Removing .htaccess Authentication Restrictions - apache

I have a project that has .htaccess Authentication but i want to remove it for a certain assets folder.
i tried adding a htaccess in that folder with :
AuthType none
Satisfy Any
Allow from All
Order Allow, Deny
but it doesnt seem to work :(
Any thought on this. Thank you so much
Edit
The directory i am trying to unprotect is not a real directory, but a rewrite rule.
I dont have access to httpd.conf

Without seeing your full .htaccess I'm guessing, but what about something like this:
RewriteEngine On
RewriteRule ^assets/ - [E=allow-assets:1]
Allow from env=allow-assets
That could go in the .htaccess of the parent directory, not assets.

You could possibly do this if you have access to /etc/httpd.conf -- do you?

Related

htaccess and htpasswd protect a root subdirectory

I know this is a common question, but I just can't figure out how to do it.
After many unsuccessful attempts, dozens of tutorials and SO posts I gave up and decided to ask a new question here.
So, this is what I have:
a vary basic file host without the ability to alter any Apache settings
a subdomain provider
following file and directory structure:
-root
|-subfolder1
|-subfolder2
|-subfolder1
|-index.html
|-somescript.php
Now I just want to protect the folder "subfolder2" and all of its contents.
I managed to protect a subfolder of a subfolder of the root directory, but not a subfolder within the root directory itself.
I am totally lost.
Please, can anybody help me out?
If I understood your question you want to forbid the access to any URL which has subfolder2 in it, if this is the case then please try placing these rules into your .htaccess file. Please make sure you clear your browser cache before testing your URLs.
RewriteEngine ON
RewriteCond %{REQUEST_URI} subfolder2 [NC]
RewriteRule ^ - [F]
WOW!
Your code was not needed.
All I had to do was clearing the cache and cookies and then the login prompt popped up. That simple.
Thanks for your effort though!
BTW. this is what I have done so far:
file and directory structure as follows:
-root
...
|-subfolder2
|-subfolder1
|-.htaccess
|-.htpasswd
|-index.html
|-script.php
.htaccess file:
AuthType Basic
AuthName "Protected Area"
AuthUserFile /users/XYZ/root/subfolder2/.htpasswd
Require valid-user
.htpasswd file:
MrX:$blah1blah2blah3.some.encoded.password
Cleared browser cache and cookies.
Now when I go to http://XYZ.domain.com/subfolder2 the "login" prompt pops up and that's all I needed.
There's no secret or vulnerable data in this folder, I just don't want bots and crawlers to browse it.
Many thanks anyway
stay safe and have a nice pre new years eve time

htaccess not working in sub-directory

i have a vhosts in ubuntu, i work fine except the .htaccess in a sub-folder (images folder) is not work.
The problem is, I have written a .htaccess file in the sub-folder, and even I typed some thing wrong syntax .htaccess, it does not response error,i am pretty sure that the .htaccess in subfolder is being ignored.
i think that some setting is needed to let apache beware of the .htaccess in sub-folder, any one can help?
my system is ubuntu
Check in the server/vhost config and look for a <Directory> container that your images folder is in (or is your images folder), something maybe like:
<Directory "/var/www/vhost/images">
</Directory>
and inside it, make sure there isn't a:
AllowOverride None
Change that to either "All" or "FileInfo", depending on what exactly you're overriding in your htaccess file.

Shutting down a website using HTaccess does not work

OK, it's very simple but it does not work. I have a wiki site where the root contains an index.php file and the subdirectories contains the content of the wiki (I use PMwiki, so no database is required)
I want to temporarity shutdown the website and make it unaccessible by using an nice HTML page to display the shutdown message. I could rename the index.php file, but the rest of the files in the subfolder will remain accessible.
The first thing that worked but which is not elegant is restricting the whole site with a password in the htaccess using "Require valid-user" and all it's other command. The problem is that I cannot display a nice shutdown message as an HTML file.
Else I tried renaming the index.php file to something else like site.php. Creating a index.html file as a message and using a script like this:
Order Deny, allow
Deny from all
<File "index.html">
Allow from all
</File>
In that case, the index.html file is accessible, but it must be manually typed in the URL, it will not use this file by default. I tried adding DirectoryIndex directive like this
DirectoryIndex index.html
But it still does not work.
So first is there a way to make the user only see 1 page in particular and block everything else.
Second, doing so makes the site unaccessible to me. So is there a way to passords restrict the whole directory structure except for a specific index.html file. So that I could type url/site.php and be able to enter my website using an htaccess password.
Thanks for any help
Just this rule in root .htaccess should be able to handle this:
RewriteEngine On
RewriteBase /
RewriteRule !^shutdown\.html$ shutdown.html [L,NC]
Now you can keep custom HTML content in /shutdown.html. Keep in mind you need to use inline css/js since it will also rewrite css/js requests to /shutdown.html file.

htaccess rewrite question

I want to rewrite the url http://mydomain/myapp/fakefolder to http://mydomain/myapp/index.php
I tried the following rule but thats not working
RewriteEngine On
RewriteRule ^fakefolder$ index.php
The .htaccess file is located inside myapp.
Kindly help
Thanks
vineet
To begin with, your folder is not called vineetstore: it's called fakefolder.
The corrected rule works for me so I'd dare say your Apache installation is not configured to read .htaccess files in such location. You can easily test that: make a syntax error on purpose and see whether your site crashes.
Find your virtual host or site definition and make sure you have this directive:
AllowOverride All

Do you have to restart apache to make re-write rules in the .htaccess take effect?

I have pushed my .htaccess files to the production severs, but they don't work. Would a restart be the next step, or should I check something else.
A restart is not required for changes to .htaccess. Something else is wrong.
Make sure your .htaccess includes the statement
RewriteEngine on
which is required even if it's also present in httpd.conf. Also check that .htaccess is readable by the httpd process.
Check the error_log - it will tell you of any errors in .htaccess if it's being used.
Putting an intentional syntax error in .htaccess is a good check to make sure the file is being used -- you should get a 500 error on any page in the same directory.
Lastly, you can enable a rewrite log using commands like the following in your httpd.conf:
RewriteLog "logs/rewritelog"
RewriteLogLevel 7
The log file thus generated will give you the gory detail of which rewrite rules matched and how they were handled.
No:
Apache allows for decentralized management of configuration via special files placed inside the web tree. The special files are usually called .htaccess, but any name can be specified in the AccessFileName directive... Since .htaccess files are read on every request, changes made in these files take immediate effect...
From the apache documentation:
Most commonly, the problem is that AllowOverride is not set such that your configuration directives are being honored. Make sure that you don't have a AllowOverride None in effect for the file scope in question. A good test for this is to put garbage in your .htaccess file and reload. If a server error is not generated, then you almost certainly have AllowOverride None in effect.
Only if you have not added the mod_rewrite module to Apache.
You only need to restart Apache if you change any Apache ".conf" files.
I have the same issue and it seems PiedPiper post about AllowOverride were most helpful. Check your httpd.conf file for "AllowOverride" and make sure it is set to All.
In case of .htaccess restart is not required if it is not working probable reasons include.
AllowOverride May not be set which user can set inside httpd.conf or might have to contact server admin.
Check the file name of .htaccess it should be .htaccess not htaccess.txt see here for guide how to create one.
Try to use Options -Indexes or deny all kind of simple directive to see if it is working or not.
clear browser cache everytime if having rule for redirects or similar if previous redirect is cached it appears as if things are not working.
What's in your .htaccess? RewriteRules? Check that mod_rewrite is installed and enabled.
Other stuff? Try setting AllowOverride to 'all' on that directory.