I'm trying to work out how to check if a user is a member of Group A and Group B with basic authorisation in Apache. Currently I have:
AuthType Basic
AuthName "Log Authors"
AuthUserFile /iweb/s3078033/apache2-secure/auth/user.file
AuthGroupFile /iweb/s3078033/apache2-secure/auth/group.file
Require group admin logger
which only checks if the user is a member of admin OR logger. I've tried looking all through the Apache documentation, but am not having much luck.
Any help would be great.
This should work <RequireAll>
Compatibility: Available in Apache 2.3 and later
Requires mod_authz_core
PS: I didn't try as I've only Apache 2.2.
You've likely already tried but would placing the Require directive on two lines help?
AuthType Basic
AuthName "Log Authors"
AuthUserFile /iweb/s3078033/apache2-secure/auth/user.file
AuthGroupFile /iweb/s3078033/apache2-secure/auth/group.file
Require group admin
Require group logger
Related
I am running latest ubuntu with apache.
I have very simple html directory I want to protect using .htaccess.
I am trying to do it with:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/www/dev/docs/.htpasswd
Require valid-user
On my .htpasswd file I have:
user:pass
I get internal server error with this. I've been digging hard but not sure why this is happening.
If I add a this:
<Directory "/var/www/dev/docs">
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/www/dev/docs/.htpasswd
Require valid-user
</Directory>
I can't login no matter what I do...
Thanks,
I have the same problem. But after a few trial and error, here's the fix.
You must use the full path to the .htpasswd file.
You must encapsulate the path with quotation marks "home/username/public_html/subfolder/protected/.htpasswd"
An example:
AuthUserFile "/home/username/public_html/subfolder/protected/.htpasswd"
AuthType Basic
AuthName "My restricted Area"
Require valid-user
Error #500 just means the web server isn't understanding something in your .htaccess file. There will be nothing in Apache's error log since the request doesn't even get parsed at this point.
Try putting quotes around the path to the .htpasswd file and note on some hosting companies like cough.. godaddy, 1&1 It may take several minutes for the changes in .htaccess to be picked up.
AuthType Basic
AuthName "Restricted Area"
AuthUserFile "/home/. . . . ./.htpasswd"
require valid-user
I have got same situation on Apache/2.4.6 (CentOS)
Path to htpasswd needs to be taken from $_SERVER['DOCUMENT_ROOT']
Apache has some bug (https://bz.apache.org/bugzilla/show_bug.cgi?id=54735), you need to set password from console like this:
htpasswd -nb username newpassw > <path-to>/.htpasswd
btw in Apache 2.4.6 on CentOS 7 problem still exists
I am using Apache HTTPD 2.4 and I've decided it's time for me to move from mod_authn_file to mod_authn_dbm. I've got it mostly working but it won't check my AuthDBMUserFile for group information. I've googled it and it appears that this kind of functionality should still be available, via mod_authz_dbm which I've now included. The documentation for mod_authz_dbm makes it appear that you just have to use the AuthDBMGroupFile directive as in my configuration below:
<Directory "C:/Apache24/site/requests">
AuthType Basic
AuthName "Secure Area"
AuthBasicProvider dbm
AuthDBMUserFile site/data/users
AuthDBMGroupFile site/data/users
Require group admin
</Directory>
(Don't worry, site/data is not accessible via the webserver!)
However, even though the directive is clearly known (httpd -t doesn't complain and the server starts OK), it is either being ignored or something else is trying to find a different group file. The error I see in the log file is:
AH01664: No group file was specified in the configuration
Does my configuration look incomplete somehow?
I have an answer via the Apache HTTPD Users Mailing List courtesy of Eric Covener, who says:
mod_authz_dbm responds to Require dbm-group (and dbm-file-group) only in 2.4 which seems to be a change from 2.2.
So my configuration should have been:
<Directory "C:/Apache24/site/requests">
AuthType Basic
AuthName "Secure Area"
AuthBasicProvider dbm
AuthDBMUserFile site/data/users
AuthDBMGroupFile site/data/users
Require dbm-group admin
</Directory>
I have tried this and it does exactly what I wanted. Many thanks Eric!
I want to make a web directory protectde by htaccess and LDAP users in certain OU's can access it.
I've googled all day and I couldn't make it happen. I've using Apache 2.2 on Ubuntu Server 10.04 LTS. Here is my htaccess:
AuthType Basic
AuthName "LOGIN"
AuthUserFile /dev/null
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL "ldap://SERVER_IP/ou=users,dc=domain,dc=TLD,dc=ccTLD?uid?sub?(objectClass=*)"
AuthLDAPBindDN "cn=user,dc=domain,dc=TLD,dc=ccTLD"
AuthLDAPBindPassword passwd
#I've tried all of below:
#Require valid-user # This works just fine. But i don't want everyone can login.
#Require ldap-group ou=couldLogIn,ou=users,dc=domain,dc=TLD,dc=ccTLD # Tried this one and failed.
Require ldap-filter (ou=couldLogIn,ou=users,dc=domain,dc=TLD,dc=ccTLD) # tried this one and also failed.
Thank you very much.
I found the problem. You shouldn't use brackets around the ldap-filter attribute.
This:
Require ldap-filter (ou=couldLogIn,ou=users,dc=domain,dc=TLD,dc=ccTLD)
Should be like this:
Require ldap-filter ou=couldLogIn,ou=users,dc=domain,dc=TLD,dc=ccTLD
I have an apache configuration containing the following directives. It is for a trac environment with multiple projects, each containing a different set of users that are allowed access.
I want to use a wildcard to allow only a defined group access to this environment, how can this be done? Currently my config allowes all users:
<LocationMatch "/private/[^/]+/login">
AuthType Basic
AuthName "Trac"
AuthUserFile /home/auth/private.access.user
Require valid-user
</LocationMatch>
But I would like it to read something like:
<LocationMatch "/private/[^/]+/login">
AuthType Basic
AuthName "Trac"
AuthUserFile /home/auth/private.access.user
Require Group [^/]
</LocationMatch>
Is this possible?
With Trac, I find it much easier to allow access to everybody in the Apache config and then use Trac's account manager plugin (http://trac-hacks.org/wiki/AccountManagerPlugin) to control access to each project's Trac instance. Revoke all permissions from the 'anonymous' user, and users from group2 won't be able to do anything with group1's Trac instance except see an error page and be prompted to login.
What I would do is the following...
<LocationMatch "/private/[^/]+/login">
AuthType Basic
AuthName "Trac"
AuthUserFile /home/auth/private.access.user
AuthGroupFile /home/auth/private.access.groups
Require Group group1 group2
</LocationMatch>
Where the group file /home/auth/private.access.groups is just a simple text (ascii) file, for example it could look like this:
group1: john barry
group2: frank jeremy
I'm not sure it Regular Expressions are possible in Require Group directive (I doubt they are), I always name particular names of groups listed in the group authentication file.
Is there some simple code that I can add to an .htaccess file or my virtual host file to enforce http basic auth?
What about this ?
AuthUserFile /my/derectory/.htpasswd
Require valid-user
AuthName "Secured Access"
AuthType Basic
the interesting part for you is Require valid-user
But if you can, please provide more informations about why you have you tried to do ^^