Should I use the same folder for .htaccess and .htpasswd? - .htaccess

When I choose the same directory for .htaccess and .htpasswd, everything working fine.
But the situation below makes me sad.
I have one .htacces file in the root folder (johan) containing the code below.
AuthName "johan User"
AuthType Basic
AuthUserFile C:/wamp/www/johan/protectthisdir/.htpasswd
Require valid-user
.htpasswd is located at protectthisdir.
When I try to access the johan suddenly getting authentication required message box. But I need it only at protectthisdir. How to do this? Please help.

You should put the .htaccess file in the folder you want to protect, and not the root folder in your case.
The .htpasswd file should not be accessible from a browser so putting it above the DocumentRoot folder is a good idea. So in C:\wamp in your case.
PS:
It would be better to create a Virtual Host for your site to run in, in a completely different folder structure from the default wamp folders See this post for help on that

Related

.htaccess error requesting your username and password. The site says: “Protected Directory”

I can't enter my web site www.nationtech.net.
When I am trying to enter my site URL on the browser, they show
http://www.nationtech.net is requesting your username and password. The site says: “Protected Directory”.
here is my .htaccess file code
AuthType Basic
AuthName "Protected Directory"
AuthUserFile "/home/wppasswd"
require valid-user
I am trying to change .htaccess code but they are not save.
What can i do?
If you do not want password protection for your website, just delete this .htaccess file
Just had a webpage hacked and thats exactly what happend. You need to take a couple of steps. I wiped out the account from my server, but server did not allowed me to erase .htaccess file on account folder, and I was even logged in as root. So steps:
Use commands
chattr -i .htaccess
chmod 777 .htaccess
Then you can delete that .htaccess file. It seems that a hacker got into your server, change the attributes so not even a root user can even touch, modify, change attributes at all. Once you remove .htaccess then you can remove the folder containing the file by repeating same procedure.

Htaccess directory password Drupal

And sorry if this question has already been answered. But I'm trying to add a folder to my Drupal 7 installation that can be accessed only via password. I have created the folder in my FTP (and named it folder), but unfortunately I can't access this folder. I'd like the folder to look like this (like in Wordpress)
But instead I get "Page isn't working".
Br. Five
Assuming you are running Apache, try adding a .htaccess file to that folder with the following content:
Options +Indexes
When you want to password protect the directory with .htaccess you'll also have to add this:
AuthType Basic
AuthName "My Protected Area"
AuthUserFile /path/to/.htpasswd
Require valid-user

CakePHP: How to allow password access to one directory with .htaccess

In my CakePHP app, I have a directory of files which I want to allow direct access to with a username/password. For reasons that are overly complicated, placing the directory inside the /webroot folder is not an option. My folder is located here:
/app/parent_folder/folder_full_of_files
So I want to be able to access files directly like this:
http://mysite.com/app/parent_folder/folder_full_of_files/some_file.pdf
I think I need to modify the .htaccess file in the root, and also add another .htaccess file and .htpasswd file in the folder_full_of_files
I have already found this post which asks a similar question... but I can't translate it to my application.
How do I need to modify the root .htaccess file?
What should be in the new .htaccess file. Here's what I've tried, but just results in 500 error...
AuthType Basic
AuthName "restricted area"
AuthUserFile /bla/bla/mysite/app/parent_folder/folder_full_of_files/.htpasswd
require valid-user
What is the correct way to encrypt the password in the .htaccess file?
I got this to work. I had to do a couple things...
I added this to the .htaccess file in root:
RewriteCond %{REQUEST_URI} !^/app/parent_folder/folder_full_of_files
As #Jon pointed out, my original version above had a mistake ([L]).
I also have an .htaccess file in my /app directory. This might be a quirk about my installation because it is not 100% standard. I can't remember if it's there by default, so I'm mentioning it just in case. IF you don't have one in /app skip this step.
I added this to an .htaccess file in the /folder_full_of_files:
AuthType Basic
AuthName "restricted area"
AuthUserFile /bla/bla/mysite/.htpasswd
require valid-user
Make sure the path after AuthUserFile is a fully-qualified path to the .htpasswd file (see next step).
Create the actual .htpasswd file. It's not supposed to be under the document root, but mine is. I think the most important thing is that it's not inside /webroot. I used this command from the terminal and it created the file:
htpasswd -c /path/where/it/should/go/.htpasswd whatever_username
It asks for a plain text password which gets encrypted and written into the file.
That's it. One annoying "gotcha" is that the path in the .htaccess to the auth file must be absolute, which means it will probably have to be edited when moving between local testing and production (unless the two environments are exactly the same). It would be less clunky if relative paths were allowed.
You don't need to modify the htaccess file in your document root at all
Make sure you have AllowOverride AuthConfig or AllowOverride All configured for your /app/parent_folder/folder_full_of_files/ directory. Make sure that the directory also has a properly generated htpasswd file (named .htpasswd). You need to use the htpasswd program to generate it, or any number of online generators.

