I just had to put this Directory directive inside of the correspondig vhost that was getting accessed, this is how I got my configuration at the end:
# Please note as well that I'm forcing connections from http to https:
<VirtualHost *:80>
ServerName app.project.com
ServerAlias project.com
DocumentRoot /var/www/html/project/app.project.com
Redirect permanent / https://app.project.com
ErrorLog /var/www/html/project/app.project.com/error.log
CustomLog /var/www/html/project/app.project.com/requests.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName app.project.com
DocumentRoot /var/www/html/project/app.project.com
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/40d5d69ae6a53.crt
SSLCertificateKeyFile /etc/httpd/ssl/project.key
SSLCertificateChainFile /etc/httpd/ssl/gd_bundle-g2-g1.crt
#Adding the Directory directive to request auth access with password to the Admin directory
<Directory /var/www/html/project/app.project.com/Admin/>
AuthType Basic
AuthName "Restricted Area"
# (Following line optional)
AuthBasicProvider file
AuthUserFile "/var/www/html/admin/.password"
Require valid-user
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Related
I got a VM with a aplication running on it. It doenst support password protection. I connect to it like sub.domain.com:6000 (redirecting port 6000 to 80 of VM)
So i like to use apache as a Proxy with authentication.
My VirtualHost config:
<VirtualHost *:*>
DocumentRoot /var/www/html/
<Directory "/var/www">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
ProxyPass "/" "http://127.0.0.1:5000/"
ProxyPassReverse "/" "http://127.0.0.1:5000/"
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
It redirects me, but there is no password protection.
What's wrong?
The <Directory> directive is used to enclose a group of directives that will apply only to the named directory, sub-directories of that directory, and the files within the respective directories. Proxied server is none of that, so you have to use <Location> directive which limits the scope of the enclosed directives by URL:
<Location />
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Location>
I have configured an Ubuntu 16.04 Server with Apache and installed Trac 1.2.2 on it. I would like to access the Trac installation using SSL via https://subdomain.example.com
I have the following two .conf-files in /etc/apache2/sites-available/ right now:
ssl.conf:
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key
DocumentRoot /var/www/html/
testinstallation.conf:
WSGIScriptAlias /trac/testinstallation /var/www/html/trac/testinstallation/cgi-bin/trac.wsgi
<Location /trac/testinstallation>
AuthType Digest
AuthName "testinstallation"
AuthUserFile /var/lib/trac/testinstallation/.htdigest
Require valid-user
</Location>
When I open https://subdomain.example.com/trac/testinstallation, everything works as it should - but I would like to access my Trac-environment via https://subdomain.example.com. When I change the DocumentRoot in ssl.conf to /var/www/html/trac/testinstallation, I only get to see two folders, but not the Trac-environment (I don't know how to implement the WSGIScriptAlias to the ssl.conf). Can anybody help me with this problem?
Another question: Can I run multiple installations of Trac on one server using SSL? If yes, I would probably need another VirtualHost-file - but what should be in there?
The first parameter of WSGIScriptAlias is the URL-path. So to access your Trac installation over just the subdomain, you can modify the WSGIScriptAlias directive to
WSGIScriptAlias / /var/www/html/trac/testinstallation/cgi-bin/trac.wsgi
There is no need of mentioning the DocumentRoot. The WSGIScriptAlias directive takes care of it. If you want to run multiple Trac installations over multiple subdomains, repeat the same process that you have followed. i.e.,
Deploy project directory
Create Trac users
Create vhost and enable site
Else you can run multiple Trac installation as multiple subdirectories under the same subdomain by defining multiple WSGIScriptAlias directives in the same vhost file.
Example of vhost file for multiple Trac installations (test1 and test2) over single subdomain:
trac.conf
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/ssl/certs/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key
</VirtualHost>
WSGIScriptAlias /test1 /var/www/html/trac/test1/cgi-bin/trac.wsgi
<Location /login>
AuthType Digest
AuthName "test1"
AuthUserFile /var/lib/trac/test1/.htdigest
Require valid-user
</Location>
WSGIScriptAlias /test2 /var/www/html/trac/test2/cgi-bin/trac.wsgi
<Location /login>
AuthType Digest
AuthName "test2"
AuthUserFile /var/lib/trac/test2/.htdigest
Require valid-user
</Location>
We use Apache 2.4.10 on a Debian Server. Requests are redirected from an Apache Proxy Server (same system and version) who acts as balancer (only the one balance member at the moment).
The access to the related single virtual host is generally restricted via AuthType Basic. Just one folder containing public documents should be accessable without authentication.
