Currently I have .htaccess to require user auth in order to proceed.
I'm trying to find a solution to restrict users from navigating to other /directory/ than the one assigned to their username (haven't figured out how to do it, yet).
AuthType Basic
AuthName "Welcome!"
AuthUserFile /home/public_html/.htpasswd
Require valid-user
Order Deny,Allow
Deny from all
Allow from xxx.xxx.xxx.xxx
Satisfy Any
<FilesMatch "^.(htaccess|htpasswd)$">
Order Allow,Deny
Deny from all
</FilesMatch>
Any ideas?
Thank you!
you can simply do like : create a .htaccess file
AuthName "Username and password required"
AuthUserFile /home/path/.htpasswd
AuthType Basic
Require valid-user
Order Allow,Deny
Deny from all
Allow from X.X.X.X/16
Satisfy Any
if you have multiple file of .htpasswd then you can give multiple entry in .htaccess file like
AuthUserFile /home/will/.htpasswd
AuthUserFile /home/jone/.htpasswd
or
create .htaccess file and put in directory that you want to allow . if you want to allow multiple directory then copy that .htaccess file in all directory . if you want deferent user can access different directory then edit .htaccess file of that particular directory . i think it will work for you . for more info here
Related
I know that the question has been asked here : htaccess exclude multiple url from Basic Auth but in the answer I didn't find the solution my problem so I reask here.
I want to block access to the root of a project in with htpasswd except for api url (it's not an existing folder but an endpoint controlled by index.php).
So far here is what I use for the htaccess :
<Location />
AuthType Basic
AuthName "Auth Required"
AuthUserFile /home/user/.htpasswd
Require valid-user
SetEnvIf Request_URI "(api|oauth)$" allow
Order allow,deny
Allow from env=allow
Satisfy any
</Location>
=> the htpasswd works but it blocks /api/xxx too.
Can somebody help me to correct that ?
You can use it like this:
SetEnvIf Request_URI "/(api|oauth)(/.*)?$" allow
AuthType Basic
AuthName "Auth Required"
AuthUserFile /home/user/.htpasswd
Require valid-user
Satisfy any
Order deny,allow
Deny from all
Allow from env=allow
Also note that the <Location> directive is not allowed in .htaccess.
I have a huge emergency here after upgrading main site to drupal 8 all my scripts in subfolders became unusable. I have following structure:
public_html
--subfolder
--subsubfolder
.htaccess -- custom file
certificate.php
index.php
.htaccess -- main Drupal8 htaccess
the custom file looks like this:
AuthType Basic
AuthName "SWARL Certificates generator"
AuthUserFile "/home/user/passwd"
require valid-user
<Files "^certificate\.php">
Allow from all
Satisfy Any
</Files>
Everything was working with drupal6 but not with drupal 8 Security is good, but how to properly setup free access to certificate.php and password protect intex.php?
weird enough the following works:
RewriteEngine On
RewriteRule !certificate.php - [F]
<Files "certificate.php">
Order Allow,Deny
Allow from all
Satisfy Any
</Files>
AuthType Basic
AuthName "SWARL Certificates generator"
AuthUserFile "/home/user/passwd"
require valid-user
I just placed both solutions simultaneously and removed slash before dot
i want to know how to have access some files in special directory which is need to be authenticate with apache web server
this is my config file
<Directory /var/www/media>
Order deny,allow
AuthType Basic
AuthName "Restricted Files"
AuthUserFile htpasswd
Require user ABC
Options +Indexes
</Directory>
inside the media folder i have folder named temp and inside temp there are some pdf files
i want to access them without entering password
or access from url like this "www.example.com/media/temp/abc.pdf"
Inside /var/www/media/temp/.htaccess have these 2 lines:
Satisfy Any
Allow from all
This will disable Basic Auth for whole /var/www/media/temp/ directory and all files under it. However if you want to disable only for /var/www/media/temp/*.pdf files then you need more code using mod_setenvif as this:
SetEnvIfNoCase Request_URI \.pdf$ NO_AUTH
Satisfy any
Order deny,allow
Deny from all
Allow from env=NO_AUTH
Just define new rules for subfolder:
<Directory /var/www/media/temp>
Order allow,deny
Satisfy Any
Allow from all
</Directory>
I've seen numerous topics. with .htaccess excluding files or IP's but I just can't seem to fit it together.
