Laravel 5.2 - Basic Auth using .htpasswd - .htaccess

I'm having trouble setting up a .htpasswd protected laravel project.
I tried adding the following to my .htaccess but it causes an internal server error (500) after I entered my credentials..
.htaccess content:
AuthUserFile .htpasswd
AuthType Basic
AuthName "Secured area"
Require valid-user
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
And this is the current routes.php. Just in case it's something I should change in the routes.php:
Route::get('/', 'HomeController#index');
Route::auth();
Route::get('/home', 'HomeController#index');
I couldn't find anything useful on Google which still works under laravel 5.2 so I really hope someone out there has an idea :)

As #Olaf mentioned. changing this:
AuthUserFile .htpasswd
..into this:
AuthUserFile /absolute/server/path/.htpasswd
..did the trick. Thank you verry much!

Related

Why I get 500 internal server error when using .htaccess

I am keep getting a 500 internal server error when accessing the folder.
It does come up with a dialog asking to enter username and password.
But once entered 500 internal server error
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /customers/7/f/d/reedyfordmobilevaletservice.co.uk//httpd.www/admin/.htpasswd
Require valid-user
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/$1 [L]
</IfModule>
You may change your rule to this:
RewriteEngine on
RewriteRule ^(?!public/)(.*)$ public/$1 [L,NC]
(?!public/) is negative lookahead to prevent looping.

.htaccess insert a string inside the URL

I have no experience whatsoever with .htaccess and I've been reading for awhile now but to no success. My site is using wordpress and I need to edit the .htaccess file to insert a string inside my url just like this.
mysite.com/?a=c&b=2 to this mysite.com/mobile?a=c&b=2
So if I enter the first URL it'll proceed to the next one. Also, since my site is using wordpress, I have no idea where to insert the codes.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
<FilesMatch "wp-login.php">
AuthName "WordPress Admin"
AuthType Basic
AuthUserFile /usr/www/users/ineedjkfup/./wp-admin/.htpasswd
require valid-user
</FilesMatch>
help me Gurus. Please. :D :D

.htaccess file completely ignored

I'm trying to setup HTTP authentication to protect my site. The site is hosted with Azure.
AuthType Basic
AuthName "Protected Area"
AuthUserFile D:\\home\\site\\wwwroot/.htpasswd
Require valid-user
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
This is being completely ignored. To test further I deleted my .htaccess altogether and my site still works fine. It is being completely ignored.
Please see the following link: Mod_rewrite in Azure
.htaccess is not read by Azure websites. You must create your rules in your web.config file
If you want to use an .htaccess file you would need to stand up a Linux VM with apache and go that route.
Hope this helps!

URL rewrite and htauth confliction with .htaccess

I have an htaccess file as follows:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule . - [L]
RewriteRule ^$ app/ [L]
RewriteRule (.+) app/$1 [L]
</IfModule>
Now, this is located in my web root, and I wanted to also password protect this and all sub-directories, so I added the following lines:
AuthName "phpMyAdmin Restricted Area."
AuthType Basic
AuthUserFile /usr/local/apache/.htpasswd
Require valid-user
This promted me and I was able to 'log in'. However, now my server is 500'ing on me, and I am not sure why. I can remove the auth lines, and this fixes the problem. Why is this happening, and what can I do?
conflictions with another .htaccess file in the root dir.

.htaccess is interfering with nested .htaccess/.htpasswd?

I'm using Simple Mailing List (http://www.notonebit.com/projects/mailing-list). It's good mailing list, but no admin area. So you have to use .htaccess/.htpasswd to protect the /mail/admin folder.
However, my site has WordPress installed in the website's root folder. WordPress creates .htaccess for custom permalinks. And for some reason, this interferes with the .htaccess of my /mail/admin/.
When I delete the WordPress .htaccess file, my password protection works properly on /mail/admin. However, when the WordPress .htaccess is present and I load /mail/admin in browser, I'm never asked for a password and I see a WordPress 404 page that says "page not found..."
Here are my files... WordPress .htaccess (located in root folder):
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
Mailing List .htaccess (located in /mail/admin):
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/myUsername/public_html/mySndSite/mail/admin/.htpasswd
require valid-user
Any idea as to what is causing the conflict, and how I can resolve it? Been working at it for hours. Your help is much appreciated.
Thank You
EDIT: found a solution!
Found a solution on a Joomla blog. I don't know how, but this works... LOL :)
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|#.*|\?.*|/[^.]*)$ [NC]
RewriteRule ^(.*) /index.php [L]
</IfModule>
You could try explicitly setting a conditional that the request URI not match the url for the mail script. That should prevent the rewrite from kicking in when you view the mail admin page.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !mail
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
I think there must be something else going on here that we can't see. That Wordpress .htaccess code already prevents rewriting URLs when what you are trying to access is a file or a directory that exists on the server, which should be true in this case.
Are there any other .htaccess files involved anywhere, or any plugins installed in Wordpress that involve rewrites? Also, does /mail/admin/ work when you remove your .htaccess file that requires a password?
You could try, say, creating blank text files inside the /mail/admin/ directory and in a completely new folder in the root directory, and see if you can access those without any problems - might narrow down where the problem is.

Resources