I want to set password for one directory using Apache server so that only authorized persons can access to the directory. I have created .htpasswd file inside the directory. And it contains one line
username:$apr1$5H33Pfw6$WApVs3KlrU7QgBqYrFgeW.
password is "password". And my Directory Preferences are
<Directory />
AuthType Basic
AuthName "Example Repository"
AuthUserFile /.htpasswd
Require valid-user
</Directory>
When accessing the directory from browser it asks for username and password. After entering username and password request fails. Http Request error code is 403. What could be the error. Thanks.
Taken from http://httpd.apache.org/docs/2.2/mod/mod_authn_file.html
Syntax: AuthUserFile file-path
File-path is the path to the user file. If it is not absolute, it is treated as relative to the ServerRoot.
You must provide the complete path to your .htpasswd file. Try with
AuthUserFile /complete/passwd/file/path/.htpasswd
Hope it helps.
Related
I would like to protect the protect-me-dir directory with http password. I tried this code:
AuthType Basic
AuthName "restricted area"
AuthUserFile /home/iterator/public_html/protect-me-dir/.htpasswd
require valid-user
It works, but unfortunately it asks for the password everywhere, not just in protect-me-dir. How is it possible to protect only that directory?
If I put this code inside <Directory "/home/iterator/public_html/protect-me-dir">...</Directory>, I get Internal Server Error
Just put the .htaccess file in the directory you want to password-protect. It is a per-directory config file.
I have a folder on my apache virtualhost called 'ProtectedFiles'
I want indexing available for this section, so all the files in this folder can be shown, but I want one of the files themselves to be password protected.
Folder structure:
site
site/ProtectedFiles
site/ProtectedFiles/Dummy1, Dummy2, Dummy3, .htaccess
In my .htaccess I have the following.
AuthUserFile /etc/httpd/conf/.htpasswd
AuthName "Protected files"
AuthType Basic
<Files "Dummy1">
require valid-user
</Files>
So I am password protecting the file 'Dummy1' and it works, when I go to site/ProtectedFiles/Dummy1 it asks for a password, but the file doesn't show in the directory / index.
Basically, asking how do you password protect AND show the file in the directory.
You can use IndexOptions +ShowForbidden directive to display files that require a password, and the FilesMatch directive to indicate which files you want to protect.
IndexOptions +ShowForbidden
<FilesMatch "Dummy[0-9]+">
AuthName "Username and password required"
AuthUserFile .htpasswd
Require valid-user
AuthType Basic
</FilesMatch>
Don't leave the .htpasswd file in the same directory - this is just an example.
I am trying to protect my directory with apache password protection, basically their is a subdirectory named reg in my /var/www folder. now, I have .htaccess in the /var/www/reg folder and the content is
AuthUserFile /var/www/.htpasswd
AuthName "Please Log In"
AuthType Basic
require valid-user
and a .htpasswd file in /var/www folder and the content is
xyz:AFm9t1CfobrkA
but when I try to access the folder typing localhost/reg no pop up box appear asking for username and password. Where am I wrong?
I have .htaccess file like this:
AuthUserFile /data/www/.../http-users
AuthType Basic
AuthName "private"
require user cf
And it works. What you could do:
Detect the possible cause by looking into the error log. In many cases you have access to it even on hosting environments
Make sure AllowOverride AuthConfig is set. You cannot set it in .htaccess, you must do it in the server configuration file. In a hosting environment, you have to ask your hosting provider.
Not very likely, but it could be the dot - try to rename the .htpasswd file to htpasswd
Its definitelly not caused by missing the <directory> container as noted in the discussion
I have this .htaccess
AuthType Basic
AuthName "Protected Area"
AuthUserFile /.htpasswds/.htpasswd
Require valid-user
And a .htpassword
test:$apr1$zXAu7nnl$612DeubGZ9jDrDPB1S8VO0
the directory structure is:
/.htpasswds/.htpasswd
/public_html/.htaccess
any attempt to login give me a 500 error. In cpanel the error is not registered in error log.
I don't know exactly what is the problem, but my host provider suggests this:
In cpanel
Section security
Option Web Protect
That will generate:
AuthType Basic
AuthName "Protected"
AuthUserFile "/home/abvnfj/.htpasswds/public_html/passwd"
require valid-user
if apache can not access .htpasswd, it generate Error 500.
in AuthUserFile write full path to .htpasswd file.
I've had a very similar problem with cPanel - and error 500 "internal error" upon entering the basic authentication credentials.
The problem seems to stem from cPanel putting the password file into a directory that the apache process could not access. Moving it to the root folder for the account (where the public_html directory is created) fixes the problem for me. The AuthUserFile entry in .htaccess must still point to the absolute pathname for the file, for example:
AuthUserFile "/home/myaccount/.passwd"
with the site root being in /home/myaccount/public_html/
Make sure you are using the correct absolute path in .htpaswd.
Example: for my bluehost I need
AuthUserFile /home7/<username>/public_html/...
While the FTP just gave me
/wwww/...
I had same error and I tested htpasswd with adding -p parameter which generates passwordfile as plaintext. The error was disappeared, but now I don't have any idea why default md5 passwords are causing this error.
I'm having some troubles configuring the .htaccess file to protect the access of a file.
The file to protect is:
www.mydomain.com/admin/stats.php
I put the .htaccess file into the www.mydomain.com/admin folder with the following code:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /
<Files stats.php>
require valid-user
</Files>
The file .htpasswd is into the www.mydomain.com/admin folder too and it contains the username and the password.
If I try to access to www.mydomain.com/admin/stats.php I get an "Internal Server Error". I think that the mistake can be into the path of "AuthUserFile" but how can I tell the file that the file to protect is in the same folder of the .htpasswd?
The server is Linux based.
hello you can try this below :
this is a path.php file who will display the realpath of his parent folder
<?php
echo realpath('path.php');
?>
in your .htpasswd you need to have something like this :
username:password
but the password need to be encrypt, you can do it with
<?php
echo crypt('your_password');
?>
and finally this is the .htaccess file
<Files page_to_protect.php>
AuthName "Message"
AuthUserFile \realpath_to_htpasswd\.htpasswd
AuthType Basic
require valid-user
</Files>
I think you need to put complete path to htpasswd file:
Ie.
AuthUserFile /home/-user-/-site-/.htpasswd
From the Apache documentation:
File-path is the path to the group file. If it is not absolute, it is
treated as relative to the ServerRoot.
That means you either specify the full (absolute) path to the .htpasswd file or one relative to whatever your ServerRoot is. Example:
AuthUserFile /www/passwords/.htpasswd