htaccess 500 Internal Server Error - apache

Alright so I'm having a problem using htaccess to password protect a page. Every time I navigate to the page they are redirected to a "Internal server error" page. I have very minimal knowledge of PHP and am having a hard time getting this fixed. I took a look in the error logs and found this error here "[error] [client 209.91.179.158] client denied by server configuration:"
I have no idea how to access the httpd.conf file on the FTP server nor do I know if it's possible. I have only been using PHP for about 2 weeks.
My .htaccess File
<Directory>
Order allow,deny
Allow from all
Allow from 209.91.179.158
Allow from ::1
</Directory>
AuthType Basic
AuthName "restricted area"
AuthUserFile mydir/.htpasswd
<Files "staff.html">
Require valid-user
</Files>

You're getting 500 error because <Directory> directive isn't allowed in .htaccess. If you can explain what you're trying to do I can help you further.

Related

Authentication with mod_python without login credentials popup

I am using Centos server with apache server.
I have added python script that reads my website's login cookie and based on that it return apache.OK or apache.HTTP_UNAUTHORIZED.
However even if cookies is present, it will pop up that login form.
Any help on how to remove that pop up is appreciated.
I tried removing AuthType Basic, but than i get following error
The server encountered an internal error or misconfiguration and was
unable to complete your request.
<Directory "/var/www/html/reports" >
AddHandler mod_python .py
PythonHandler /tmp/access.py
PythonAuthenHandler /tmp/access.py
PythonDebug On
SSLRequireSSL
AllowOverride AuthConfig
#AuthType Basic
AuthName "Restricted Area"
AuthBasicAuthoritative Off
Options -Indexes
require valid-user
just found out if you don't want login pop up , you will have to set up req.user to something
It was throwing error before that req.user is null.
I did this req.user = "nobody"

error 500 on xampp using htacces (Password)

Hi I am getting error 500 on Apache webserver using xampp. The error wasnt there until i used a .htaccess, .htpasswd file. I searched and i couldnt find a syntax error. I have only 1 image and the index file I want to protect. Here are the syntaxes:
.htaccess
AuthType Basic
AuthName "Prosím přihlašte se.";
AuthUserFile C:\xampp\htdocs\Zprávy 1.E\.htpasswd
require valid-user
.htpasswd
zak:$apr1$t8hZiqXE$0qdoQ/876dOqysUmww2NM/
You have syntax error on your .htaccess file, you should quote the file path because it has space between.
AuthType Basic
AuthName "Prosím přihlašte se.";
AuthUserFile "C:\xampp\htdocs\Zprávy 1.E\.htpasswd"
require valid-user

Why does a .htaccess protected directory work on http but not on https?

I have a domain example.com. example.com links to a Tumblr blog. sub.example.com links to my home's Ubuntu Server's Apache server. I also have SSL optionally enabled throughout sub.example.com (i.e., the user can choose between using http or https for any webpage). sub.example.com/directory is .htaccess protected. I can access the directory perfectly fine on http://sub.example.com/directory, but not on https://sub.example.com/directory. On the https version, I get prompted for my login info. Once I entered my credentials in, I got this error:
Error: File Not Found
File Not Found.
I'm not sure what's going wrong. Below is the full /var/www/html/directory/.htaccess file and a selected portion of the /etc/apache2/apache2.conf file.
.htaccess:
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /var/www/.htpasswd
Require valid-user
apache2.conf:
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
I'm on Ubuntu 14.10 and Apache 2.4.10
Try checking these steps below
Make sure your HTTPS is working without password.
Make sure your .htaccess point to the correct .htpasswd path.
I think your apache2.conf is fine but check config files in sites-enabled and conf-available if there any incorrect for port 443.
Like so many things with computers, a reboot fixed my issues. So, I probably didn't restart some service.

Htaccess password authentication Ubuntu 14.04 LTS

When I upgraded my VPS from Ubuntu 13.10 to 14.04 password protected directories are now giving the error below even if the correct password is entered.
Unauthorized: This server could not verify that you are authorized
to access the document requested. Either you supplied the wrong
credentials (e.g., bad password), or your browser doesn't understand
how to supply the credentials required.
Apache error.log says "No requires line available"
Files are as follows:-
/etc/apache2/sites-available/example.com.conf
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/mysite
</VirtualHost>
<Directory /var/www/mysite>
Options -Indexes
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
/var/www/mysite/.htaccess
AuthType Basic
AuthName "Protected"
AuthUserFile /var/www/mysite/.htpasswd
require valid-user
/var/www/mysite/.htpasswd
admin:gIlFunhlCwBeY
Please will you help me to get authentication working again.
It appears apache 2.4 has added new values for the auth* modules. A grant is required now to return similar behavior. This is performed such as :
Require all granted
Some of this is outlined on the Apache HTTPd documentation site:
http://httpd.apache.org/docs/2.4/upgrading.html
I suggest referencing that if you are having similar messages in your log entries.
For Ubuntu 14.04 just edit the .htaccess file as below. It works for me:
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /var/www/mysite/.htpasswd
Require valid-user

Apache "authentication failure for "/": Password Mismatch"

I am a newbie to Apache, using Apache 2.2.22. I am trying to password protect my whole localhost website using .htaccess; .htaccess is located in /Apache/htdocs and the password file is in /Apache/passwd. Trying to access the site I get prompted for a username/password but it always fails with the error (from error.log) [error] [client 127.0.0.1] user myuser: authentication failure for "/": Password Mismatch.
The password file was created with:
htpasswd -c /Apache/passwd/passwords myuser
My .htaccess file:
AuthType Basic
AuthName "Restricted Files"
AuthUserFile c:/Apache/passwd/passwords
AuthGroupFile /dev/null
require valid-user
My httpd.conf file was modifed with:
<Directory "C:/Apache/htdocs">
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
The Apache doc for Authentication and Authroization states to make sure that the modules mod_authn_core and mod_authz_core have either been built into the httpd binary or loaded by the httpd.conf configuration file. But I don't know how to do this; they are not listed in the Modules section of my httpd.conf file. mod_auth_basic.so, mod_authn_file.so, and mod_authz_groupfile.so are loaded via the httpd.conf file.
Thank you for any help or ideas.