I am trying to setup a password protected directory on my localhost.
The .htaccess file is located in /var/www/project/code/server/development and the .htpasswd file is located in the /home/adarshakb/.htpasswd
The .htaccess file contains:
AuthType Basic
AuthName Restricted
AuthUserFile /home/adarshakb/.htpasswd
require valid-user
and the .htpasswd contains:
user:HkCKfIOQNlS1E
Now, if I go to http://localhost/project/code/server/development/ It doesnt ask for any authentication and just opens up.
What is wrong here?
I guess that you lack loads of some modules. To ensure this, try to put garbage in .htaccess file, and tell us what's going on. If you have an error 500, your modules are loaded properly.
You can print out the loaded modules with this command :
apache2ctl -M 2>/dev/null
You need at least mod_authn_file & mod_auth_basic
Does changing the line in .htaccess from:
AuthName Restricted
to
AuthName "Password Protected Area"
work?
After that, enable htaccess override:
sudo nano /etc/apache2/sites-available/default
Change the "AllowOverride None" to "AllowOverride All" in:
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
finally a reload of settings:
sudo /etc/init.d/apache2 reload
Related
Okay this might be a very obvious one however...
I have the following in my .htaccess file
AuthType Basic
AuthName "Message"
AuthUserFile /www/sites/5ce/448/domainname/folder.htpasswd
require valid-user
Which works fine for password protecting the folder it's placed in.
I also have in another .htaccess file (when I remove the first one)
Options +indexes
Which works fine for showing the directory folder and included files on browser.
When I put these together i get Error 500. How do you essentially enable directory view but password protected?
There shouldn't be a space between the + and the indexes.
Try this:
AuthType Basic
AuthName "Message"
AuthUserFile /www/sites/5ce/448/domainname/folder.htpasswd
require valid-user
Options +Indexes
Is it possible with Apache to enable Indexes for a directory and be able to view every file, but at the same time, password protect only certain file types. When I use <FilesMatch "\.(type1|type2)"> they become hidden from the directory listing, but do become password protected. I just need them to be available in the directory listing because... reasons.
Here's what I got that does half the job.
<FilesMatch "\.(dat|mca|mcr)$">
AuthName "Protected Files"
AuthType Basic
AuthUserFile /home/web/maps/.htpasswd
require valid-user
</Files>
<Directory /home/web>
Options +Indexes
</Directory>
IndexOptions +showForbidden will allow autoindex listings for things that may eventually require authentication (or are forbidden for any other reason!)
Consider installing your own indexer; typically this is just a PHP script in the directory itself (index.php) that dynamically retrieves the directory listing. Just like Apache's mod_autoindex would, but potentially with nicer looks.
DIY:
listing files in folder showing index.php
Off-the-shelve:
http://autoindex.sourceforge.net/
http://pdirl.newroots.de/
http://www.evoluted.net/thinktank/web-development/php-directory-listing-script
I would like to have directory protected with apache authentication but one file so I did:
<Directory /path/to/dir>
AuthType Basic
AuthName "Private Pages"
AuthBasicProvider file
AuthUserFile /path/to/.htpasswd
require user userid
<FilesMatch "^exception.html$">
Order Allow,Deny
allow from All
</FilesMatch>
</Directory>
But it not work all the files ask for password.
I tried also with \ before the dot in the file name and with :
<File exception.html>
Nothing help it ask for a password for all the files including exception.html
What I'm doing wrong?
Thanks
You should check out this similar question on serverfault:
How to use basic auth for single file in otherwise forbidden Apache directory?
I am a newbie to Apache, using Apache 2.2.22. I am trying to password protect my whole localhost website using .htaccess; .htaccess is located in /Apache/htdocs and the password file is in /Apache/passwd. Trying to access the site I get prompted for a username/password but it always fails with the error (from error.log) [error] [client 127.0.0.1] user myuser: authentication failure for "/": Password Mismatch.
The password file was created with:
htpasswd -c /Apache/passwd/passwords myuser
My .htaccess file:
AuthType Basic
AuthName "Restricted Files"
AuthUserFile c:/Apache/passwd/passwords
AuthGroupFile /dev/null
require valid-user
My httpd.conf file was modifed with:
<Directory "C:/Apache/htdocs">
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
The Apache doc for Authentication and Authroization states to make sure that the modules mod_authn_core and mod_authz_core have either been built into the httpd binary or loaded by the httpd.conf configuration file. But I don't know how to do this; they are not listed in the Modules section of my httpd.conf file. mod_auth_basic.so, mod_authn_file.so, and mod_authz_groupfile.so are loaded via the httpd.conf file.
Thank you for any help or ideas.
Currently on my server I have a .htaccess file in the root of my web directory -
AuthUserFile /path/to/root/www/.htpasswd
AuthType Basic
AuthName "Economic Complexity Observatory"
Require valid-user`
And this works great properly password protecting my whole site. The only problem is that I have this one sub directory that I DON'T WANT to to be password protected. Is there a way to specify that one specific directory will be free of password protection?
There is a way just using .htaccess. I saw this answer elsewhere
Just create an .htaccess file in the non-password protected subdirectory with the content:
Satisfy any
and that's it.
It worked for me.
If you have access to httpd.conf you can use the following (the "directory" directive cannot be used in .htaccess):
<Directory />
AuthUserFile /path/to/root/www/.htpasswd
AuthType Basic
AuthName "Economic Complexity Observatory"
Require valid-user
</Directory>
<Directory /path/to/unprotected/dir>
Satisfy All
</Directory>
I am not aware of a way to do it with htaccess without putting a separate .htaccess in each directory excluding the directory that should not be protected.