I try to protect my dev web project a bit and add directory protection. ("Verzeichnisschutz" in german).
This is my .htaccess file (project/.htaccess)
AuthType Basic
AuthName "Please enter the valid auth details"
AuthUserFile .htpasswd
Require valid-user
This is my .htpasswd file (project/.htpasswd)
test:$apr1$3RWv80vU$MJFZn3DHhrB8yPNO6/TDV.
But I can still enter the website without having to enter any credentials.
I tried different browsers and inspector/private mode.
What is wrong?
Now I know why it does not work.
It is because my project runs on a nginx server and .htaccess does only work with apache.
Related
i have a mini website below my sites default files directory and i am trying to make it be password protected with the following .htaccess file which i put in that same directory:
#Protect Directory
AuthName "Dialog prompt"
AuthType Basic
AuthUserFile /Users/dianacastillo/Projects/dam/web/sites/default/files/microsites/food-lineup/.htpasswd
Require valid-user
I also created an .htpasswd file in the same directory.
however when i browse to this directory from the site, it does not ask for any authentication. what could be wrong?
this didnt work because i was using ddev . ddev uses nginx, not apache , i switched to apache in the conf.yaml for ddev and now it works.
[SOLVED]
My problem was:
So I've tried to password-protect the directory "www.example.com/bla" on my apache server using mod_auth_basic and mod_authn_file.
in my httpd.conf I added:
<Location "/bla">
AuthType Basic
AuthName "private area"
AuthBasicProvider file
AuthUserFile /home/passwords/password-file
Require valid-user
</Location
As soon as I restarted the apache, I can't see the folder bla on example.com (= on the parent-folder, where it is located). It's not deleted though, I just can't see it on my page. The password protection also works perfectly fine when I access bla directly via example.com/bla.
So somehow my server seems to hide all the directories that are password protected. How can I change that?
Thanks for your help!
Emilja
Edit: I think this is just the normal behaviour of this directive.
need a help with .htacces file to make http authentication.
I made .htacces and .htpasswd files due to tutorial on some web page, but it doesn't work.
.htacces file is very simple
AuthType Basic
AuthName "xxx"
AuthUserFile my/directory/path/
Require valid-user
Path is right, I checked it. Does anyone know what can be wrong please? Maybe there's something on ubuntu I should change or something.Thanks
I have a folder in my htdocs folder ChemLabDB and inside the directory I have my HTML files that the user can browser from their browsers. When the user put the path to the directory, the browser displays all the files. I put the .htaccess and .htpasswd file in the directory. Now everytime I visit the website, I get a enter password prompt.
My Directory:
My .htaccess file:
AuthType Basic
AuthName "Not Available to Users"
AuthUserfile "../htdocs/ChemLabDB/.htpasswd"
Require valid-user
What do I modify so the user can browse without having to enter authentication credentials. The only time a user is REQUIRED (for security) to enter is when they try to browse the directory?
You don't need to take refuge of Basic Authentication. Just put this line in your root .htaccess file:
Options -Indexes
And don't forget to comment out Basic Authentication code.
I have a main site and a subdomain test site.
On the main site I have a folder previously used for testing...
/httpdocs/test/
Within that I have a htaccess file
AuthUserFile /var/www/vhosts/myurl.com/private/.htpasswd
AuthType Basic
AuthName "Login"
Require valid-user
And an associated .htpasswd in the location specified. This works perfectly.
However, using exactly the same .htaccess for my new subdomain does not work
i.e. putting the .htaccess file at
/subdomains/tests/httpdocs/
or any subdirectory.
Any suggestions why this might be? I get the login screen but it won't accept any correct username/password.
Thanks,
Nick