I want to lock down our development server for the outside world. All (sub)domains on this server should be handled with one file.
All visitors (clients) have to login
Except inside our office
Allow 1 file for everybody. Because someone used it as the source of an email signature...
I can get 2 out of 3 to work but not a combination of all 3.
This .htaccess is located in /home/user/domains/.htaccess
Individual websites also have their own .htaccess in their webroot /home/user/domains/example.com/public_html/.htaccess these websites are mostly WordPress or Magento. And so are there .htacess files
Overview of the structure
/home/user/.htaccess #the file I've put the code.
/home/user/domains/wordpress.example.com/public_html/.htaccess
/home/user/domains/magento.example.com/public_html/.htaccess
/home/user/domains/example.com/public_html/.htaccess
/home/user/domains/anotherwp.example.com/public_html/.htaccess
The file I use
AuthName "You shall not pass"
AuthUserFile /home/user/domains/.htpasswd
AuthType Basic
Require valid-user
Order Deny,Allow
#doens't work for some reason
Allow from xxx.xxx.xxx.xxx #Office IP
#This execption is here because some smartass included this in an email signature
<Files "email_logo.jpg">
Allow from all
Satisfy any
</Files>
Who can help me out?
Here is how you can do all 3 requirements using mod_setnenvif:
SetEnvIf Remote_Addr ^192\.168\.0\. ALLOWED
SetEnvIfNoCase Request_URI "email_logo\.jpg" ALLOWED
AuthName "You shall not pass"
AuthUserFile /home/user/domains/.htpasswd
AuthType Basic
Require valid-user
Satisfy any
Order deny,allow
Deny from All
Allow from env=ALLOWED
I have password protected my entire website using .htaccess but I would like to expose one of the sub directories so that it can be viewed without a password.
How can I disable htaccess password protection for a sub directory? Specifically what is the .htaccess syntax.
Here is my .htaccess file that is placed in the root of my ftp.
AuthName "Site Administratrion"
AuthUserFile /dir/.htpasswd
AuthGroupFile /dev/null
AuthName secure
AuthType Basic
require user username1
order allow,deny
allow from all
You need to create a new .htaccess file in the required directory and include the Satisfy any directive in it like so, for up to Apache 2.3:
# allows any user to see this directory
Satisfy Any
The syntax changed in Apache 2.4, this has the same effect:
Require all granted
Adding to RageZ's answer, I used this in the Server Directives:
<Directory /var/www/protected/>
AuthType Basic
AuthName "Production"
AuthUserFile /path/to/.htpasswd
Require valid-user
</Directory>
<Directory /var/www/protected/unprotected>
Satisfy Any
</Directory>
Awesome. Thanks RageZ!
Simply create a new .htaccess in the desired subdirectory with this directive:
Allow from all
You can restrict to your IP only with :
Allow from x.x.x.x
See : http://httpd.apache.org/docs/current/mod/mod_access_compat.html
Here is a way to allow subdirectory "foo" through the basic authentication from the main .htaccess file on a site:
AuthType Basic
AuthName "Password Required"
AuthUserFile /dir/.htpasswd
Require expr %{REQUEST_URI} =~ m#^/foo/#
Require valid-user
Note: This works in Apache 2.4. I have not confirmed for earlier versions.
You need to add another .htaccess file to the subdirectory that overrides the authentication. .htaccess cascades upwards, i.e. it will look in the current folder, then go up a level and so on.
If you want to prevent any specific directoty from htaccess authentication then you can use following code in your htaccess file at top.
AuthType Basic
AuthName "Enter Pass"
AuthUserFile /home/public_html/.htpasswd /*PATH TO YOUR .htpasswd FILE*/
Require valid-user
SetEnvIf Request_URI "(/DIRECTORY_NAME/)$" allow
Order allow,deny
Allow from env=allow
Also If you want to prevent multiple directories then
add
SetEnvIf Request_URI "(/DIRECTORY_NAME/)$" allow
as many time as many directories, you want to remove from htaccess prevention.