I have a directory memories and there is a subdirectory in it /memories/application/controllers/admin.
I want to protect admin directory using .htaccess and .htpasswd.
This is my .htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
AuthUserFile /var/www/memories/application/controllers/admin/.htpasswd
AuthType Basic
AuthName "memories with mom"
Require admin
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
</IfModule>
<IfModule !mod_rewrite.c>
ErrorDocument 404 /index.php
</IfModule>
# Various security things
ServerSignature off
php_value expose_php Off
php_value session.cookie_httponly On
Options -Indexes
ErrorDocument 403 /404.php
But it is protecting the whole parent directory, whereas I only want the subdirectory admin to be protected. My .htpasswd is also in admin folder.
If you only want the subdirectory admin protected by the .htpasswd file then only put the auth specific htaccess code in that subdirectory and not the .htaccess for the whole site.
/var/www/memories/application/controllers/admin/.htaccess should only be
AuthUserFile /var/www/memories/application/controllers/admin/.htpasswd
AuthType Basic
AuthName "memories with mom"
Require admin
and remove the above code from your main .htaccess
Related
I'm having trouble setting up a .htpasswd protected laravel project.
I tried adding the following to my .htaccess but it causes an internal server error (500) after I entered my credentials..
.htaccess content:
AuthUserFile .htpasswd
AuthType Basic
AuthName "Secured area"
Require valid-user
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
And this is the current routes.php. Just in case it's something I should change in the routes.php:
Route::get('/', 'HomeController#index');
Route::auth();
Route::get('/home', 'HomeController#index');
I couldn't find anything useful on Google which still works under laravel 5.2 so I really hope someone out there has an idea :)
As #Olaf mentioned. changing this:
AuthUserFile .htpasswd
..into this:
AuthUserFile /absolute/server/path/.htpasswd
..did the trick. Thank you verry much!
I am developing an application that's hosted on an apache server with PHP 5.
There is a website already running on the domain: www.domain.com. My application is on a folder called 'hotsite', and it can be accessed by the url www.domain.com/hotsite/.
The root folder contains a .htaccess containing:
/.htaccess:
XBitHack Off
RewriteEngine On
RewriteCond %{REQUEST_URI} \/([0-9a-z]{6})$ [NC]
RewriteRule ^(.*) http://www.domain.com/url/forward.php?%1 [L]
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName www.domain.com
AuthUserFile /home/intera/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/intera/public_html/_vti_pvt/service.grp
RedirectMatch permanent ^/webmail$ http://http://mail.google.com/hosted/domain.com www.domain.com/hotsite/
In this 'hotsite' folder, there's a .htaccess file containing the following code:
/hotsite/.htaccess:
RewriteEngine on
RewriteBase /
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteRule ^(.*)$ /folder/index.php
Now, when I access www.domain.com/hotsite/, my application loads fine. but when I try and access www.domain.com/hotsite/section/, it appears to ignore the .htaccess file and tries to access "section" as if it was a folder, returning a 404 error.
Any ideias why this is happening and what should I do to make it work?
Thanks =)
If the htaccess is inside the hotsite folder, then RewriteBase / needs to be RewriteBase /hotsite
Just in case; Note that the rewriterule, rewrites to /folder/index.php, and not /hotsite/folder/index.php
Despite a good deal of searching here I haven't been able to find the solution to this problem.
I have an .htaccess file that is protecting a Wordpress site that I am developing. I would like to protect the entire site except for the directory /images/, but I can't work out how to do this. At the moment my .htaccess file, in the root of the site, looks like this:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# basic password protection
<IfModule mod_authn_file.c>
AuthUserFile /home/*****/.htpasswd
AuthName "Username and password required"
AuthType Basic
<Limit GET POST>
Require valid-user
</Limit>
</IfModule>
Could someone help me to amend this to allow open access to the /images/ directory?
Thanks,
Nick
You can create a new .htaccess-file in the /images/-directory:
Order Deny,Allow
Allow from all
Satisfy any
This should remove the password protection for this folder.
I'm trying to password protect a directory except from requests that come from localhost.
My .htaccess looks like this:
AuthName "Login"
AuthType Basic
AuthUserFile /PATH/.htpasswd
Require valid-user
Allow from 127.0.0.1
Allow from ::1
Satisfy Any
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
ErrorDocument 404 /index.php
If I remove Allow and Satisfy statements the directory gets correctly protected. When I add the Allow (one or both) and Satisfy Any it generates a 500 error. The log says:
/PATH/.htaccess: allow not allowed here
Any clues?
If you you have access to server conf files, check for: AllowOverride See for what directives are allowed.
AllowOverride All
will allow all directives.
For more visit: AllowOverride Directive Apache Docs
I have an htaccess file as follows:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule . - [L]
RewriteRule ^$ app/ [L]
RewriteRule (.+) app/$1 [L]
</IfModule>
Now, this is located in my web root, and I wanted to also password protect this and all sub-directories, so I added the following lines:
AuthName "phpMyAdmin Restricted Area."
AuthType Basic
AuthUserFile /usr/local/apache/.htpasswd
Require valid-user
This promted me and I was able to 'log in'. However, now my server is 500'ing on me, and I am not sure why. I can remove the auth lines, and this fixes the problem. Why is this happening, and what can I do?
conflictions with another .htaccess file in the root dir.