I'm trying to configure my server to use the Apache Module mod_auth_digest directive only am having a tough time. Here's what I've got:
htdigest -c passwdfile registered_users#mydomain.net andy
'passwdfile' resides in
/var/www/
and in my httpd.conf file
<Location /var/www/mydomain/wp-admin/>
AuthType Digest
AuthName "private area"
AuthDigestDomain /var/www/mydomain/wp-admin/
AuthDigestProvider file
AuthUserFile /var/www/passwdfile
Require valid-user
</Location>
both mod_authn_file & mod_auth_digest are present on my server. Upon browsing to
http://mydomain.net/wp-admin I'm expecting to be prompted by Apache for a username and password only am not!
The location directive maps to the request URI not a server path.
Change
<Location /var/www/mydomain/wp-admin/>
To
<Location /wp-admin>
See docs here: https://httpd.apache.org/docs/2.4/mod/core.html#location
Related
I would like to protect the protect-me-dir directory with http password. I tried this code:
AuthType Basic
AuthName "restricted area"
AuthUserFile /home/iterator/public_html/protect-me-dir/.htpasswd
require valid-user
It works, but unfortunately it asks for the password everywhere, not just in protect-me-dir. How is it possible to protect only that directory?
If I put this code inside <Directory "/home/iterator/public_html/protect-me-dir">...</Directory>, I get Internal Server Error
Just put the .htaccess file in the directory you want to password-protect. It is a per-directory config file.
I am trying to set development variable for xampp under Windows in order to do this:
<IfDefine !development>
AuthType Basic
AuthName "Say the secret word"
AuthUserFile /var/www/hostname/.htpasswd
Require valid-user
</IfDefine>
on Linux you do it like this
export APACHE_ARGUMENTS=-Ddevelopment
How do I do this on Windows? I've tried to do
set APACHE_ARGUMENTS=-Ddevelopment
but it didn't work.
Any ideas?
Edit: tried to add startup parameters to apache service config, but didn't help either.
This may be a duplicate of Apache .htaccess - applying basic authentication conditionally based on environment or hostname
I have solved this issue by using the 'Allow from ....' directive.
This way I can blanket enable based off an IP ADDRESS
Here is the contents of my .htaccess file
Order deny,allow
Deny from all
AuthType Basic
AuthName "Secure Area"
AuthUserFile "/path/to/file/.htpasswd"
Require valid-user
Allow from 127.0.0.1
Satisfy Any
I am running latest ubuntu with apache.
I have very simple html directory I want to protect using .htaccess.
I am trying to do it with:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/www/dev/docs/.htpasswd
Require valid-user
On my .htpasswd file I have:
user:pass
I get internal server error with this. I've been digging hard but not sure why this is happening.
If I add a this:
<Directory "/var/www/dev/docs">
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/www/dev/docs/.htpasswd
Require valid-user
</Directory>
I can't login no matter what I do...
Thanks,
I have the same problem. But after a few trial and error, here's the fix.
You must use the full path to the .htpasswd file.
You must encapsulate the path with quotation marks "home/username/public_html/subfolder/protected/.htpasswd"
An example:
AuthUserFile "/home/username/public_html/subfolder/protected/.htpasswd"
AuthType Basic
AuthName "My restricted Area"
Require valid-user
Error #500 just means the web server isn't understanding something in your .htaccess file. There will be nothing in Apache's error log since the request doesn't even get parsed at this point.
Try putting quotes around the path to the .htpasswd file and note on some hosting companies like cough.. godaddy, 1&1 It may take several minutes for the changes in .htaccess to be picked up.
AuthType Basic
AuthName "Restricted Area"
AuthUserFile "/home/. . . . ./.htpasswd"
require valid-user
I have got same situation on Apache/2.4.6 (CentOS)
Path to htpasswd needs to be taken from $_SERVER['DOCUMENT_ROOT']
Apache has some bug (https://bz.apache.org/bugzilla/show_bug.cgi?id=54735), you need to set password from console like this:
htpasswd -nb username newpassw > <path-to>/.htpasswd
btw in Apache 2.4.6 on CentOS 7 problem still exists
When I upgraded my VPS from Ubuntu 13.10 to 14.04 password protected directories are now giving the error below even if the correct password is entered.
Unauthorized: This server could not verify that you are authorized
to access the document requested. Either you supplied the wrong
credentials (e.g., bad password), or your browser doesn't understand
how to supply the credentials required.
Apache error.log says "No requires line available"
Files are as follows:-
/etc/apache2/sites-available/example.com.conf
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/mysite
</VirtualHost>
<Directory /var/www/mysite>
Options -Indexes
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
/var/www/mysite/.htaccess
AuthType Basic
AuthName "Protected"
AuthUserFile /var/www/mysite/.htpasswd
require valid-user
/var/www/mysite/.htpasswd
admin:gIlFunhlCwBeY
Please will you help me to get authentication working again.
It appears apache 2.4 has added new values for the auth* modules. A grant is required now to return similar behavior. This is performed such as :
Require all granted
Some of this is outlined on the Apache HTTPd documentation site:
http://httpd.apache.org/docs/2.4/upgrading.html
I suggest referencing that if you are having similar messages in your log entries.
For Ubuntu 14.04 just edit the .htaccess file as below. It works for me:
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /var/www/mysite/.htpasswd
Require valid-user
I have trac installed and running great using apache2 and mod_wsgi. However when ever a user tries to access even the front page they are greeted with a login. I've tried several things, but everything I try either disables the authentication all together or won't allow unauthenticated users to view the site. Here's the authentication section of my httpd.conf file:
<Location '/'>
AuthType Basic
AuthName "Trac"
AuthUserFile /home/trac/.htpasswd
Require valid-user
</Location>
I'm almost certain that the solution lies int the require line but I've exhausted my ow creativity. Any thoughts?
EDIT: The answer I selected works great. The link given doesn't have instructions on connecting the password file to the system.
My memory is hazy, but the only solution I found when I had this issue was switching to from Apache authentication to the AccountManagerPlugin.
You can specify when apache should ask about password.
In trac when you select Login it will open site: /trac_folder/login
So defining location for authentication should do the trick.
Check my trac.conf:
WSGIScriptAlias /trac /var/lib/trac/apache/trac.wsgi
## This is required if you plan to use HTTP authorization. Without it the
## user name won't be passed
WSGIPassAuthorization On
<Directory /trac>
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
#AuthType Basic
#AuthName "TracHaselko"
#AuthUserFile /var/lib/trac/authfiles/htpasswd
#Require valid-user
</Directory>
<Location /trac/login>
AuthType Basic
AuthName "TracHaslo"
AuthUserFile /var/lib/trac/authfiles/htpasswd
Require valid-user
</Location>
In you file change:
<Location '/'>
to:
<Location '/login'>