The below code is in .htaccess file in /home/cuddle/test/
AuthUserFile "/home/cuddle/.htpasswds/test/passwd"
AuthType Basic
AuthName "Secure Area"
Require valid-user
This works fine, it will prompt for username & password, however when I add another rule to allow internal requests:
Allow from 127.0.0.1
Satisfy Any
It no longer prompts for password for outside users (non localhost) and seems to let all users through, no matter if they validate or what IP they are from. There are no other permissions/allow/deny present within .htaccess
Try this:
AuthUserFile "/home/cuddle/.htpasswds/test/passwd"
AuthType Basic
AuthName "Secure Area"
Require valid-user
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
Satisfy Any
I just signed up to StackOverflow because I stumbled to same problem, and after trial-and-error, the config above worked for me.
Simpler solution:
AuthUserFile "/home/cuddle/.htpasswds/test/passwd"
AuthType Basic
AuthName "Secure Area"
Require valid-user
Require local
Satisfy Any
Related
I run a testsystem with a htaccess basic auth:
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /var/www/html/.htpasswd
Require valid-user
I now want to disable this auth for all user who target the /api and /api/orders etc. of this server. I tried it with this:
SetEnvIf Request_URI "/api(.*)$" api_uri
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /var/www/html/.htpasswd
Require valid-user
Deny from all
Allow from env=api_uri
Satisfy any
But this does not work - mod_setenvif is enabled. Does anybody have an idea why this is not working?
Thanks!
Have it this way:
SetEnvIf Request_URI /api api_uri
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /var/www/html/.htpasswd
Require valid-user
Satisfy any
Order deny,allow
Deny from all
Allow from env=api_uri
I normally just add a separate .htaccess file inside the api folder:
Satisfy any
i want to make some pages password protected using .htpasswd
How can i do it ??
# Do the regex check against the URI here, if match, set the "require_auth" var
SetEnvIf Request_URI ^/product-category/ require_auth=true
# Auth stuff
AuthUserFile /home1/thetimh6/public_html/htpasswd
AuthName "Password Protected"
AuthType Basic
# Setup a deny/allow
Order Deny,Allow
# Deny from everyone
Deny from all
# except if either of these are satisfied
Satisfy any
# 1. a valid authenticated user
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=!require_auth
I am try it in my htaccess file but it is showing me
500 Server Error
Put the following code in .htaccess in public_html
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/.htpasswd
Require valid-user
Then create a .htpasswd, but put it OUTSIDE public_html
So the /path/to/.htpasswd is pointing to that location
It's quite possible I'm thinking too simple here, but shouldn't the code:
AuthUserFile /home1/thetimh6/public_html/htpasswd
be:
AuthUserFile /home1/thetimh6/public_html/.htpasswd
This is my .htacess file. I'm trying to figure out how to to require a valid user with username/password only on the remote server, not on my local dev environment. Any help is appreciated. Thanks!
AuthType Basic
AuthName "restricted area"
require valid-user
AuthUserFile "/home/username/.htpasswds/public_html/passwd"
For those happening to stumble upon this old question, I use the following .htaccess logic in scenarios where I have one codebase for localhost, production, and a preview/staging environment, and only want to password-protect the latter:
<If "%{HTTP_HOST} == 'preview.example.com'">
AuthName "Preview Example"
AuthType Basic
AuthUserFile /example-path/.htpasswd
Require valid-user
</If>
I protected a couple of pages via the htaccess and htpasswd. Until now the site functioned well, but the last couple of days, we're experiencing some problems, and i wan't rule out this part of code.
My htaccess:
<Files "leiden.html">
AuthName "Name and Password"
AuthUserFile /var/www/fullpath to/.htpasswd
Require valid-user
AuthType Basic
</Files>
<Files "alkmaar.html">
AuthName "Name and Password"
AuthUserFile /var/www/fullpath to/.htpasswd2
Require valid-user
AuthType Basic
</Files>
<Files "vlaardingen.html">
AuthName "Name and Password"
AuthUserFile /var/www/fullpath to/.htpasswd3
Require valid-user
AuthType Basic
</Files>
ErrorDocument 401 /error401.html
And the corresponding htpasswd's containing the encrypted name and password combination.
.htpasswd
aaa:bbbb
.htpasswd2
ccc:dddd
.htpasswd3
eee:ffff
Is it possible to use multiple htpasswd's in this way or is there a better/cleaner solution to use only one htaccess and only one htpasswd?
For some reason, the site regularly blocks a user's ip-adress as a safety-precaution and i want to rule this security-solution out as cause of the problem.
Thanx in advance.
Melkman
Is it possible to use multiple htpasswd's in this way or is there a better/cleaner solution to use only one htaccess and only one htpasswd?
Something that you could do is keep on htpasswd file, and instead of using Require valid-user, use the require with a specific username:
<Files "leiden.html">
AuthName "Name and Password"
AuthUserFile /var/www/fullpath to/.htpasswd
Require user aaa
AuthType Basic
</Files>
<Files "alkmaar.html">
AuthName "Name and Password"
AuthUserFile /var/www/fullpath to/.htpasswd
Require user bbb
AuthType Basic
</Files>
<Files "vlaardingen.html">
AuthName "Name and Password"
AuthUserFile /var/www/fullpath to/.htpasswd
Require user ccc
AuthType Basic
</Files>
The mod_authz stuff (htpasswd/BASIC auth) isn't what's causing IP addresses to be blocked. Something else must be causing that.
I've 2 domains e.g. foo.com and bar.com which share the same document root.
The sites are protected by a .htaccess file
AuthUserFile ../.htpasswd
AuthName "No Access"
AuthType Basic
<Limit GET POST PUT>
require valid-user
</Limit>
how can I set the AuthUserFile depending on the host?
pseudocode:
if (host == foo.com) {
AuthUserFile ../.htpasswd_foo
} else {
AuthUserFile ../.htpasswd_bar
}
AuthName "No Access"
AuthType Basic
<Limit GET POST PUT>
require valid-user
</Limit>
If this is not possible are there any other ways to get different logins for the 2 domains?
Try setting it up like this:
#site1.com
setenvIfNoCase Host site1\.com pass_1
AuthType Basic
AuthName "Site1.com Login Required"
AuthUserFile "/home/userdir/.htpasswds/site1.pwd"
Require valid-user
Order allow,deny
Allow from all
Deny from env=pass_1
Satisfy any
#site2.com
setenvIfNoCase Host site2\.com pass_2
AuthType Basic
AuthName "Site2.com Login Required"
AuthUserFile "/home/user_dir/.htpasswds/site2.pwd"
Require valid-user
Order allow,deny
Allow from all
Deny from env=pass_2
Satisfy any