I tested multiple ways (new apache 2.4 syntax) to accomplish that - but no matter, which method i tried, i always stucked at the same issue: any comparison with the REQUEST_URI does not work as expected - with or without a regular expression. It seems as if the REQUEST_URI had an invalid value at the time when a comparison takes place.
I tried i.a. the following alternatives:
A)
<VirtualHost *:80>
ServerName domain.name
DocumentRoot /var/www/domain.name
DirectoryIndex index.php
<Directory "/var/www/domain.name/">
AuthType Basic
AuthName "Restricted"
AuthBasicProvider file
AuthUserFile /path/to/user/file
<RequireAny>
Require method OPTIONS
Require expr %{REQUEST_URI} =~ m#^/docs#
Require valid-user
</RequireAny>
Options +ExecCGI +FollowSymLinks
AllowOverride All
</Directory>
CustomLog "/var/log/apache2/test_log" "%t REQUEST_URI:%{REQUEST_URI}e"
</VirtualHost>
B)
<VirtualHost *:80>
ServerName domain.name
DocumentRoot /var/www/domain.name
DirectoryIndex index.php
<Directory "/var/www/domain.name/">
AuthType Basic
AuthName "Restricted"
AuthBasicProvider file
AuthUserFile /path/to/user/file
<RequireAny>
Require method OPTIONS
Require valid-user
</RequireAny>
Options +ExecCGI +FollowSymLinks
AllowOverride All
</Directory>
<LocationMatch "^/docs">
AuthType None
Require all granted
</LocationMatch>
CustomLog "/var/log/apache2/test_log" "%t REQUEST_URI:%{REQUEST_URI}e"
</VirtualHost>
C)
<VirtualHost *:80>
ServerName domain.name
DocumentRoot /var/www/domain.name
DirectoryIndex index.php
<Directory "/var/www/domain.name/">
SetEnvIf Request_URI /docs noAuth=1
AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile /path/to/user/file
<RequireAny>
Require method OPTIONS
Require env noauth
Require valid-user
</RequireAny>
Options +ExecCGI +FollowSymLinks
AllowOverride All
</Directory>
CustomLog "/var/log/apache2/test_log" "%t REQUEST_URI:%{REQUEST_URI}e"
</VirtualHost>
Every alternative seems to stuck at the same issue. The comparison with the REQUEST_URI failes or does not work properly.
An example: When i change line 16 in example A to
Require expr %{REQUEST_URI} =~ m#^/[a-z]#
(as a test) then it works (access granted without credentials).
When i change [a-z] to e.g. [d-i], it still works, but when i change [a-z] to e.g. [d-g], it does not work anymore and the user/pass dialogue appears.
The exact same behaviour appears, when i change the regular expression in the LocationMatch directive in example B accordingly.
Another hint:
Using <Location /docs> instead of <LocationMatch... (see example B) does also not work. But <Location /> works.
And:
The log-output is always identical:
When access is granted without credentials the value of the REQUEST_URI is the same as the path part of the requested URL (e.g. /docs).
But when the user/pass-dialogue appears, the value is a dash ("-") this seems to be default value that apache uses for empty or not available values.
And:
The problem does persist, even when i access the server directly (without the proxy) or when i use e.g. wget to make a request to localhost on the server.
Does anyone have an idea whats going on here!?...
I finally found a workaround by myself. I use version A) - but with the environment variable THE_REQUEST instead of REQUEST_URI. Fortunately it works!
The adjusted version of A) - for GET requests only:
<VirtualHost *:80>
ServerName domain.name
DocumentRoot /var/www/domain.name
DirectoryIndex index.php
<Directory "/var/www/domain.name/">
AuthType Basic
AuthName "Restricted"
AuthBasicProvider file
AuthUserFile /path/to/user/file
<RequireAny>
Require method OPTIONS
Require expr %{THE_REQUEST} =~ m#GET\s+\/docs\/[^\/]+\s+HTTP#
Require valid-user
</RequireAny>
Options +ExecCGI +FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
Instead of using Location, you can use another directory.
