I'm running Apache/2.4.7 (Ubuntu) Server and I'm trying to protect one of the directories 'myFolder' which is located at /var/www/html/myFolder
I made the following edits in /etc/apache2/apache2.conf file
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Directory /var/www/html/myFolder>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
I created .htaccess in /var/www/myFolder with the following contents
AuthUserFile /var/www/html/myFolder/.htpasswd
AuthName "Authorization Required"
AuthType Basic
require valid-user
Also created htpasswd by
htpasswd -c /var/www/html/myFolder/.htpasswd admin
which then prompts for password.
I then try to access the file on the browser www.mydoman.com/myFolder/hello.html and it prompts for username and password. However, the authentication does not go through.
Here is the error from the error.log file
[authz_core:error] [pid 30042] [client xxx.xxx.xx.xxx:53348] AH01629: authorization failure (no authenticated user): /myFolder/hello.html
How can I resolve this issue?
A loaded mod-shib2 can cause this problem. According to this bug comment, setting ShibCompatValidUser On solves it.
Require valid-user does also work with mod_shib enabled. According to https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig this is only necessary for shib versions 2.5.2 and above. Note that ShibCompatValidUser is a server / virtual host option.
Related
I sorta have a HTTP config working for Apache 2.2 that allows WebDav. At least I can use the WinSCP client to attach with the DAV account listed below.
But I also have much older clunkier clients that may only work for anonymous access. And they are not working.
Windows 7 (Map drive), it pops up the credentials but does not log in.
FalconView (probably only understands anonymous login
Any idea what I am doing wrong here with the anon access? I am a novice at HTTPD.conf
(the environment variable ${EGPL_JobsPath} resolves to a windows path:
E.g. F:\Jobs
Alias /jobs ${EGPL_JobsPath}
<IfModule dav_lock_module>
DavLockDB "${EGPL_JobsPath}"
</IfModule>
<Directory "${EGPL_JobsPath}">
Header set Access-Control-Allow-Origin "*"
Dav On
Require valid-user
Options Indexes FollowSymLinks
Order allow,deny
Allow from all
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require user me
</LimitExcept>
AuthType Basic
AuthName DAV
AuthUserFile conf/users.passwords
</Directory>
The only way I could get this to work, is to turn off all Authentication and leave the webdav folder open to the world. I would still like to hear from people with better ideas:
Alias /jobs ${EGPL_JobsPath}
<IfModule dav_lock_module>
DavLockDB "${EGPL_LibrarianPath}"
</IfModule>
<Directory "${EGPL_JobsPath}">
Header set Access-Control-Allow-Origin "*"
Dav On
</Directory>
I'm new to this.
We did a system scan last night. However, during the scanning, the system is down and we are facing 403 forbidden error when access the web.
Please kindly assist how and where should i check.
Version: Apache/2.4.7 (Ubuntu)
Ubuntu 4.2
The application was working fine all these while and no changes was done on the server.
YOur help on this is much appreciated.
thank you!
Here's the config file for further help:
/etc/apache2/apache.conf
<Directory />
Options FollowSymLinks
AllowOverride None
# Require all denied
Require all granted
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
/etc/apache2/sites-available/000-default.conf
<Directory "/var/www/html">
Options All
AllowOverride All
Require all granted
</Directory>
As you already added some conf-files to your question and extended comments should be avoided on SO (and you don't have the required 20 reputation for moving to chat) next suggestions here: add also your .htaccess, and maybe this is of help: Apache2: 'AH01630: client denied by server configuration'
In addition, it might be of help if you open (depending on your browser and development tools) e.g. the Firebug Net Panel to check what happens when you call your site's url - if the 403 occurs directly or if there is any kind of redirect taking place. Could also be of help to trace the address in a shell / command prompt to see what's going on.
When I upgraded my VPS from Ubuntu 13.10 to 14.04 password protected directories are now giving the error below even if the correct password is entered.
Unauthorized: This server could not verify that you are authorized
to access the document requested. Either you supplied the wrong
credentials (e.g., bad password), or your browser doesn't understand
how to supply the credentials required.
Apache error.log says "No requires line available"
Files are as follows:-
/etc/apache2/sites-available/example.com.conf
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/mysite
</VirtualHost>
<Directory /var/www/mysite>
Options -Indexes
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
/var/www/mysite/.htaccess
AuthType Basic
AuthName "Protected"
AuthUserFile /var/www/mysite/.htpasswd
require valid-user
/var/www/mysite/.htpasswd
admin:gIlFunhlCwBeY
Please will you help me to get authentication working again.
