Adding htaccess and htapassrd to heroku site - .htaccess

I'm trying to temporarily password protect my Heorku app with the .htaccess and .htpasswrd files in the root of the app.
I'm getting a 'Internal Server Error' with the following codes and can't figure out where I'm going wrong
.htaccess
AuthUserFile .htpasswd
AuthType Basic
AuthName "Restricted Access"
Require valid-user
.htpasswrd (MD5 encrypted)
rob:$apr1$MRsSwhFN$buG0YTSOezeY8YJ32LXnT1

Looks like your path is off.
As of July 2016, some subtle changes are necessary on heroku-php-apache2. Please note that the path to the .htpasswd file no longer contains the www directory and that the .htpasswd file should be in the webroot as well.
Create an .htaccess file in the webroot:
AuthUserFile /app/.htpasswd
AuthType Basic
AuthName "Restricted Access"
Require valid-user
Create a .htpasswd file, also in the webroot:
htpasswd -c .htpasswd [username]
Commit local changes. Deploy to Heroku.
https://gist.github.com/bbrewer97202/3316425

Related

.htaccess/.htpasswd not working on web host

I have my website setup on a web host. My .htaccess and .htpasswd files are not working. The alert pops up but it keeps asking for the username and password even though I input the correct credentials.
The directory of these files is:
/home8/afmaclub/public_html/Members/.htaccess
/home8/afmaclub/public_html/Members/.htpasswd
The code for the .htaccess and .htpasswd is below:
.htaccess
AuthName "Member\'s Area"
AuthUserFile /home/afmaclub/public_html/Members/.htpasswd
AuthGroupFile /dev/null
AuthType Basic
require valid-user
.htpasswd
Username:Encrypted Password

.htaccess password on root not working

i'm trying to apply a site password to the root directory of my site:
www.example.com
I have my .htpasswd file in the same directory as the .htaccess file (public_html) and my .htaccess file has the following code:
AuthType Basic
AuthName "This Area is Password Protected"
AuthUserFile /public_html/.htpasswd
Require valid-user
With this code it prompts for credentials however when I enter the correct credentials it takes me to a server error page. Where have I gone wrong here?

how to parameterize the path to the .htpasswd in the .htaccess file?

I have the following code in my .htaccess file
AuthUserFile ./.htpasswd
AuthGroupFile /dev/null
AuthName "Dev Area One"
AuthType Basic
<Limit GET>
require valid-user
</Limit>
This causes a 500 internal server error because Apache says it can't find the file /etc/apache2/.htpasswd. That's because the .htpasswd is in the directory /var/www/html/dev1.staging.com/public_html/.htpasswd and my .htaccess is in /var/www/html/dev1.staging.com/public_html/.htaccess.
Can I replace AuthUserFile ./.htpasswd with AuthUserFile SOMEVARIABLE+.htpasswd so that every time other team members do a git pull origin master to their dev servers, the .htaccess will properly reference the .htpasswd which should be in the same directory as the .htaccess?
This is purely for development purposes only. There are some servers (some of which are shared hosting) where we do not have file writing access to, so we don't know immediately what directory our web projects are served out of, so we don't know ahead of time the absolute directory path to the .htpasswd.
You can use shell environment variable in path to AuthUserFile by using PassEnv directive:
PassEnv HOME
AuthUserFile ${HOME}/.htpasswd
AuthGroupFile /dev/null
AuthName "Dev Area One"
AuthType Basic
<Limit GET>
require valid-user
</Limit>
Above snippet will work only if each user stores .htpasswd directly under $HOME directory.

Variable in Path to .htpasswd file in .htaccess

Would it be possible to have the {HTTP_HOST} variable in this path?
Because my htaccess is used for multiple domains and I want to use different passwords for each domain!
AuthUserFile /usr/test/{HTTP_HOST}/.htpasswd
AuthType Basic
AuthName "My Files"
Require valid-user
UPDATE:
I tested the above code and it gives a 500 Internal Server Error (off course the AuthUserFile points to a directory that DOES exist on my server)

htaccess file protecting but no pass prompt

Hi I have the following in a .htaccess file:
AuthType Basic
AuthName "restricted area"
AuthUserFile /web/clients/.htpasswd
require valid-user
this works in making the directory private, however I get a 403 error and no password/user pop up appears to even give me the chance? Any ideas as to what I am doing wrong, both htaccess and htpasswd are together in the directory I want to protect.
Thanks

Resources