Password protect admin panel using htpassword not working - .htaccess

I have created a simple CSM website using core PHP. I have placed my fronted code in root directory i.e. public_html and admin code inside admin directory i.e. public_html/admin.
I want to password protect my admin part with htpassword. Below is my code for admin/.htaccess file.
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/public_html/admin/.htpasswd
ErrorDocument 401 /admin
Require valid-user
I have also added redirect from http to https in root .htaccess file as below
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
htpassword for admin only working if I will remove above code from root .htaccess file.
Anything wrong is there?

Create .htpasswd file in your admin folder.
And then create username and password by using this link : Click Here
Paste the below code in your .htaccess file.
AuthType Basic
AuthName "Restricted Area"
AuthUserFile COMPLETE_PATH_TO_ADMIN_FOLDER/.htpasswd #complete path to .htpasswd file.
require valid-user
I hope it will help you.

Please make sure that both of your file should be readable to the Web Server i.e .htpasswd and .htaccess use chmod 644 for the trick to work.
Try using my code in your .htaccess file
AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName "My Secret Folder"
Require valid-user
I hope it works :D

Related

Combine basic auth and redirect in .htaccess?

Following situation:
I wish to redirect all IP adresses (but NOT two fixed ones) if accessing the www.mydomain.tld/SubFolder1/ on my apache to www.mydomain.tld
Offen basic authentication for the www.mydomain.tld/SubFolder1/ with differen usernames
any idea how to do that?
I tried to use one htaccess file where i added some redirection rules and the basic auth stuff. But I never got the redirection rules to work correctly. Seamed the auth stuff is overwriting the redirection rules. Could that be?
I use the following code for the Authentication
AuthName "Restricted"
AuthType Basic
AuthUserFile //is/htdocs/www/subfolder1/.htpasswd
AuthGroupFile /dev/null
require valid-user
You can use this code in your DOCUMENT_ROOT/SubFolder1/.htaccess file:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^(192\.168\.0\.10|192\.168\.0\.20)$
RewriteRule ^$ http://www.mydomain.tld/ [L,R]
SetEnvIf Remote_Addr ^(192\.168\.0\.10|192\.168\.0\.20)$ DOAUTH
AuthName "Restricted"
AuthType Basic
AuthUserFile //is/htdocs/www/subfolder1/.htpasswd
AuthGroupFile /dev/null
require valid-user
Satisfy any
Order allow,deny
Allow from all
Deny from env=DOAUTH
SetEnvIf is needed because mod_auth runs before mod_rewrite hence env set by mod_rewrite cannot be used mod_auth.

is it possible to change URL of webpage using .htaccess and also want to protect folders using .htaccess?

I want to change Webpage URL http://www.xyz.com/in/index.php?mpid=page1 to http://www.xyz.com/in/page1 using .htaccess.
And also want to protect my folders with username and password.
AuthType Basic
AuthName "Protected Area"
#path to htpaswd
AuthUserFile /path/to/.htpasswd
Require valid-user
RewriteEngine on
RewriteCond %{REQUEST_URI} !^in
RewriteRule /in/(.+) in/index.php?mpid=$1

How do I protect index.php with .htaccess

I am trying to protect an index.php page of a subfolder with .htaccess.
The protection works as expected when I navigate to example.com/subfolder/index.php. However, when I just go to example.com/subfolder I get a 401 error.
Here is the relevant .htacess code:
AuthUserFile /home/myfolder/subfolder/.htpasswd
AuthName "Please enter your password"
AuthType Basic
<files index.php>
require valid-user
</files>
What do I need to do differently?
You should put a new .htaccess file in the subfolder directory with just the following in it:
AuthUserFile /home/myfolder/subfolder/.htpasswd
AuthName "Please enter your password"
AuthType Basic
require valid-user
That will password protect the entire directory

htaccess permissions on addon domains

i have two domains setup one called fastcms.com and the other is called fastautos.com.
fastautos.com is based in the /home/speedycm/public_html/fastautos/ directory on my fastcms.com server (acting as an add on domain)
the problem i'm having now is that i want to allow users to use the fastautos.com website but continue to restrict usage to the fastcms.com website (password request).
currently both sites ask for a passsword. i only want it to ask for a password on the fastcms.com website.
this is my htaccess file at the moment!
RewriteEngine on
AuthType Basic
AuthName "restricted area"
AuthUserFile /home/fastcm/public_html/.htpasswd
require valid-user
RewriteCond %{HTTP_HOST} ^fastautos.co.uk$ [OR]
RewriteCond %{HTTP_HOST} ^www.fastautos.co.uk$
RewriteRule ^/?$ "http\:\/\/fastcms\.co\.uk\/fastautos\/" [R=301,L]
please help! many thanks in advance
If my memory is good, you can put the AuthType etc into a Directory section, that is applied to one directory only.
Also, if you have not denied it, you can create .htaccess file within directories of each of your site the override general settings.

htaccess RewriteRule to block php/html, allow all others...?

How do I write a RewriteRule for htaccess to block access to php/html (unless authenticated) and allow access to all other extensions?
You should be able to put a standard .htpassword auth inside a filesmatch attribute...
So...
<FilesMatch "\.(html|php)$">
AuthName "Private zone"
AuthType Basic
AuthUserFile .htpasswd
require valid-user
</FilesMatch>
That should cause any request to .html or .php to ask for a password, you must generate a valid .htpasswd file...

Resources