I have Apache HTTP Server 4.4.9 running on Windows computer.
There are 2 users, administrator and john.
Administrator should have access to c:\HTTP Storage and all subfolders, with enabled directory listings.
User john should have access only to folder c:\HTTP Storage\john and all subfolders, with disabled directory listings.
Problem is that my configuration doesn't allow user administrator the directory listing in folder c:\HTTP Storage\john, only c:\HTTP Storage\
<Directory />
Options FollowSymLinks
AllowOverride none
Order deny,allow
Require all denied
</Directory>
<Directory "C:/HTTP Storage">
Options Indexes FollowSymLinks
AllowOverride None
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/htpasswd"
Require user administrator
Order allow,deny
Allow from all
</Directory>
<Directory "C:/HTTP Storage/john">
Options FollowSymLinks
AllowOverride None
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/htpasswd"
Require user administrator john
Order allow,deny
Allow from all
</Directory>
What am I doing wrong?
Related
My goal is similar to the question asked here:
How to remove .htaccess password protection from a subdirectory
a .htaccess file protects all index.html files in subdirectories. I want to exclude a particular subdirectory from this rule.
However, even though I created the .htaccess file in said subdirectiory with the following content:
Require all granted
I am still requested for authentication from a .htaccess file at the higher directory:
DirectoryIndex index.html
<FilesMatch "index.html">
AuthUserFile /etc/users
AuthName "Protected"
AuthGroupFile /dev/null
AuthType Basic
Require valid-user
</FilesMatch>
How can I override this FilesMatch block in a sub directory so the login is not requested? In my apache configuration file:
<Directory />
Options FollowSymLinks
AllowOverride All
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride All
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
I do have AllowOverride set properly. What am I doing wrong?
In your subdirectory/.htaccess have these 2 lines to prevent auth:
Satisfy Any
Allow from all
I am new to this community. I have an Httpd running on RHEL 7.X.while trying to upload a hello.world file to the WebDAV server using the following command:
curl -T hello.world -u webdav:webdav http://192.168.100.49/recordings/hello.world.
In-Return,I am getting 405 ..PUT method is not allowed for this URL.
I am also sharing the contents of my webdav.conf file here:
<IfModule mod_dav.c>
Alias /recordings /var/webdav/recordings"
<Directory /var/webdav/recordings>
Dav On
Options Indexes MultiViews FollowSymlinks
IndexOptions FancyIndexing
AddDefaultCharset UTF-8
AuthType Basic
AuthName "webdav"
AuthUserFile /var/webdav/htpasswd
Require valid-user
Order allow,deny
Allow from all
<LimitExcept GET POST OPTIONS PUT>
Order allow,deny
Allow from all
</LimitExcept>
</Directory>
<Location "/recordings">
Require valid-user
AuthType Basic
AuthName "webdav"
AuthUserFile /var/webdav/htpasswd
</Location>
</IfModule>
Any helpful comments guys..Thanks in advance.
My Website is locked with htaccess in the apache2.conf, so you can only access it with user and password.
Now I want a subdirectory beeing only accessible for a certain user
<Directory /var/www/>
Options Indexes FollowSymLinks
AuthType Basic
AuthName "Access denied"
AllowOverride All
AuthBasicProvider file
AuthUserFile /home/pi/.htpasswd
Require valid-user
</Directory>
<Directory /var/www/html/MySite/MySubDirectory>
AllowOverride none
Require user alloweduser
</Directory>
What am I missing?
I'm trying to setup very basic username/password protection for my site using apache v2.4.7. I have the following in my sites conf file:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
DocumentRoot /var/my.site
DirectoryIndex index.html
<Directory /var/my.site>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
Options +ExecCGI
AddHandler cgi-script .pl
Require all granted
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/etc/my-site/.htpasswd"
Require valid-user
</Directory>
...
...but it's serving all requests without any auth challenges. I've also tried putting the auth options into their own separate <Location> block, but it's the same. I haven't explicitly enabled any additional auth mods myself, but I've checked auth_basic, authn_core, authn_file and authz_user mods and they're all enabled.
Currently have password protection on my main and sub directories, however I'd like to make it only required when connecting from an outside IP address and password free when connecting from the local subnet.
Currently /etc/apache2/sites-available/default looks like this:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
<Location / >
AuthType Digest
AuthName "intranet"
AuthDigestDomain /var/www/ http://10.1.2.2
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require user user1
SetEnv R_ENV "/var/www"
</Location>
<Location /dir1>
AuthType Digest
AuthName "dir"
AuthDigestDomain /var/www/dir1/ http://10.1.2.2/dir1
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require user user2
SetEnv R_ENV "/var/www/dir1"
</Location>
<Location /dir2>
AuthType Digest
AuthName "dir"
AuthDigestDomain /var/www/ http://10.1.2.2/dir2
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require user user2
SetEnv R_ENV "/var/www/dir2"
</Location>
</VirtualHost>
I've had a loot at Apache's documentation on auth but can't make sense of how I'd then implement the password protection in with that.
A bit of searching brought this up http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html
Basically changed this:
<Location / >
AuthType Digest
AuthName "intranet"
AuthDigestDomain /var/www/ http://10.1.2.2
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require user user1
SetEnv R_ENV "/var/www"
</Location>
to this:
<Location />
Order deny,allow
Deny from all
AuthType Digest
AuthName "intranet"
AuthDigestDomain /var/www/ http://10.1.2.2
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require valid-user
SetEnv R_ENV "/var/www"
Allow from 10.1.2.0/24
Satisfy Any
</Location>
Tested and it's all running smoothly.