I am trying to protect my directory with apache password protection, basically their is a subdirectory named reg in my /var/www folder. now, I have .htaccess in the /var/www/reg folder and the content is
AuthUserFile /var/www/.htpasswd
AuthName "Please Log In"
AuthType Basic
require valid-user
and a .htpasswd file in /var/www folder and the content is
xyz:AFm9t1CfobrkA
but when I try to access the folder typing localhost/reg no pop up box appear asking for username and password. Where am I wrong?
I have .htaccess file like this:
AuthUserFile /data/www/.../http-users
AuthType Basic
AuthName "private"
require user cf
And it works. What you could do:
Detect the possible cause by looking into the error log. In many cases you have access to it even on hosting environments
Make sure AllowOverride AuthConfig is set. You cannot set it in .htaccess, you must do it in the server configuration file. In a hosting environment, you have to ask your hosting provider.
Not very likely, but it could be the dot - try to rename the .htpasswd file to htpasswd
Its definitelly not caused by missing the <directory> container as noted in the discussion
Related
I would like to protect the protect-me-dir directory with http password. I tried this code:
AuthType Basic
AuthName "restricted area"
AuthUserFile /home/iterator/public_html/protect-me-dir/.htpasswd
require valid-user
It works, but unfortunately it asks for the password everywhere, not just in protect-me-dir. How is it possible to protect only that directory?
If I put this code inside <Directory "/home/iterator/public_html/protect-me-dir">...</Directory>, I get Internal Server Error
Just put the .htaccess file in the directory you want to password-protect. It is a per-directory config file.
I'm struggling with the htaccess system of apache.
My apache directories are set as follow:
www/ (Protected via /var/www/.htaccess)
www/public/ (Supposed to be unprotected via /var/www/public/.htaccess)
However i still can't access the public folder without the need to log in via my AuthType Basic from my www/.htaccess...
www/.htaccess:
AuthType Basic
AuthName "Acces restreint"
AuthUserFile "/var/www/.htpasswd"
Require valid-user
www/public/.htaccess:
AuthType None
Require All Granted
I really am not an expert in Apache so I may have missed the obvious.
Ok, I just figured out that what I was doing works but using H5AI as browser it needed to access the files.
I simply added a rule in the apache2.conf to prevent him being overwritten by the main directory .htaccess and all worked fine.
I have this .htaccess
AuthType Basic
AuthName "Protected Area"
AuthUserFile /.htpasswds/.htpasswd
Require valid-user
And a .htpassword
test:$apr1$zXAu7nnl$612DeubGZ9jDrDPB1S8VO0
the directory structure is:
/.htpasswds/.htpasswd
/public_html/.htaccess
any attempt to login give me a 500 error. In cpanel the error is not registered in error log.
I don't know exactly what is the problem, but my host provider suggests this:
In cpanel
Section security
Option Web Protect
That will generate:
AuthType Basic
AuthName "Protected"
AuthUserFile "/home/abvnfj/.htpasswds/public_html/passwd"
require valid-user
if apache can not access .htpasswd, it generate Error 500.
in AuthUserFile write full path to .htpasswd file.
I've had a very similar problem with cPanel - and error 500 "internal error" upon entering the basic authentication credentials.
The problem seems to stem from cPanel putting the password file into a directory that the apache process could not access. Moving it to the root folder for the account (where the public_html directory is created) fixes the problem for me. The AuthUserFile entry in .htaccess must still point to the absolute pathname for the file, for example:
AuthUserFile "/home/myaccount/.passwd"
with the site root being in /home/myaccount/public_html/
Make sure you are using the correct absolute path in .htpaswd.
Example: for my bluehost I need
AuthUserFile /home7/<username>/public_html/...
While the FTP just gave me
/wwww/...
I had same error and I tested htpasswd with adding -p parameter which generates passwordfile as plaintext. The error was disappeared, but now I don't have any idea why default md5 passwords are causing this error.
The question is that I want to protect only one folder "admin", I was using this in my .htaccess placed in /home/my_home/public_html
AuthName "message"
AuthType Basic
AuthUserFile /home/my_home/.htpasswd
require valid-user
but this protect all my site whilst I want to protect actually /home/my_home/public_html/admin. IN my error log I see:
/home/myhome/public_html/admin/.htaccess: <Directory not allowed here
You have to put the .htaccess file into your admin folder.
The configuration directives found in a .htaccess file are applied to the directory in which the .htaccess file is found, and to all subdirectories thereof. see Apache documentation
Currently on my server I have a .htaccess file in the root of my web directory -
AuthUserFile /path/to/root/www/.htpasswd
AuthType Basic
AuthName "Economic Complexity Observatory"
Require valid-user`
And this works great properly password protecting my whole site. The only problem is that I have this one sub directory that I DON'T WANT to to be password protected. Is there a way to specify that one specific directory will be free of password protection?
There is a way just using .htaccess. I saw this answer elsewhere
Just create an .htaccess file in the non-password protected subdirectory with the content:
Satisfy any
and that's it.
It worked for me.
If you have access to httpd.conf you can use the following (the "directory" directive cannot be used in .htaccess):
<Directory />
AuthUserFile /path/to/root/www/.htpasswd
AuthType Basic
AuthName "Economic Complexity Observatory"
Require valid-user
</Directory>
<Directory /path/to/unprotected/dir>
Satisfy All
</Directory>
I am not aware of a way to do it with htaccess without putting a separate .htaccess in each directory excluding the directory that should not be protected.