<VirtualHost *:80>
ServerName domain.name
DocumentRoot /var/www/domain.name
DirectoryIndex index.php
<Directory "/var/www/domain.name/">
AuthType Basic
AuthName "Restricted"
AuthBasicProvider file
AuthUserFile /path/to/user/file
<RequireAny>
Require method OPTIONS
Require valid-user
</RequireAny>
Options +ExecCGI +FollowSymLinks
AllowOverride All
</Directory>
**<Directory "/var/www/domain.name/docs/">
AuthType None
Require all granted
</Directory>**
CustomLog "/var/log/apache2/test_log" "%t REQUEST_URI:%{REQUEST_URI}e"
</VirtualHost>
The same can be accomplished through the use of .htaccess. A related question has been answered in How to remove .htaccess password protection from a subdirectory
I tried to configure a basic authentication for my website locally .But not applied for site .
My httpd.conf
<VirtualHost 192.168.2.5:80>
DocumentRoot /var/www/html/black-socks
ServerName www.black-socks.com
<Directory "/var/www/html/black-socks">
Order deny,allow
Allow from all
AuthType Basic
AuthName BlackSocks-LOGIN
AuthUserFile "/etc/httpd/conf/blacksocks-users"
Require ValidUser
</Directory>
authuserfile
is exist at /etc/httpd/conf/blacksocks-users" and site html pages are exist at /etc/httpd/conf/blacksocks-users location. everything is fine but while accessing site not asking any authorization
<VirtualHost 192.168.2.5:80>
DocumentRoot /var/www/html/black-socks
ServerName www.black-socks.com
<Directory "/var/www/html/black-socks">
Allow from ram
AuthType Basic
AuthName BlackSocks-LOGIN
AuthUserFile "/etc/httpd/conf/myusers"
Require ValidUser
</Directory>
Its working but asking user name and password after showing homepage
I followed this guide step by step to set up SSL connection for my web portal. Earlier I was able to access it using http:// but now I have to specify port 80 i.e. I have to use https://:80 to access the portal. If I access https:// it shows me the default Apache test page, which says -
Testing 123..This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page it means that this site is working properly. This server is powered by CentOS.
I need to access the portal using https:// without port. Any help is appreciated.
httpd.conf
<VirtualHost *:80>
WSGIScriptAlias / /var/www/html/portals/portals/wsgi.py
DocumentRoot /var/www/html/portals/portals
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/mysite.crt
SSLCertificateKeyFile /etc/pki/tls/private/mysite.key
SSLCertificateChainFile /etc/pki/tls/certs/mysite.crt
<Location "/mysite/authenticate">
AuthType Basic
AuthName "wsgi protected"
Require valid-user
AuthBasicProvider wsgi
WSGIAuthGroupScript /var/www/html/portals/portals/wsgi.py
WSGIAuthUserScript /var/www/html/portals/portals/wsgi.py
</Location>
<Directory /var/www/html/portals/portals>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
Alias /media/ /var/www/html/portals/media/
Alias /static/ /var/www/html/portals/static/
<Directory /var/www/html/portals/static>
Require all granted
</Directory>
<Directory /var/www/html/portals/media>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:443>
WSGIScriptAlias / /var/www/html/portals/portals/wsgi.py
DocumentRoot /var/www/html/portals/portals
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/mysite.crt
SSLCertificateKeyFile /etc/pki/tls/private/mysite.key
SSLCertificateChainFile /etc/pki/tls/certs/mysite.crt
<Location "/mysite/authenticate">
AuthType Basic
AuthName "wsgi protected"
Require valid-user
AuthBasicProvider wsgi
WSGIAuthGroupScript /var/www/html/portals/portals/wsgi.py
WSGIAuthUserScript /var/www/html/portals/portals/wsgi.py
</Location>
<Directory /var/www/html/portals/portals>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
Alias /media/ /var/www/html/portals/media/
Alias /static/ /var/www/html/portals/static/
<Directory /var/www/html/portals/static>
Require all granted
</Directory>
<Directory /var/www/html/portals/media>
Require all granted
</Directory>
</VirtualHost>
I don't think you have followed the instructions correctly. The instructions say that the <VirtualHost *:80> element should be something like this:
<VirtualHost *:80>
<Directory /var/www/vhosts/yoursite.com/httpdocs>
AllowOverride All
</Directory>
DocumentRoot /var/www/vhosts/yoursite.com/httpdocs
ServerName yoursite.com
</VirtualHost>
and there should be a "mirror" configuration port 443.
But you seem to have added in the stuff to enable the SSL engine, etcetera to the <VirtualHost *:80> element ... which is going to make Apache configure port 80 to expect / require "https:" connections.
Review your configurations and compare them with what the instructions actually tell you to do.
Can I also recommend reading the Apache documentation for the directives that you are using in your configs. That way you can start to understand what the configs are actually saying. That will give you a better chance of diagnosing problems if the "potted" instructions are not followed correctly.