Restrictions in apache - apache

I need to configure access to some different method, and to add more different users (admin, user1 ....)
<Location /webdav>
DAV On
#Require valid-user
AuthType Digest
AuthName "webdav"
AuthUserFile /etc/apache2/webdav.password
Require user admin
OPTIONS none
<LimitExcept PUT DELETE GET>
Require user admin
</LimitExcept>
</Location>
I cant use Require valid-user , because not all users need to have same access

Related

Allow either users OR ips to access using apache

I have users in .htpasswd and allowed IPs in .htaccess
I want to allow either user/password (for IPs not in .htaccss) OR IPs to access (without auth).
I edited the dir section in httpd with these lines
But its asking for user/password for the allowed IPs and IPs not in the file are not asked to authenticate.
<Directory xxx>
AllowOverride All
Options Indexes FollowSymLinks
AuthName "Authentication required!"
AuthType Basic
AuthUserFile <my path>/.htpasswd
<RequireAny>
Require ip 127.0.0.1
Require valid-user
</RequireAny>
</Directory>
These configs worked for me
AllowOverride All
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/my path/.htpasswd"
Require valid-user
satisfy any
deny from all
allow from x.x.x.x

Apache2.2 Url whitelisting from basic auth

I have a virtualhost configured with basic auth, but I want to whitelist only one url, because it will be called from a 3rd party API where I can't configure authentication. I read the other questions here but I couldn't get it work, this is how it looks like now:
<Location "^/this/url">
AuthType None
Order Allow,Deny
Allow from all
Satisfy any
</Location>
<Location />
AuthUserFile "/srv/.htpasswd"
AuthName authorization
AuthType Basic
require valid-user
Order Allow,Deny
Deny from all
Satisfy any
</Location>
So I want http://www.example.com to have authentication but http://www.example.com/this/url don't.

htaccess password protect files with different users

I have a files server and I use mod_autoindex to server the files. I have a username and password in htaccess so only certain people can access the files. I have added another user to htpasswd but I would only like that user to access some of the files/folders.
Here is my htaccess file now:
AuthType Basic
AuthName "restricted"
AuthUserFile E:\\path\\to\\.htpasswd
<Files "filesForAnyUser\\*">
Require valid-user
</Files>
<Files "*">
Require user admin
</Files>
I'm sure I am doing something wrong but I can't find any good documentation on this.
If you have a folder called "filesForAnyUser" and a folder where you have files only for admin, you need to make 2 htaccess files. One in "filesForAnyUser":
AuthType Basic
AuthName "restricted"
AuthUserFile E:\\path\\to\\.htpasswd
Require valid-user
And one in the other directory:
AuthType Basic
AuthName "restricted"
AuthUserFile E:\\path\\to\\.htpasswd
Require user admin
So here is my final solution for anyone else.
Put the following in the root folder:
AuthType Basic
AuthName "restricted"
AuthUserFile E:\\path\\to\\.htpasswd
Require user admin
Put the following in any folder where admin and user1 can access the file:
AuthType Basic
AuthName "restricted"
AuthUserFile E:\\path\\to\\.htpasswd
Require user admin user1 #users separated by space or "Require valid-user" if all users
If you want to allow user1 to only access certain files you can use <FilesMatch>:
AuthType Basic
AuthName "restricted"
AuthUserFile E:\\path\\to\\.htpasswd
Require user admin
<FilesMatch "^(doc1.pdf|doc2.txt|doc3.docx)$">
Require user admin user1 #or valid-user
</FilesMatch>
This gives admin access to all files in that folder but user1 only access to the files listed in <FilesMatch>
Note: The files in <FilesMatch> are for the current directory and any sub directory. I'm not sure how to limit it to only the current directory.

different htpasswd files per domain

I've 2 domains e.g. foo.com and bar.com which share the same document root.
The sites are protected by a .htaccess file
AuthUserFile ../.htpasswd
AuthName "No Access"
AuthType Basic
<Limit GET POST PUT>
require valid-user
</Limit>
how can I set the AuthUserFile depending on the host?
pseudocode:
if (host == foo.com) {
AuthUserFile ../.htpasswd_foo
} else {
AuthUserFile ../.htpasswd_bar
}
AuthName "No Access"
AuthType Basic
<Limit GET POST PUT>
require valid-user
</Limit>
If this is not possible are there any other ways to get different logins for the 2 domains?
Try setting it up like this:
#site1.com
setenvIfNoCase Host site1\.com pass_1
AuthType Basic
AuthName "Site1.com Login Required"
AuthUserFile "/home/userdir/.htpasswds/site1.pwd"
Require valid-user
Order allow,deny
Allow from all
Deny from env=pass_1
Satisfy any
#site2.com
setenvIfNoCase Host site2\.com pass_2
AuthType Basic
AuthName "Site2.com Login Required"
AuthUserFile "/home/user_dir/.htpasswds/site2.pwd"
Require valid-user
Order allow,deny
Allow from all
Deny from env=pass_2
Satisfy any

Apache restrict access unless from localhost

The below code is in .htaccess file in /home/cuddle/test/
AuthUserFile "/home/cuddle/.htpasswds/test/passwd"
AuthType Basic
AuthName "Secure Area"
Require valid-user
This works fine, it will prompt for username & password, however when I add another rule to allow internal requests:
Allow from 127.0.0.1
Satisfy Any
It no longer prompts for password for outside users (non localhost) and seems to let all users through, no matter if they validate or what IP they are from. There are no other permissions/allow/deny present within .htaccess
Try this:
AuthUserFile "/home/cuddle/.htpasswds/test/passwd"
AuthType Basic
AuthName "Secure Area"
Require valid-user
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
Satisfy Any
I just signed up to StackOverflow because I stumbled to same problem, and after trial-and-error, the config above worked for me.
Simpler solution:
AuthUserFile "/home/cuddle/.htpasswds/test/passwd"
AuthType Basic
AuthName "Secure Area"
Require valid-user
Require local
Satisfy Any