Protect a file with .htaccess and .htpasswd - apache

I'm having some troubles configuring the .htaccess file to protect the access of a file.
The file to protect is:
www.mydomain.com/admin/stats.php
I put the .htaccess file into the www.mydomain.com/admin folder with the following code:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /
<Files stats.php>
require valid-user
</Files>
The file .htpasswd is into the www.mydomain.com/admin folder too and it contains the username and the password.
If I try to access to www.mydomain.com/admin/stats.php I get an "Internal Server Error". I think that the mistake can be into the path of "AuthUserFile" but how can I tell the file that the file to protect is in the same folder of the .htpasswd?
The server is Linux based.

hello you can try this below :
this is a path.php file who will display the realpath of his parent folder
<?php
echo realpath('path.php');
?>
in your .htpasswd you need to have something like this :
username:password
but the password need to be encrypt, you can do it with
<?php
echo crypt('your_password');
?>
and finally this is the .htaccess file
<Files page_to_protect.php>
AuthName "Message"
AuthUserFile \realpath_to_htpasswd\.htpasswd
AuthType Basic
require valid-user
</Files>

I think you need to put complete path to htpasswd file:
Ie.
AuthUserFile /home/-user-/-site-/.htpasswd

From the Apache documentation:
File-path is the path to the group file. If it is not absolute, it is
treated as relative to the ServerRoot.
That means you either specify the full (absolute) path to the .htpasswd file or one relative to whatever your ServerRoot is. Example:
AuthUserFile /www/passwords/.htpasswd

Related

Protect only a directory with htpasswd

I would like to protect the protect-me-dir directory with http password. I tried this code:
AuthType Basic
AuthName "restricted area"
AuthUserFile /home/iterator/public_html/protect-me-dir/.htpasswd
require valid-user
It works, but unfortunately it asks for the password everywhere, not just in protect-me-dir. How is it possible to protect only that directory?
If I put this code inside <Directory "/home/iterator/public_html/protect-me-dir">...</Directory>, I get Internal Server Error
Just put the .htaccess file in the directory you want to password-protect. It is a per-directory config file.

.htaccess doesn't ask me for password

I'm trying to protect a directory adding a .htaccess and a .htpasswd but instead asking me for password, it goes to the home page of my site directly.
My .htaccess is being read (put some garbage in it and I got 500 error).
Here's my .htaccess :
AuthName "Page d'administration protégée"
AuthType Basic
AuthUserFile "/Applications/MAMP/htdocs/backoffice_mollanger/app/.htpasswd"
Require valid-user
And my .htpasswd
Admin:gl0IiOirI2n6M
First of all, remove the speech marks you have around the .htpasswd location, they should not be there. If that does not help then try using this, you can specify the directory you want to protect by stating the file name in replace of example:
<Files /example>
AuthName "Page d'administration protégée"
AuthType Basic
AuthUserFile /Applications/MAMP/htdocs/backoffice_mollanger/app/.htpasswd
Require valid-user
</Files>

Apache - Displaying files but password protecting them

I have a folder on my apache virtualhost called 'ProtectedFiles'
I want indexing available for this section, so all the files in this folder can be shown, but I want one of the files themselves to be password protected.
Folder structure:
site
site/ProtectedFiles
site/ProtectedFiles/Dummy1, Dummy2, Dummy3, .htaccess
In my .htaccess I have the following.
AuthUserFile /etc/httpd/conf/.htpasswd
AuthName "Protected files"
AuthType Basic
<Files "Dummy1">
require valid-user
</Files>
So I am password protecting the file 'Dummy1' and it works, when I go to site/ProtectedFiles/Dummy1 it asks for a password, but the file doesn't show in the directory / index.
Basically, asking how do you password protect AND show the file in the directory.
You can use IndexOptions +ShowForbidden directive to display files that require a password, and the FilesMatch directive to indicate which files you want to protect.
IndexOptions +ShowForbidden
<FilesMatch "Dummy[0-9]+">
AuthName "Username and password required"
AuthUserFile .htpasswd
Require valid-user
AuthType Basic
</FilesMatch>
Don't leave the .htpasswd file in the same directory - this is just an example.

protect only one folder in apache with password

The question is that I want to protect only one folder "admin", I was using this in my .htaccess placed in /home/my_home/public_html
AuthName "message"
AuthType Basic
AuthUserFile /home/my_home/.htpasswd
require valid-user
but this protect all my site whilst I want to protect actually /home/my_home/public_html/admin. IN my error log I see:
/home/myhome/public_html/admin/.htaccess: <Directory not allowed here
You have to put the .htaccess file into your admin folder.
The configuration directives found in a .htaccess file are applied to the directory in which the .htaccess file is found, and to all subdirectories thereof. see Apache documentation

Password protect directory in Apache

I want to set password for one directory using Apache server so that only authorized persons can access to the directory. I have created .htpasswd file inside the directory. And it contains one line
username:$apr1$5H33Pfw6$WApVs3KlrU7QgBqYrFgeW.
password is "password". And my Directory Preferences are
<Directory />
AuthType Basic
AuthName "Example Repository"
AuthUserFile /.htpasswd
Require valid-user
</Directory>
When accessing the directory from browser it asks for username and password. After entering username and password request fails. Http Request error code is 403. What could be the error. Thanks.
Taken from http://httpd.apache.org/docs/2.2/mod/mod_authn_file.html
Syntax: AuthUserFile file-path
File-path is the path to the user file. If it is not absolute, it is treated as relative to the ServerRoot.
You must provide the complete path to your .htpasswd file. Try with
AuthUserFile /complete/passwd/file/path/.htpasswd
Hope it helps.