protect only one folder in apache with password - apache

The question is that I want to protect only one folder "admin", I was using this in my .htaccess placed in /home/my_home/public_html
AuthName "message"
AuthType Basic
AuthUserFile /home/my_home/.htpasswd
require valid-user
but this protect all my site whilst I want to protect actually /home/my_home/public_html/admin. IN my error log I see:
/home/myhome/public_html/admin/.htaccess: <Directory not allowed here

You have to put the .htaccess file into your admin folder.
The configuration directives found in a .htaccess file are applied to the directory in which the .htaccess file is found, and to all subdirectories thereof. see Apache documentation

Related

Allow subdirectory Apache 2.4

I'm struggling with the htaccess system of apache.
My apache directories are set as follow:
www/ (Protected via /var/www/.htaccess)
www/public/ (Supposed to be unprotected via /var/www/public/.htaccess)
However i still can't access the public folder without the need to log in via my AuthType Basic from my www/.htaccess...
www/.htaccess:
AuthType Basic
AuthName "Acces restreint"
AuthUserFile "/var/www/.htpasswd"
Require valid-user
www/public/.htaccess:
AuthType None
Require All Granted
I really am not an expert in Apache so I may have missed the obvious.
Ok, I just figured out that what I was doing works but using H5AI as browser it needed to access the files.
I simply added a rule in the apache2.conf to prevent him being overwritten by the main directory .htaccess and all worked fine.

How to upload a htaccess file with htpasswd?

I am trying to protect my directory with apache password protection, basically their is a subdirectory named reg in my /var/www folder. now, I have .htaccess in the /var/www/reg folder and the content is
AuthUserFile /var/www/.htpasswd
AuthName "Please Log In"
AuthType Basic
require valid-user
and a .htpasswd file in /var/www folder and the content is
xyz:AFm9t1CfobrkA
but when I try to access the folder typing localhost/reg no pop up box appear asking for username and password. Where am I wrong?
I have .htaccess file like this:
AuthUserFile /data/www/.../http-users
AuthType Basic
AuthName "private"
require user cf
And it works. What you could do:
Detect the possible cause by looking into the error log. In many cases you have access to it even on hosting environments
Make sure AllowOverride AuthConfig is set. You cannot set it in .htaccess, you must do it in the server configuration file. In a hosting environment, you have to ask your hosting provider.
Not very likely, but it could be the dot - try to rename the .htpasswd file to htpasswd
Its definitelly not caused by missing the <directory> container as noted in the discussion

password protect multiple directories via htaccess

I am able to password protect directories via the htaccess file at the root of my site (I have to use one htaccess file in my site root because of my CMS). The issue I'm having is assigning users to each directory I want to protect. I can create multiple users and password protect multiple directories, but any user will work for any protected directory. For example:
example.com/section-one should be private and accessed by user "one".
example.com/section-two should be private and accessed by user "two".
However any user will work on either section and once users log into one they have access to the others without being asked for a password. I know it is an issue with my htaccess file. I tried using but can't seem to figure out the formatting. All the information online shows how to do this for files, but directories just isn't as easy to find help on.
I am using this:
<IfModule mod_authn_file.c>
SetEnvIf Request_URI "^/section-one.*$" private
AuthName "Password Needed"
AuthGroupFile /dev/null
AuthType Basic
AuthUserFile /www/server/.htpasswd
Require user one
Order Deny,Allow
Deny from env=private
Satisfy any
</IfModule>
<IfModule mod_authn_file.c>
SetEnvIf Request_URI "^/section-two.*$" private
AuthName "Password Needed"
AuthGroupFile /dev/null
AuthType Basic
AuthUserFile /www/server/.htpasswd
Require User two
Order Deny,Allow
Deny from env=private
Satisfy any
</IfModule>
.htaccess files are used for applying specific configuration directives to the directories in which they are located. It is not possible to use one .htaccess file to specify different configurations for different directories. You either need to put your access controls in the server/vhost configuration file or use one .htaccess per directory.

Have sub directory not be password protected using Apache's .htaccess

Currently on my server I have a .htaccess file in the root of my web directory -
AuthUserFile /path/to/root/www/.htpasswd
AuthType Basic
AuthName "Economic Complexity Observatory"
Require valid-user`
And this works great properly password protecting my whole site. The only problem is that I have this one sub directory that I DON'T WANT to to be password protected. Is there a way to specify that one specific directory will be free of password protection?
There is a way just using .htaccess. I saw this answer elsewhere
Just create an .htaccess file in the non-password protected subdirectory with the content:
Satisfy any
and that's it.
It worked for me.
If you have access to httpd.conf you can use the following (the "directory" directive cannot be used in .htaccess):
<Directory />
AuthUserFile /path/to/root/www/.htpasswd
AuthType Basic
AuthName "Economic Complexity Observatory"
Require valid-user
</Directory>
<Directory /path/to/unprotected/dir>
Satisfy All
</Directory>
I am not aware of a way to do it with htaccess without putting a separate .htaccess in each directory excluding the directory that should not be protected.

.htaccess access control

I have a directory which contains a htaccess file:
AuthType Basic
AuthName "Go away"
AuthUserFile /home/daniel/.htpasswds/directory1/.htpasswd
Require valid-user
I have a subdirectory within that folder that I wish to use a different set of usernames/passwords for. How do I negate the effects of the first htaccess so I can use the auth?
Thanks
Just put another .htaccess in the subfolder and override the needed settings in there.
To use another .htaccess is disabled by default. So you first have to set "AllowOverride AuthConfig" in the directory directive of your apache config file.