Password protection via .htaccess working in subdirectory but not in subdomain

I have a main site and a subdomain test site.
On the main site I have a folder previously used for testing...
/httpdocs/test/
Within that I have a htaccess file
AuthUserFile /var/www/vhosts/myurl.com/private/.htpasswd
AuthType Basic
AuthName "Login"
Require valid-user
And an associated .htpasswd in the location specified. This works perfectly.
However, using exactly the same .htaccess for my new subdomain does not work
i.e. putting the .htaccess file at
/subdomains/tests/httpdocs/
or any subdirectory.
Any suggestions why this might be? I get the login screen but it won't accept any correct username/password.
Thanks,
Nick

.htpasswd and .htaccess - internal server error

I want to password protect my website, but as soon as I add in the .htpasswd and .htaccess files I get a server error:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Here is the code I'm using:
.htaccess
AuthType Basic
AuthName "Top Secret for SongKick eyes only."
AuthUserFile /webroot/.htpasswd
require valid-user
.htpasswd
songkick:isS1rCTQE/p8E
I've also tried AuthUserFile /.htpasswd (ie. without "webroot", which is the name of the folder it appears to be in File Manager) but this doesn't work either.
I'm using GoDaddy hosting by the way, if that makes a difference.
According to AuthUserFile, you must supply the complete path to your password file, not the relative path from DocumentRoot, if it is absolute (i.e. starting with a slash).
The AuthUserFile directive sets the name of a textual file containing the list of users and passwords for user authentication. File-path is the path to the user file. If it is not absolute, it is treated as relative to the ServerRoot.
Note that ServerRoot is not DocumentRoot.
If DocumentRoot is /var/www and the password file is /var/www/webroot/.htpasswd, you must say
AuthUserFile /var/www/webroot/.htpasswd
in your .htaccess file.
You can find out about the absolute path with a small PHP script, e.g.
<?php
echo "Absolute path: ", getcwd();
Put this in the directory, where you want to locate the .htpasswd file, and call it with http://www.example.com/path/to/test.php
Don't forget to remove the script, when you're done.
Said that, you shouldn't put your password file anywhere accessible in your DocumentRoot. Better put it in some place not accessible from the web, i.e. /etc/apache2/htpasswd or wherever it suits you.
Two things come to mind.
Is .htpasswd readable by the web server user?
Do you know if Apache is set with AllowOverride all to allow .htaccess to operate as intended?
All of the standard answers (full path, correct format, etc) weren't working for me. After a lot of tracking down I found that the permissions on the parent folder were insufficient, so even though the path in .htaccess was correct and the permissions on the file were rw-r-r, still no go because the parent was rwx-rw--. That can be tough to track down on a host that limits access to up stream folders.
Major reason of this error is the "AuthUserFile" path. I was having this same issue and i solved it by going in cpanel. By protecting your folder in cPanel, it automatically detects the htpasswd file.
Go to cPanel->Password Protect Directories->Define directory and then create a user. Hope this help you.
The APache has a bug it is reported here:
https://bz.apache.org/bugzilla/show_bug.cgi?id=54735
You have to set password like this:
htpasswd -nb username newpassw > <path-to>/htpasswd
Simillar problem here:
Apache 2.4 "..authentication failure..:Password Mismatch"

Resources