htaccess protection - dialog doesn´t appear - .htaccess

I have a problem with my htaccess protection. First lets have a look at the sourcecode. This is the htaccess. Note: I don´t have a htaccess in the parent folder, so there is no protection from a parent element.
AuthType Basic
AuthName "Login"
AuthUserFile /fullPath/protection/.htpasswd
AuthGroupFile /fullPath/protection/.htgroup
require user devju
<Limit GET>
require valid-user
</Limit>
Ok, so this is the htpasswd in the protection directory:
devju:anfxCAFkVCb9E
and this is the htgroup (but it is irrelevant to the example):
superadmin: devju
Ok the problem is that sometimes, and currently permanent, the auth-dialog doesn´t appear and the client will redirected to the ErrorDocument 401. So why is that so? Do I have a wrong configuration or something else? I didn´t changed anything in the settings.
Note: Currently I don´t have enough points to comment, so I can´t answer to questions :(

Try
AuthType Basic
AuthName "Login"
AuthUserFile /fullPath/protection/.htpasswd
require valid-user

Related

Multiple authentications in one website with htaccess

I have a secured website. The complete website is secured so, regardless of the page you ask, you have to enter the user/password.
I did this with this code in the htaccess
AuthUserFile /path/.htpass
AuthType Basic
AuthName "Website"
Require valid-user
Now, i want to add another authentification for a specific url. So i tried this :
SetEnvIf Request_URI ^/myurl require_auth=true
AuthUserFile /path/.htpmyrul
AuthName "Myurl"
AuthType Basic
Order Deny,Allow
Deny from all
Satisfy any
Require valid-user
Allow from env=!require_auth
It worked for myurl, but the problem is that this code "cancelled" the first code! So now, my website only ask for authentification when i visit myurl, but if i visit any other url, the website doesn't ask for authentification
Is it possible to have both authentifications work together ?
Thanks
Well you could do this.
In the main root of your htaccess file put this.
SetEnvIf Request_URI "/myurl" require_auth
AuthUserFile /path/to/.htpasswd
AuthName "Webiste"
AuthType Basic
Require valid-user
Order Deny,Allow
Deny from all
Allow from env=require_auth
Satisfy any
Then create a htaccess file inside myurl folder and put this example inside it.
AuthUserFile /path/to/other/.htpasswd
AuthName "myurl"
AuthType Basic
Require valid-user
Order Deny,Allow
Deny from all
Satisfy any
This should allow you to use another htpasswd for your sub folder.

Htaccess and htpasswd authentication fail

I have the following code to protect my application:
.htaccess:
AuthType Basic
AuthName "My Protected Area"
AuthUserFile .htpasswd
Require valid-user
.htpasswd:
username:$apr1$Am/5PMEt$JofEYwKBM8rhEnsoLndir/
The .htpasswd file is in the same directory as the .htaccess file.
It does ask me for authentication, but then gives me a 500 server error. I just used this tool, so I am wondering what I might be doing wrong?
Thanks!
Try changing the .htpasswd to use the full path starting from / and using this tool instead: http://www.askapache.com/online-tools/htpasswd-generator/
AuthType Basic
AuthName "My Protected Area"
AuthUserFile /var/www/public_html/full/path/to/.htpasswd
Require valid-user
Satisfy All
Otherwise it sounds like the error is being caused by some other issue. Likely 1 of 2:
The permissions on the .htaccess or .htpasswd file are bad
There is some other error like a rewrite or something in a .htaccess or php error
You need to cause this error to happen again, and then view your /var/log/httpd/error_log file (or named something similar) which will tell you the reason for the 500 error.

htaccess file protecting but no pass prompt

Hi I have the following in a .htaccess file:
AuthType Basic
AuthName "restricted area"
AuthUserFile /web/clients/.htpasswd
require valid-user
this works in making the directory private, however I get a 403 error and no password/user pop up appears to even give me the chance? Any ideas as to what I am doing wrong, both htaccess and htpasswd are together in the directory I want to protect.
Thanks

htaccess auth and deny together

I want to deny all request to the server except some ip's , but those ip's should show the auth dialog. What I have tried is
order deny,allow
deny from all
allow from xxx.xxx.xx.xxx
allow from xxx.xxx.xx.xxx
AuthUserFile /path/to/.htpasswd
AuthType Basic
AuthName "Login Required"
Require valid-user
It works fine , but after user login it showing Internal server error(500). Any idea ?
This usually happens when there's something wrong with the AuthUserFile parameter. You can put any random path in your AuthUserFile and apache will be willing to go along with the 401 require auth part just fine. But when it needs to verify the authorization given to it (in your case, via a BASIC mechanism) it needs to actually check the contents of the file, /path/to/.htpasswd. Make sure that you have the correct path to this file and that it contains actual htpasswd data, generated using the htpasswd command or something equivalent.
This is working fine ;-)
order deny,allow
deny from all
deny from all
allow from xx.xx.xx.xx
AuthUserFile /path/to/.htpasswd
AuthType Basic
AuthName "Login Required"
Require valid-user

How to remove .htaccess password protection from a subdirectory

I have password protected my entire website using .htaccess but I would like to expose one of the sub directories so that it can be viewed without a password.
How can I disable htaccess password protection for a sub directory? Specifically what is the .htaccess syntax.
Here is my .htaccess file that is placed in the root of my ftp.
AuthName "Site Administratrion"
AuthUserFile /dir/.htpasswd
AuthGroupFile /dev/null
AuthName secure
AuthType Basic
require user username1
order allow,deny
allow from all
You need to create a new .htaccess file in the required directory and include the Satisfy any directive in it like so, for up to Apache 2.3:
# allows any user to see this directory
Satisfy Any
The syntax changed in Apache 2.4, this has the same effect:
Require all granted
Adding to RageZ's answer, I used this in the Server Directives:
<Directory /var/www/protected/>
AuthType Basic
AuthName "Production"
AuthUserFile /path/to/.htpasswd
Require valid-user
</Directory>
<Directory /var/www/protected/unprotected>
Satisfy Any
</Directory>
Awesome. Thanks RageZ!
Simply create a new .htaccess in the desired subdirectory with this directive:
Allow from all
You can restrict to your IP only with :
Allow from x.x.x.x
See : http://httpd.apache.org/docs/current/mod/mod_access_compat.html
Here is a way to allow subdirectory "foo" through the basic authentication from the main .htaccess file on a site:
AuthType Basic
AuthName "Password Required"
AuthUserFile /dir/.htpasswd
Require expr %{REQUEST_URI} =~ m#^/foo/#
Require valid-user
Note: This works in Apache 2.4. I have not confirmed for earlier versions.
You need to add another .htaccess file to the subdirectory that overrides the authentication. .htaccess cascades upwards, i.e. it will look in the current folder, then go up a level and so on.
If you want to prevent any specific directoty from htaccess authentication then you can use following code in your htaccess file at top.
AuthType Basic
AuthName "Enter Pass"
AuthUserFile /home/public_html/.htpasswd /*PATH TO YOUR .htpasswd FILE*/
Require valid-user
SetEnvIf Request_URI "(/DIRECTORY_NAME/)$" allow
Order allow,deny
Allow from env=allow
Also If you want to prevent multiple directories then
add
SetEnvIf Request_URI "(/DIRECTORY_NAME/)$" allow
as many time as many directories, you want to remove from htaccess prevention.

Resources