I am a newbie to Apache, using Apache 2.2.22. I am trying to password protect my whole localhost website using .htaccess; .htaccess is located in /Apache/htdocs and the password file is in /Apache/passwd. Trying to access the site I get prompted for a username/password but it always fails with the error (from error.log) [error] [client 127.0.0.1] user myuser: authentication failure for "/": Password Mismatch.
The password file was created with:
htpasswd -c /Apache/passwd/passwords myuser
My .htaccess file:
AuthType Basic
AuthName "Restricted Files"
AuthUserFile c:/Apache/passwd/passwords
AuthGroupFile /dev/null
require valid-user
My httpd.conf file was modifed with:
<Directory "C:/Apache/htdocs">
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
The Apache doc for Authentication and Authroization states to make sure that the modules mod_authn_core and mod_authz_core have either been built into the httpd binary or loaded by the httpd.conf configuration file. But I don't know how to do this; they are not listed in the Modules section of my httpd.conf file. mod_auth_basic.so, mod_authn_file.so, and mod_authz_groupfile.so are loaded via the httpd.conf file.
Thank you for any help or ideas.
Related
I'm running Apache/2.4.7 (Ubuntu) Server and I'm trying to protect one of the directories 'myFolder' which is located at /var/www/html/myFolder
I made the following edits in /etc/apache2/apache2.conf file
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Directory /var/www/html/myFolder>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
I created .htaccess in /var/www/myFolder with the following contents
AuthUserFile /var/www/html/myFolder/.htpasswd
AuthName "Authorization Required"
AuthType Basic
require valid-user
Also created htpasswd by
htpasswd -c /var/www/html/myFolder/.htpasswd admin
which then prompts for password.
I then try to access the file on the browser www.mydoman.com/myFolder/hello.html and it prompts for username and password. However, the authentication does not go through.
Here is the error from the error.log file
[authz_core:error] [pid 30042] [client xxx.xxx.xx.xxx:53348] AH01629: authorization failure (no authenticated user): /myFolder/hello.html
How can I resolve this issue?
A loaded mod-shib2 can cause this problem. According to this bug comment, setting ShibCompatValidUser On solves it.
Require valid-user does also work with mod_shib enabled. According to https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig this is only necessary for shib versions 2.5.2 and above. Note that ShibCompatValidUser is a server / virtual host option.
I am trying to implement apache authentication, but getting following error when giving correct password
access to /webalizer/ failed, reason: require directives present and no Authoritative handler.
If i give incorrect password it shows me
user testusr: authentication failure for "/webalizer/": Password Mismatc
Following is my apache configs
<Directory /var/www/html/webalizer>
Order allow,deny
AuthName "Authorized Users Only."
AuthType Basic
AuthUserFile /etc/httpd/conf/.htpasswd
require valid-user
Satisfy Any
</Directory>
apache is running with apache user, following is file permissions of htpasswd
-rw-r--r-- 1 apache apache 46 Nov 2 14:46 /etc/httpd/conf/.htpasswd
What do i missing?
OS is AWS linux instance.
When I upgraded my VPS from Ubuntu 13.10 to 14.04 password protected directories are now giving the error below even if the correct password is entered.
Unauthorized: This server could not verify that you are authorized
to access the document requested. Either you supplied the wrong
credentials (e.g., bad password), or your browser doesn't understand
how to supply the credentials required.
Apache error.log says "No requires line available"
Files are as follows:-
/etc/apache2/sites-available/example.com.conf
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/mysite
</VirtualHost>
<Directory /var/www/mysite>
Options -Indexes
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
/var/www/mysite/.htaccess
AuthType Basic
AuthName "Protected"
AuthUserFile /var/www/mysite/.htpasswd
require valid-user
/var/www/mysite/.htpasswd
admin:gIlFunhlCwBeY
Please will you help me to get authentication working again.
It appears apache 2.4 has added new values for the auth* modules. A grant is required now to return similar behavior. This is performed such as :
Require all granted
Some of this is outlined on the Apache HTTPd documentation site:
http://httpd.apache.org/docs/2.4/upgrading.html
I suggest referencing that if you are having similar messages in your log entries.
For Ubuntu 14.04 just edit the .htaccess file as below. It works for me:
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /var/www/mysite/.htpasswd
Require valid-user
I'm trying to configure my server to use the Apache Module mod_auth_digest directive only am having a tough time. Here's what I've got:
htdigest -c passwdfile registered_users#mydomain.net andy
'passwdfile' resides in
/var/www/
and in my httpd.conf file
<Location /var/www/mydomain/wp-admin/>
AuthType Digest
AuthName "private area"
AuthDigestDomain /var/www/mydomain/wp-admin/
AuthDigestProvider file
AuthUserFile /var/www/passwdfile
Require valid-user
</Location>
both mod_authn_file & mod_auth_digest are present on my server. Upon browsing to
http://mydomain.net/wp-admin I'm expecting to be prompted by Apache for a username and password only am not!
The location directive maps to the request URI not a server path.
Change
<Location /var/www/mydomain/wp-admin/>
To
<Location /wp-admin>
See docs here: https://httpd.apache.org/docs/2.4/mod/core.html#location
I am trying to setup a password protected directory on my localhost.
The .htaccess file is located in /var/www/project/code/server/development and the .htpasswd file is located in the /home/adarshakb/.htpasswd
The .htaccess file contains:
AuthType Basic
AuthName Restricted
AuthUserFile /home/adarshakb/.htpasswd
require valid-user
and the .htpasswd contains:
user:HkCKfIOQNlS1E
Now, if I go to http://localhost/project/code/server/development/ It doesnt ask for any authentication and just opens up.
What is wrong here?
I guess that you lack loads of some modules. To ensure this, try to put garbage in .htaccess file, and tell us what's going on. If you have an error 500, your modules are loaded properly.
You can print out the loaded modules with this command :
apache2ctl -M 2>/dev/null
You need at least mod_authn_file & mod_auth_basic
Does changing the line in .htaccess from:
AuthName Restricted
to
AuthName "Password Protected Area"
work?
After that, enable htaccess override:
sudo nano /etc/apache2/sites-available/default
Change the "AllowOverride None" to "AllowOverride All" in:
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
finally a reload of settings:
sudo /etc/init.d/apache2 reload