It appears apache 2.4 has added new values for the auth* modules. A grant is required now to return similar behavior. This is performed such as :
Require all granted
Some of this is outlined on the Apache HTTPd documentation site:
http://httpd.apache.org/docs/2.4/upgrading.html
I suggest referencing that if you are having similar messages in your log entries.
For Ubuntu 14.04 just edit the .htaccess file as below. It works for me:
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /var/www/mysite/.htpasswd
Require valid-user
I am a newbie to Apache, using Apache 2.2.22. I am trying to password protect my whole localhost website using .htaccess; .htaccess is located in /Apache/htdocs and the password file is in /Apache/passwd. Trying to access the site I get prompted for a username/password but it always fails with the error (from error.log) [error] [client 127.0.0.1] user myuser: authentication failure for "/": Password Mismatch.
The password file was created with:
htpasswd -c /Apache/passwd/passwords myuser
My .htaccess file:
AuthType Basic
AuthName "Restricted Files"
AuthUserFile c:/Apache/passwd/passwords
AuthGroupFile /dev/null
require valid-user
My httpd.conf file was modifed with:
<Directory "C:/Apache/htdocs">
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
The Apache doc for Authentication and Authroization states to make sure that the modules mod_authn_core and mod_authz_core have either been built into the httpd binary or loaded by the httpd.conf configuration file. But I don't know how to do this; they are not listed in the Modules section of my httpd.conf file. mod_auth_basic.so, mod_authn_file.so, and mod_authz_groupfile.so are loaded via the httpd.conf file.
Thank you for any help or ideas.
I have setup my repo at /home/adil/hg/sample-repo and want to serve it via httpd. I am following the tutorial at https://www.mercurial-scm.org/wiki/PublishingRepositories#multiple and have created the hgweb.config file and have copied hgweb.cgi (renamed it to index.cgi) to /home/adil/web/mercurial/
My apache config (/etc/httpd/conf/httpd.conf) looks like this :
ScriptAlias /hg "/home/adil/web/mercurial/index.cgi"
<Directory "/home/adil/web/mercurial">
Order allow,deny
Allow from all
AllowOverride All
Options ExecCGI
AddHandler cgi-script .cgi
</Directory>
index.cgi, hgweb.config and all the dirs upwards have world read permissions
http://localhost/hg gives a "403 Forbidden" error. WTF?
PS: Apache error log shows :
[Sun Oct 17 06:45:38 2010] [error] [client 1.2.3.4] (13)Permission denied: access to /hg denied
I'm not an Apache config expert by any means, but I was experiencing this error and managed to get rid of it.
Before I did, I was getting this error in my error_log: client denied by server configuration: /Users/svn/Public/hg/hgwebdir.cgi
This was my original config:
ScriptAlias /hg "/Users/svn/Public/hg/hgwebdir.cgi"
<Location /hg>
AuthType Basic
AuthName "Mercurial Repositories"
AuthUserFile /Users/svn/Public/hg/auth
Require valid-user
</Location>
I added some options:
ScriptAlias /hg "/Users/svn/Public/hg/hgwebdir.cgi"
<Location /hg>
Options ExecCGI FollowSymLinks
Options None
Order allow,deny
Allow from all
AuthType Basic
AuthName "Mercurial Repositories"
AuthUserFile /Users/svn/Public/hg/auth
Require valid-user
</Location>
I tried Pablo's version too - one problem I experienced was that "ScriptAliasMatch ^/hg(.*)" was capturing the hg logo and stylesheets needed to render the browser repo explorer. I'm not sure if this even applies to hgweb.cgi because I don't use that one, but it was definitely an issue while using hgwebdir.cgi. Specifically: script not found or unable to stat: /Users/svn/Public/hg/hgweb.cgilogo.png
Probably Apache's process owner does not have permissions to access /home/adil/web/mercurial.
Also, do check Apache's error log (usually located in /var/log/httpd-error.log or some place similar. It will give you extra information to debug your installation.
To check what's the user running Apache's process do:
$ ps aux | grep http
ps should show what's the user running Apache.
Also, in case it helps, here's the way I do it:
ScriptAliasMatch ^/hg(.*) /usr/local/share/mercurial/www/hgweb.cgi$1
<Directory /usr/local/share/mercurial/www>
Options ExecCGI FollowSymLinks
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>