I mashed together the following .htaccess from the Web to allow access to a site from any user in our three locations AND for those outside those locations, I want an ability to use a password for access.
The following gives me a 500 Internal Server Error (for security, I replaced any number with an 'x' just for this question)
Options +FollowSymLinks
RewriteEngine On
<Files *>
AuthUserFile /.htpasswd
AuthName "Enter password"
AuthType Basic
Order deny,allow
Deny from all
#Location 1
allow from xxx.x.xx
#Location 2
allow from xx.xxx
#Location 3
allow from xxx.xx
Require valid-user
Satisfy any
</Files>
Related
I have a sub-directory that I wan't to deny access using htaccess password protection with but allow all other files within this to be directly accessable, eg:
www.mydomain.com/images <- Password Protected
www.mydomain.com/images/index.html <- Password Protected
www.mydomain.com/images/img1.png <- Not Protected
Current .htaccess:
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/.htpassword
<Files "index.html">
Require valid-user
</Files>
This currently password protects /images/index.html and allows me to access /images/img1.png
But it does deny access to /images but doesn't bring up the box to allow me to enter my details it just loads with 401 Unauthorized, how do I resolve this?
You can have these directives in /images/.htaccess to get your job done:
SetEnvIfNoCase Request_URI "^/images/(index\.html)?$" PROTECTED
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/.htpassword
Require valid-user
Order allow,deny
allow from all
deny from env=PROTECTED
Satisfy any
Regex ^/images/(index\.php)?$ will set env var PROTECTED for /images/ and /images/index.html.
Make sure to test with only these directives in /images/.htaccess
I'm trying to create a .htaccess file for a folder. Users from certain IPs and logged in user (from certain groups) are supposed to be able to access all the files in the folder except for the .htaccess file (which should be unaccessible to everyone). I'm just stuck here. This is what I've got so far:
<FILES .htaccess>
order allow,deny
deny from all
</FILES>
Order allow,deny
Deny from all
# Location of users file
AuthUserFile /etc/httpd/conf/.htpasswd
# Location of usergroups file
AuthGroupFile /etc/httpd/conf/.htgroup
# Name of the prompt
AuthName "Enter password"
AuthType Basic
# Required usergroup to access content
Require group group1
# Allow access from IP 1 without login
Allow from xxx.yyy.zzz.www
# Allow access from IP 2 without login
Allow from jjj.kkk.lll.mmm
Satisfy any
Options +Indexes
Any help would be highly appreciated!
Here's (finally) the working solution:
<FilesMatch "^(?!\.htaccess).*$">
AuthType Basic
# Name of the prompt
AuthName "Enter user name andd password"
# Users file location
AuthUserFile /etc/httpd/conf/.htpasswd
# Usergroups file location
AuthGroupFile /etc/httpd/conf/.htgroup
# Required group for authentication
Require group group_name
Order deny,allow
Deny from all
# Allow access from this IP without login
Allow from aaa.bbb.ccc.ddd
Satisfy any
</FilesMatch>
I've seen numerous topics. with .htaccess excluding files or IP's but I just can't seem to fit it together.
I want to lock down our development server for the outside world. All (sub)domains on this server should be handled with one file.
All visitors (clients) have to login
Except inside our office
Allow 1 file for everybody. Because someone used it as the source of an email signature...
I can get 2 out of 3 to work but not a combination of all 3.
This .htaccess is located in /home/user/domains/.htaccess
Individual websites also have their own .htaccess in their webroot /home/user/domains/example.com/public_html/.htaccess these websites are mostly WordPress or Magento. And so are there .htacess files
Overview of the structure
/home/user/.htaccess #the file I've put the code.
/home/user/domains/wordpress.example.com/public_html/.htaccess
/home/user/domains/magento.example.com/public_html/.htaccess
/home/user/domains/example.com/public_html/.htaccess
/home/user/domains/anotherwp.example.com/public_html/.htaccess
The file I use
AuthName "You shall not pass"
AuthUserFile /home/user/domains/.htpasswd
AuthType Basic
Require valid-user
Order Deny,Allow
#doens't work for some reason
Allow from xxx.xxx.xxx.xxx #Office IP
#This execption is here because some smartass included this in an email signature
<Files "email_logo.jpg">
Allow from all
Satisfy any
</Files>
Who can help me out?
Here is how you can do all 3 requirements using mod_setnenvif:
SetEnvIf Remote_Addr ^192\.168\.0\. ALLOWED
SetEnvIfNoCase Request_URI "email_logo\.jpg" ALLOWED
AuthName "You shall not pass"
AuthUserFile /home/user/domains/.htpasswd
AuthType Basic
Require valid-user
Satisfy any
Order deny,allow
Deny from All
Allow from env=ALLOWED
I want to do access-control for some files on an apache2-webserver (2.2.9(Debian)) depending on the the remote-ip and the a supplied username using a htaccess-file.
Rules:
All users from localhost have access to all files and should never be asked to authenticate themselves.
Users from a remote-host have to authenticate themselves via http-basic authentication. They also have access to all files apart from a single file, which should not be visible to them.
My htaccess-file posted below allows remote-users to login und forbids access to adm.php. Unfortunately the localhost user needs to enter a password. What do I need to change in order to let a local user access adm.php without a password dialog popping up?
AuthType Basic
Authname "Test-App"
AuthUserFile /etc/web_passwd
Require valid-user
Order Deny,Allow
Allow from 127.0.0.1
Deny from all
Satisfy Any
<Files adm.php>
Order Deny,Allow
Allow from 127.0.0.1
Deny from all
Satisfy all
</Files>
Enable mod_setenvif and then use the code below in your $DOCUMENT_ROOT/.htaccess:
<Files "adm.php">
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Satisfy all
</Files>
<FilesMatch "(?!^adm\.php)^.*$">
AuthType Basic
Authname "Test-App"
AuthUserFile /etc/web_passwd
Require valid-user
Order deny,allow
Deny from all
Allow from 127.0.0.1
Satisfy any
</FilesMatch>
I have the following code for authentication where if the url is is not index.html, display the authenticatio form
<files "(?!index.html)">
AuthUserFile C:/wamp/www/eyedream/trunk/www/.htpasswd
AuthName "Please login"
AuthType Basic
Require valid-user
</files>
How can I specify if the file is not index.html,display the authentication box?
You can't use the Auth directives inside a <Files> block, it's got to be inside a <Directory> or in an .htaccess file. You can set an environment variable and use Satisfy Any to bypass the authentication for certain requests though:
SetEnvIfNoCase Request_URI ^/index.html$ norequire_auth=true
SetEnvIfNoCase Request_URI ^/$ norequire_auth=true
# Auth stuff
AuthUserFile C:/wamp/www/eyedream/trunk/www/.htpasswd
AuthName "Please login"
AuthType Basic
# Setup a deny/allow
Order Deny,Allow
# Deny from everyone
Deny from all
# except if either of these are satisfied
Satisfy any
# 1. a valid authenticated user
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=norequire_auth