Invalid command 'auth_basic' - apache

I recently added this to a htaccess file:
AuthUserFile /var/www/.htpasswd
AuthName "Authorization Required"
AuthType Basic
require valid-user
now I get the error
'.htaccess: Invalid command 'auth_basic', perhaps misspelled or defined by a module not included in the server configuration'
Does this mean my host doesnt have basic authentication turned on??
-Edit I have just checked using apache2ctl -M and auth_basic_module DOES appear in the list

Related

Apache "Require valid-user" does not work

I am writing a htaccess file for Apache 2.4.
I have in the basic config the directives "AllowOverrideAll" and "Require all granted" and I want to restrict the access to a folder.
Then I create a .htaccess file in the folder.
The file works if I set for example "Require all denied", but if I set "Require valid-user" I have a misconfiguration error.
For example, if I try the htaccess with this content
AuthType Basic
AuthName "Authentication Required"
Authuserfile "/etc/htpasswd/.htpasswd"
require all denied
works ("Forbidden: You don't have permission to access /TorGuard/ on this server.")
but with this content
AuthType Basic
AuthName "Authentication Required"
AuthUserfile "/etc/htpasswd/.htpasswd"
require valid-user
I have an error ("Internal Server Error: The server encountered an internal error or misconfiguration and was unable to complete your request.")
In particular I am working on a QNAP and the htaccess is in the folder of the WEBUI of my application.

401 Unauthorized while accessing localhost/phpmyadmin in ubuntu 14.04 LTS

I am new to Ubuntu. I am facing this issue while accessing the localhost/phpmyadmin
401 Unauthorized
Also, I cannot login using the username and password I set for phpmyadmin.
I have followed the tutorial from here - Digital Ocean Tutorial
Any suggestions are welcome
I resolved this issue by uninstalling the phpmyadmin and again installing the phpmyadmin.
You can resolve it by editing:nano /etc/apache2/conf-enabled/phpmyadmin.conf
And commenting the text:
# <IfModule mod_authn_file.c>
# AuthType Basic
# AuthName "phpMyAdmin Access"
# AuthUserFile /etc/phpmyadmin/htpasswd
# </IfModule>
# Require valid-user
you also need to make changes in /usr/share/phpmyadmin/.htaccess file
type vim /usr/share/phpmyadmin/.htaccess and edit file
and comment the lines
# AuthType Basic
# Authname "Restricted files"
# AuthUserFile /etc/phpmyadmin/.htpasswd
# Require valid-user
This will resolve the problem of asking password to access directory.

500 Error with .htaccess password protection

I am running latest ubuntu with apache.
I have very simple html directory I want to protect using .htaccess.
I am trying to do it with:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/www/dev/docs/.htpasswd
Require valid-user
On my .htpasswd file I have:
user:pass
I get internal server error with this. I've been digging hard but not sure why this is happening.
If I add a this:
<Directory "/var/www/dev/docs">
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/www/dev/docs/.htpasswd
Require valid-user
</Directory>
I can't login no matter what I do...
Thanks,
I have the same problem. But after a few trial and error, here's the fix.
You must use the full path to the .htpasswd file.
You must encapsulate the path with quotation marks "home/username/public_html/subfolder/protected/.htpasswd"
An example:
AuthUserFile "/home/username/public_html/subfolder/protected/.htpasswd"
AuthType Basic
AuthName "My restricted Area"
Require valid-user
Error #500 just means the web server isn't understanding something in your .htaccess file. There will be nothing in Apache's error log since the request doesn't even get parsed at this point.
Try putting quotes around the path to the .htpasswd file and note on some hosting companies like cough.. godaddy, 1&1 It may take several minutes for the changes in .htaccess to be picked up.
AuthType Basic
AuthName "Restricted Area"
AuthUserFile "/home/. . . . ./.htpasswd"
require valid-user
I have got same situation on Apache/2.4.6 (CentOS)
Path to htpasswd needs to be taken from $_SERVER['DOCUMENT_ROOT']
Apache has some bug (https://bz.apache.org/bugzilla/show_bug.cgi?id=54735), you need to set password from console like this:
htpasswd -nb username newpassw > <path-to>/.htpasswd
btw in Apache 2.4.6 on CentOS 7 problem still exists

basic authentication error 500

I have this .htaccess
AuthType Basic
AuthName "Protected Area"
AuthUserFile /.htpasswds/.htpasswd
Require valid-user
And a .htpassword
test:$apr1$zXAu7nnl$612DeubGZ9jDrDPB1S8VO0
the directory structure is:
/.htpasswds/.htpasswd
/public_html/.htaccess
any attempt to login give me a 500 error. In cpanel the error is not registered in error log.
I don't know exactly what is the problem, but my host provider suggests this:
In cpanel
Section security
Option Web Protect
That will generate:
AuthType Basic
AuthName "Protected"
AuthUserFile "/home/abvnfj/.htpasswds/public_html/passwd"
require valid-user
if apache can not access .htpasswd, it generate Error 500.
in AuthUserFile write full path to .htpasswd file.
I've had a very similar problem with cPanel - and error 500 "internal error" upon entering the basic authentication credentials.
The problem seems to stem from cPanel putting the password file into a directory that the apache process could not access. Moving it to the root folder for the account (where the public_html directory is created) fixes the problem for me. The AuthUserFile entry in .htaccess must still point to the absolute pathname for the file, for example:
AuthUserFile "/home/myaccount/.passwd"
with the site root being in /home/myaccount/public_html/
Make sure you are using the correct absolute path in .htpaswd.
Example: for my bluehost I need
AuthUserFile /home7/<username>/public_html/...
While the FTP just gave me
/wwww/...
I had same error and I tested htpasswd with adding -p parameter which generates passwordfile as plaintext. The error was disappeared, but now I don't have any idea why default md5 passwords are causing this error.

Using "require group" with mod_authn_dbm in Apache HTTPD 2.4

I am using Apache HTTPD 2.4 and I've decided it's time for me to move from mod_authn_file to mod_authn_dbm. I've got it mostly working but it won't check my AuthDBMUserFile for group information. I've googled it and it appears that this kind of functionality should still be available, via mod_authz_dbm which I've now included. The documentation for mod_authz_dbm makes it appear that you just have to use the AuthDBMGroupFile directive as in my configuration below:
<Directory "C:/Apache24/site/requests">
AuthType Basic
AuthName "Secure Area"
AuthBasicProvider dbm
AuthDBMUserFile site/data/users
AuthDBMGroupFile site/data/users
Require group admin
</Directory>
(Don't worry, site/data is not accessible via the webserver!)
However, even though the directive is clearly known (httpd -t doesn't complain and the server starts OK), it is either being ignored or something else is trying to find a different group file. The error I see in the log file is:
AH01664: No group file was specified in the configuration
Does my configuration look incomplete somehow?
I have an answer via the Apache HTTPD Users Mailing List courtesy of Eric Covener, who says:
mod_authz_dbm responds to Require dbm-group (and dbm-file-group) only in 2.4 which seems to be a change from 2.2.
So my configuration should have been:
<Directory "C:/Apache24/site/requests">
AuthType Basic
AuthName "Secure Area"
AuthBasicProvider dbm
AuthDBMUserFile site/data/users
AuthDBMGroupFile site/data/users
Require dbm-group admin
</Directory>
I have tried this and it does exactly what I wanted. Many thanks Eric!