I'm literally at the end of my knowledge. I've set-up a few server and sometimes I've used .htaccess for restricted access.
It's always working except for my latest work. I have an Debian instance running inside of a Docker container with Apache2.
Adding a .htpasswd-File work's fine. Except that the part in my .htaccess doesn't work.
/var/www/.htaccess exists
/var/www/.htpasswd exists
code inside my .htaccess:
AuthType Basic
AuthName "Members Only"
AuthUserFile /var/www/.htpasswd
require valid-user
There exists a file _index.html I can access this file using https://sub.domain.com/_index.html. That's why I know that /var/www is my entry point for accessing my website.
Found the answer. I have to Allow Override for this directory.
Related
I'm looking for implementing an .htaccess on Azure Container, but I don't think this is the proper way to implement a request access on Azure Container, because this is maybe different from Apache?
I want to add this .htaccess for specifics files on container root. Here is my .htaccess file:
<FilesMatch "^(index|standalone|standalone-async|spa).html$">
AuthName "Dialog prompt"
AuthType Basic
AuthUserFile /.htpasswd
Require valid-user
</FilesMatch>
Am I on the good way? And is this the best way to implement a dialog prompt on Azure Container?
Regards.
this is maybe different from Apache?
Yes, it is and if you are using the Windows App Service with the php stack, it uses the IIS not the Apache and the .htaccess is only for Apache. So that's why asked you the web stack.
If you are using a Windows App Service, try to use the web.config from .htaccess by putting all the applicable rules.
If you are using a php on a Linux App Service, make sure to re-check the major version like in the given below reference.
It is important that where we are placing this .htaccess file.
The target file that begins with index or whateverpage & it ends with .html
<FilesMatch "^(index|whateverpage)\.html$">
AuthName "Dialog prompt"
AuthType Basic
AuthUserFile /.htpasswd
Require valid-user
</FilesMatch>
References:
Azure Web App Doesn’t Read HTAccess File,
Use of .htaccess file.
I can't enter my web site www.nationtech.net.
When I am trying to enter my site URL on the browser, they show
http://www.nationtech.net is requesting your username and password. The site says: “Protected Directory”.
here is my .htaccess file code
AuthType Basic
AuthName "Protected Directory"
AuthUserFile "/home/wppasswd"
require valid-user
I am trying to change .htaccess code but they are not save.
What can i do?
If you do not want password protection for your website, just delete this .htaccess file
Just had a webpage hacked and thats exactly what happend. You need to take a couple of steps. I wiped out the account from my server, but server did not allowed me to erase .htaccess file on account folder, and I was even logged in as root. So steps:
Use commands
chattr -i .htaccess
chmod 777 .htaccess
Then you can delete that .htaccess file. It seems that a hacker got into your server, change the attributes so not even a root user can even touch, modify, change attributes at all. Once you remove .htaccess then you can remove the folder containing the file by repeating same procedure.
When I choose the same directory for .htaccess and .htpasswd, everything working fine.
But the situation below makes me sad.
I have one .htacces file in the root folder (johan) containing the code below.
AuthName "johan User"
AuthType Basic
AuthUserFile C:/wamp/www/johan/protectthisdir/.htpasswd
Require valid-user
.htpasswd is located at protectthisdir.
When I try to access the johan suddenly getting authentication required message box. But I need it only at protectthisdir. How to do this? Please help.
You should put the .htaccess file in the folder you want to protect, and not the root folder in your case.
The .htpasswd file should not be accessible from a browser so putting it above the DocumentRoot folder is a good idea. So in C:\wamp in your case.
PS:
It would be better to create a Virtual Host for your site to run in, in a completely different folder structure from the default wamp folders See this post for help on that
In my CakePHP app, I have a directory of files which I want to allow direct access to with a username/password. For reasons that are overly complicated, placing the directory inside the /webroot folder is not an option. My folder is located here:
/app/parent_folder/folder_full_of_files
So I want to be able to access files directly like this:
http://mysite.com/app/parent_folder/folder_full_of_files/some_file.pdf
I think I need to modify the .htaccess file in the root, and also add another .htaccess file and .htpasswd file in the folder_full_of_files
I have already found this post which asks a similar question... but I can't translate it to my application.
How do I need to modify the root .htaccess file?
What should be in the new .htaccess file. Here's what I've tried, but just results in 500 error...
AuthType Basic
AuthName "restricted area"
AuthUserFile /bla/bla/mysite/app/parent_folder/folder_full_of_files/.htpasswd
require valid-user
What is the correct way to encrypt the password in the .htaccess file?
I got this to work. I had to do a couple things...
I added this to the .htaccess file in root:
RewriteCond %{REQUEST_URI} !^/app/parent_folder/folder_full_of_files
As #Jon pointed out, my original version above had a mistake ([L]).
I also have an .htaccess file in my /app directory. This might be a quirk about my installation because it is not 100% standard. I can't remember if it's there by default, so I'm mentioning it just in case. IF you don't have one in /app skip this step.
I added this to an .htaccess file in the /folder_full_of_files:
AuthType Basic
AuthName "restricted area"
AuthUserFile /bla/bla/mysite/.htpasswd
require valid-user
Make sure the path after AuthUserFile is a fully-qualified path to the .htpasswd file (see next step).
Create the actual .htpasswd file. It's not supposed to be under the document root, but mine is. I think the most important thing is that it's not inside /webroot. I used this command from the terminal and it created the file:
htpasswd -c /path/where/it/should/go/.htpasswd whatever_username
It asks for a plain text password which gets encrypted and written into the file.
That's it. One annoying "gotcha" is that the path in the .htaccess to the auth file must be absolute, which means it will probably have to be edited when moving between local testing and production (unless the two environments are exactly the same). It would be less clunky if relative paths were allowed.
You don't need to modify the htaccess file in your document root at all
Make sure you have AllowOverride AuthConfig or AllowOverride All configured for your /app/parent_folder/folder_full_of_files/ directory. Make sure that the directory also has a properly generated htpasswd file (named .htpasswd). You need to use the htpasswd program to generate it, or any number of online generators.
I have a main site and a subdomain test site.
On the main site I have a folder previously used for testing...
/httpdocs/test/
Within that I have a htaccess file
AuthUserFile /var/www/vhosts/myurl.com/private/.htpasswd
AuthType Basic
AuthName "Login"
Require valid-user
And an associated .htpasswd in the location specified. This works perfectly.
However, using exactly the same .htaccess for my new subdomain does not work
i.e. putting the .htaccess file at
/subdomains/tests/httpdocs/
or any subdirectory.
Any suggestions why this might be? I get the login screen but it won't accept any correct username/password.
Thanks,
Nick