I am trying to implement apache authentication, but getting following error when giving correct password
access to /webalizer/ failed, reason: require directives present and no Authoritative handler.
If i give incorrect password it shows me
user testusr: authentication failure for "/webalizer/": Password Mismatc
Following is my apache configs
<Directory /var/www/html/webalizer>
Order allow,deny
AuthName "Authorized Users Only."
AuthType Basic
AuthUserFile /etc/httpd/conf/.htpasswd
require valid-user
Satisfy Any
</Directory>
apache is running with apache user, following is file permissions of htpasswd
-rw-r--r-- 1 apache apache 46 Nov 2 14:46 /etc/httpd/conf/.htpasswd
What do i missing?
OS is AWS linux instance.
Related
I have a few staging sites as virtual hosts on a server, plus a couple of public-facing virtual host sites. The stating sites are all under a single directory (e.g., /var/www/staging-sites/[site-document-root]).
Up to now I've been configuring HTTP Basic Auth for each virtual host, but it seems like there should be a way to do it once for all of them.
The question "apache global basic auth" indicates that I could place Basic Auth directives in a <Directory /var/www/staging-sites> container in the main apache config file, but doing so doesn't cause the browser to prompt for credentials.
Here's the output of tail -n 7 /etc/apache2/apache2.conf:
<Directory "/var/www/staging-sites/">
AuthType Basic
AuthName "Authentication Required"
AuthBasicProvider file
AuthUserFile /var/www/staging-sites/.htpasswd
Require valid-user
</Directory>
I've verified that /var/www/staging-sites/.htpasswd exists, and that the site foo.mydomain.com uses the Document Root /var/www/staging-sites/foo.
I've restarted apache to ensure the new config gets loaded.
However, when I open http://foo.mydomain.com, the site is displayed without prompting for Basic Auth credentials.
What am I doing wrong?
Solved. The problem was this section in the virtualhost configuration itself:
<Directory /var/www/staging-sites/foo>
Require all granted
</Directory>
Apparently all the virtualhosts were created with an equivalent configuration. As might be expected, Require all granted in the virtualhost config outdoes Require valid-user in the global config.
Removing that line allows the Basic Auth, as configured above, to work properly.
You can also leave Require all granted but add Satisfy all
I'm running Apache/2.4.7 (Ubuntu) Server and I'm trying to protect one of the directories 'myFolder' which is located at /var/www/html/myFolder
I made the following edits in /etc/apache2/apache2.conf file
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Directory /var/www/html/myFolder>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
I created .htaccess in /var/www/myFolder with the following contents
AuthUserFile /var/www/html/myFolder/.htpasswd
AuthName "Authorization Required"
AuthType Basic
require valid-user
Also created htpasswd by
htpasswd -c /var/www/html/myFolder/.htpasswd admin
which then prompts for password.
I then try to access the file on the browser www.mydoman.com/myFolder/hello.html and it prompts for username and password. However, the authentication does not go through.
Here is the error from the error.log file
[authz_core:error] [pid 30042] [client xxx.xxx.xx.xxx:53348] AH01629: authorization failure (no authenticated user): /myFolder/hello.html
How can I resolve this issue?
A loaded mod-shib2 can cause this problem. According to this bug comment, setting ShibCompatValidUser On solves it.
Require valid-user does also work with mod_shib enabled. According to https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig this is only necessary for shib versions 2.5.2 and above. Note that ShibCompatValidUser is a server / virtual host option.
When I upgraded my VPS from Ubuntu 13.10 to 14.04 password protected directories are now giving the error below even if the correct password is entered.
Unauthorized: This server could not verify that you are authorized
to access the document requested. Either you supplied the wrong
credentials (e.g., bad password), or your browser doesn't understand
how to supply the credentials required.
Apache error.log says "No requires line available"
Files are as follows:-
/etc/apache2/sites-available/example.com.conf
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/mysite
</VirtualHost>
<Directory /var/www/mysite>
Options -Indexes
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
/var/www/mysite/.htaccess
AuthType Basic
AuthName "Protected"
AuthUserFile /var/www/mysite/.htpasswd
require valid-user
/var/www/mysite/.htpasswd
admin:gIlFunhlCwBeY
Please will you help me to get authentication working again.
It appears apache 2.4 has added new values for the auth* modules. A grant is required now to return similar behavior. This is performed such as :
Require all granted
Some of this is outlined on the Apache HTTPd documentation site:
http://httpd.apache.org/docs/2.4/upgrading.html
I suggest referencing that if you are having similar messages in your log entries.
For Ubuntu 14.04 just edit the .htaccess file as below. It works for me:
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /var/www/mysite/.htpasswd
Require valid-user
Alright so I'm having a problem using htaccess to password protect a page. Every time I navigate to the page they are redirected to a "Internal server error" page. I have very minimal knowledge of PHP and am having a hard time getting this fixed. I took a look in the error logs and found this error here "[error] [client 209.91.179.158] client denied by server configuration:"
I have no idea how to access the httpd.conf file on the FTP server nor do I know if it's possible. I have only been using PHP for about 2 weeks.
My .htaccess File
<Directory>
Order allow,deny
Allow from all
Allow from 209.91.179.158
Allow from ::1
</Directory>
AuthType Basic
AuthName "restricted area"
AuthUserFile mydir/.htpasswd
<Files "staff.html">
Require valid-user
</Files>
You're getting 500 error because <Directory> directive isn't allowed in .htaccess. If you can explain what you're trying to do I can help you further.
I am a newbie to Apache, using Apache 2.2.22. I am trying to password protect my whole localhost website using .htaccess; .htaccess is located in /Apache/htdocs and the password file is in /Apache/passwd. Trying to access the site I get prompted for a username/password but it always fails with the error (from error.log) [error] [client 127.0.0.1] user myuser: authentication failure for "/": Password Mismatch.
The password file was created with:
htpasswd -c /Apache/passwd/passwords myuser
My .htaccess file:
AuthType Basic
AuthName "Restricted Files"
AuthUserFile c:/Apache/passwd/passwords
AuthGroupFile /dev/null
require valid-user
My httpd.conf file was modifed with:
<Directory "C:/Apache/htdocs">
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
The Apache doc for Authentication and Authroization states to make sure that the modules mod_authn_core and mod_authz_core have either been built into the httpd binary or loaded by the httpd.conf configuration file. But I don't know how to do this; they are not listed in the Modules section of my httpd.conf file. mod_auth_basic.so, mod_authn_file.so, and mod_authz_groupfile.so are loaded via the httpd.conf file.
Thank you for any help or ideas.