i have this htaccess :
AuthType Basic
AuthName " Vip User Only
AuthBasicProvider file
AuthUserFile c:\inetpub\htpasswd
Require valid-user
<FilesMatch ".(jpg|gif|png|tiff|jpeg|html)$">
Allow from any
Satisfy any
</FilesMatch>
i want to remotely read htpasswd from another server ?
e.g : this htpasswd is in Server A and i want too use htaccess in Server B with Server A's htpasswd !
is this possible ?
See the documentation of AuthUserFile
File-path is the path to the user file.
There's no mention of URI anywhere. To the contrary, it advises (rightly!) to make the file inaccessible from the web
Security
Make sure that the AuthUserFile is stored outside the document tree of the web-server. Do not put it in the directory that it protects. Otherwise, clients may be able to download the AuthUserFile.
Otherwise anybody could download the file, and crack all your passwords.
I am using the following in my htaccess:
Options +Indexes
IndexOptions +FancyIndexing
AuthUserFile /home/html/.htpasswd
AuthName "Restricted Area"
AuthType Basic
require valid-user
It works great in the root directory...
The problem is when I access a sub-directory, it asks for a password again. For each and every sub-directory it asks for a password. In fact, everytime I refresh it asks for the password again, instead of caching it in.
How do I fix this?
I've figured this one out. It is related to FancyIndexing. If you have FancyIndexing enabled, htaccess will ask to reconfirm the password on every file and folder within the initial folder. Turning this off solved the issue.
I saw this and I'd love to know how to recreate it. Unfortunately, I don't know .htaccess.
Upon viewing an image, there was an HTTP Basic Auth style dialog that asked to enter some sort of authentication (albeit nothing actually submitted anywhere).
I'm sorry for the skid question, but I'd really love some insight as to how this can be done using .htaccess or .htpasswd.
Thanks.
In your apache site conf, add something like:
Alias /image /path/to/img
<Directory "/path/to/img">
AuthType Basic
AuthName "LoginImage"
AuthUserFile /path/to/.htpasswd
Require valid-user
</Directory>
Then, create the .htpasswd file with:
htpasswd -c .htpasswd someusername
and you'll be prompted to create a password.
sorry to ask this again, I know that it's been asked before but I've literally read every discussion for trouble shooting and I'm still having problems
heres my code:
AllowOverride AuthConfig
AuthUserFile path/index/.htpasswd
AuthType Basic
AuthName "restricted area"
AuthGroupFile /dev/null
require valid-user
whenever I delete the .htaccess from the server the pages run normally but when I re-add the .htaccess I get the internal server error. It's really weird because occasionally an enter your password window comes up even but when I enter the password the window reappears, as if the password was entered incorrectly, and when I reload the page I get the 500 server error. Thanks in advance for the much needed help!!!
This line:
AllowOverride AuthConfig
Is probably what's causing you the error. The AllowOverride directive tells apache what is allowed to be used in things like htaccess files. So obviously, it's not something you can set in your htaccess file. AllowOverride needs to be in the server or vhost config, and the AuthConfig part of it tells apache that you can have auth directives (like AuthType, AuthName, etc) in an htaccess file.
I am trying to password protect a directory, and have two files in the directory which should password protected it:
.htaccess
.htpasswd
HTACCESS:
###Contents of .htaccess:
AuthUserFile /var/www/html/path/to/my/directory/.htpasswd
AuthName "Protected Files"
AuthType Basic
Require user admin
HTPASSWD:
###Contents of .htpasswd
admin:oxRHPuqwKiANY
The password is also admin, but no matter what password I try, it is always wrong. It immediately asks for the password again!
What is wrong with this configuration?
This problem is almost always because apache cannot read the .htpasswd file. There are four causes that come to mind:
it isn't parsing the path correctly... how did you create the .htaccess file? Does it have unix line endings (versus say using Notepad in Windows?
is the path correct? What does the following command (with the path update) show?
ls -l /var/www/html/path/to/my/directory/.htpasswd
does the web server have access to the file? chmod 644 and see if that solves the problem.
it can't parse the .htpasswd file: in this case, you are using the crypt() encryption so it does seem you created the file on Linux and it is probably fine. Some types of encryption only work on certain platforms, if in doubt try switching to MD5.
You may find helpful messages in the Apache error log.
My money is on #3.
I had a similar issue using MAMP and it was because i was creating .htpasswd by hand. Solution was to use htpasswd command in terminal:
htpasswd -bc .htpasswd someuser somepass
this created the .htpasswd file which worked fine with my .htaccess file which looked like so:
AuthType Basic
AuthName "This site is in alpha and requires a password."
AuthUserFile "/Applications/MAMP/htdocs/mywebsite/.htpasswd"
require valid-user
There's a small chance you're seeing password protection from a parent folder, not the folder you expect.
If your /etc/apache2/sites-enabled folder has only one file in it, check to see if it has a section for your sites folder, something like:
<Directory /var/www/mysite.com>
AllowOverride All
</Directory>
otherwise, if it has a file for your site name, like:
/etc/apache/sites-enabled/YOUR_SITE_NAME_HERE.conf
edit that file instead, and make sure that there's an
AllowOverride All
in there. That's the important part! If you want to only allow the minimum, specify:
AllowOverride AuthConfig
instead.
I had the same problem. Turned out the issue was this line:
Require user admin
If you specify admin you can only access the directory with admin even if you have other users in the .htpasswd file.
If you want to specify the users in the .htpasswd file, you can change the line to:
Require valid-user
My problem was that I did not give an absolute path for the AuthFile line.
I had the same issue.
The password should have specified encryption:
CRYPT_STD_DES - Standard DES-based hash with a two character salt from the alphabet "./0-9A-Za-z".
function standard_salt(){
$a = array_merge(range(0,9),range('a','z'),range('A','Z'));
return (string) $a[rand(0,count($a)-1)].$a[rand(0,count($a)-1)];
}
echo(crypt("admin",standard_salt()));
example:
admin:dsbU.we73eauE
Online javascript encripter is also available.
If it still does not work, take care of these:
use unix linebreaks
use correct AuthUserFile path, You can get it using: echo $_SERVER['DOCUMENT_ROOT'];
set file readable: chmod(".htpasswd",0644);
Also, make sure your password file is ANSI-encoded.
I spent about 2 hours to resolve the same issue. But problem was in nginx.
I have nginx as front web server and there was a line for proxy configuration:
proxy_set_header Authorization "";
It overrides Authorization field and apache don't receive login and password typed in.
I just commented out this line and it worked.
use
htpasswd -b .htpasswd admin admin
to use the password from command line.
Also, if you are scatterbrained like me, make sure you have some content to display, like some index.html file in the directory. Otherwise, it will look like authentication failed, while it's just that the server is not allowed to display the directory listing.