Hi,
I have this in my htaccess
AuthUserFile /home/www/test/.htpasswd
AuthType Basic
AuthName "My restricted Area"
Require valid-user
this is my htpasswd file
test:$apr1$y38eqctj$LVKOW1ywu4vNE2PDDP3CT1
as I try to access the page I get the password prompt and even after I input the right credentials nothing happens and the site wont show. The page just stays there on Firefox whereas on Chrome the prompt just keeps popping up.
Whats wrong?
Thank you.
Related
I am trying to secure a website with an .htaccess file with Apache2. It works well but the message specified with the AuthName line is not visible on Chrome (but it is visible on Firefox !). What should I do to make it visible on Chrome?
Here is my .htaccess file
AuthType Basic
AuthName "Restricted Access"
AuthFile "/etc/apache2/.htpasswd"
Require valid-user
On Firefox the pop-up tells
The site ... is requesting your username and password. The site says: "Restricted Access"
But on Chrome it only tells
Sign in
What should I do to make it visible on Chrome?
There is nothing you can do.
The browser decides whether it wants to display this information to the user in some way, or not.
The phrasing used in the Apache documentation already hints at that (highlights by me) -
https://httpd.apache.org/docs/2.4/mod/mod_authn_core.html#authname:
The string provided for the AuthName is what will appear in the password dialog provided by most browsers.
https://httpd.apache.org/docs/2.4/howto/auth.html#gettingitworking:
The AuthName directive sets the Realm to be used in the authentication. The realm serves two major functions. First, the client often presents this information to the user as part of the password dialog box. Second, it is used by the client to determine what password to send for a given authenticated area.
Here is a workaround which can give some info for your unlucky visitor, using custom error document feature after the login attempt fails:
Put this line into your .htaccess file:
ErrorDocument 401 YYYY-MM-DDTHHMM-Site-update-under-way-Estimate-30-min
The continuous text seems to get displayed after login fails or is canceled. No dots (.) or colons (:) allowed. Of course it should represent a valid filename, but if the user has no access to public_html due to login fail a file maybe can't be served anyway. If You can serve a proper 401 error page, You can explain the situation there.
(edit 1) Maybe this behaviour is a curiosity in my case with shared hosting. The shared server there seems to be nginx which I guess "is forced" to accept .htaccess directives.
(edit 2) Confirmed this behaviour also with Apache 2.4 server
I would like to fake directory path with .htaccess, but I haven't got much experience with it, so I'm asking you, guys.
Let's say my URL is http://example.com/test and I got some scripts in that folder. I would like to hide the URL, so I wouldn't be able to access by it's real URL, but I could access it with e.g. http://example.com/test2.
I simply would like to hide and fake the directory.
To simply protect the page with a password you can add the following into your .htaccess on the page you want to protect:
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/.htpasswd <-- change this to your full path to .htpasswd
Require valid-user
Then create the .htpasswd file, and create user/password combinations. Like this:
test:dGRkPurkuWmW2
Directions can be found on this page:
http://www.htaccesstools.com/articles/password-protection/
Use a password generator like this one to generate an encrypted password:
http://www.htaccesstools.com/htpasswd-generator/
The error i get in IE is this:
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
Apache/2.2.24 (Unix) mod_hive/3.6 mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at www.**************.com Port 80
It doesn't ever prompt me for my username and password.
In chrome and ff; i get the pop up and it asks me for username and password because you need authorization to visit this page.
The page that IE drops me on is a secondary page I would land on in chrome or FF if i used the wrong credentials.
My .htaccess doesn't have much to it, it looks like so:
RewriteEngine on
AuthName "PRO"
AuthType Basic
require valid-user
#AuthName "PRO"
#AuthUserFile "/home/******/public_html/pro/.htpasswd"
#AuthType Basic
#require valid-user
ErrorDocument 401 default
AuthUserFile "/home/******/.htpasswds/public_html/pro/passwd"
It's a magento page/store. (linux, apache, mysql, php)
If there is anything else i could provide to help figure out where this problem is deriving from than please feel free to ask. I'm not really sure why it's breaking only in IE. Thanks in advance.
I'm trying to password protect a webpage, say index.html that's located at mysite.com/mysubfolder/index.html. How I've done this, is I've placed both a .htaccess and a .htpasswd file in the directory public_html/mysubfolder/, with .htacess containing the following:
AuthName "Secure Area"
AuthType Basic
AuthUserFile /public_html/mysubfolder/.htpasswd
Require valid-user
Now, when I type in www.mysite.com/mysubfolder into the address bar, I get the prompt to type in the user name and password, which I do, with the credentials that generated my .htpasswd file. But when I do, an empty page shows up - no error or warning, just a white page. I have other folders inside this directory, and for them too nothing shows up, when I try to access them directly through the address bar. When I click View Page Source, all I see is
<!-- SHTML Wrapper - 500 Server Error -->
I have no idea what to do now. I want everyone who types in that webpage or clicks through a link to it (mysite.com/mysubfolder/index.html or mysite.com/mysubfolder)to have to type in the specific credentials I have chosen. Am I doing something wrong? Maybe there is a better way? Thanks in advance.
Okay, so I'm protecting a webpage with a basic .htaccess/.htpasswd combination.
My .htaccess file looks something like this:
DirectoryIndex index.php
AuthUserFile HOMEDIRECTORY/.htpasswd
AuthName "Restricted Area"
AuthType Basic
require valid-user
Everything works fine under Firefox, but Chrome gives this message. I've tested this on multiple computers.
Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Any idea where Chrome is going wrong?
If you are using a frame redirection between different domains Chrome will not show the login prompt. Use an HTTP 302 or 301 redirection instead.