htaccess different user permissions for different users - .htaccess

I can't seem to find the proper way to write my .htaccess file. I initially had the file set up to allow access to a directory of files and that worked fine:
AuthUserFile /var/www/html/technical/mep/.htpasswd
AuthGroupFile /dev/null
AuthName "Password Protected Area"
AuthType Basic
Require valid-user
Now what I need to do is add an additional htpasswd file (something like .htpasswd2) and allow those additional user to only be able to access a single file in that directory. How do I edit my current .htaccess file to make this happen?

You can simply use the <FilesMatch> container:
<FilesMatch protected.html>
AuthUserFile /var/www/html/technical/mep/.htpasswd2
AuthGroupFile /dev/null
AuthName "Password Protected Area 2"
AuthType Basic
Require valid-user
</FilesMatch>
And the file "protected.html" would use the .htpasswd2 file.

Related

how to parameterize the path to the .htpasswd in the .htaccess file?

I have the following code in my .htaccess file
AuthUserFile ./.htpasswd
AuthGroupFile /dev/null
AuthName "Dev Area One"
AuthType Basic
<Limit GET>
require valid-user
</Limit>
This causes a 500 internal server error because Apache says it can't find the file /etc/apache2/.htpasswd. That's because the .htpasswd is in the directory /var/www/html/dev1.staging.com/public_html/.htpasswd and my .htaccess is in /var/www/html/dev1.staging.com/public_html/.htaccess.
Can I replace AuthUserFile ./.htpasswd with AuthUserFile SOMEVARIABLE+.htpasswd so that every time other team members do a git pull origin master to their dev servers, the .htaccess will properly reference the .htpasswd which should be in the same directory as the .htaccess?
This is purely for development purposes only. There are some servers (some of which are shared hosting) where we do not have file writing access to, so we don't know immediately what directory our web projects are served out of, so we don't know ahead of time the absolute directory path to the .htpasswd.
You can use shell environment variable in path to AuthUserFile by using PassEnv directive:
PassEnv HOME
AuthUserFile ${HOME}/.htpasswd
AuthGroupFile /dev/null
AuthName "Dev Area One"
AuthType Basic
<Limit GET>
require valid-user
</Limit>
Above snippet will work only if each user stores .htpasswd directly under $HOME directory.

.htaces and .htpasswd give error?

Well, I'm trying to secure my xampp with .htaccess and .htpasswd and I don't see a mistake, so do many other developers that I know...
My .htaccess:
AuthName "Protected Area"
AuthType Basic
AuthUserFile C:/xampp/secret/hidden/place/.htpasswd
require valid-user
php_flag register_globals on
My .htpasswd:
wscript:$apr1$Y107OG1n$Ui6D997SqhERXXyV9VBU51
The error is error 500
Anyone?
You should consult your error logfile usually located at: /var/log/apache2/error.log. Without knowing the exact error there's really only speculation as to what might be the issue.
AuthName "Protected Area"
AuthType Basic
AuthUserFile C:/xampp/apache/var/www/site/.htpasswd
Require valid-user
require valid-user should be capital "R"
AuthUserFile is usually located one directory above the web root.
The permissions on the .htaccess and .htpasswd need to be set so that Apache can read them: chmod 0644 .htaccess chmod 0644 .htpasswd
( further reading )

How to allows access to a folder with htaccess

I have an htaccess to prevent access to a folder.
Howerver, I would like to one subfolder is allowed to be accessed.
Here is my htaccess file. How can I modifiy it to
AuthName "Private Zone"
AuthType Basic
AuthUserFile /vdir/www.web.net/var/www/vhosts/www.web.net/web/folder/.htpasswd
require valid-user
Here is the folder that I want to be not protected
/vdir/www.web.net/var/www/vhosts/www.web.net/web/folder/go/upload/
How can I do this?
Try to create a .htaccess file under ../go/upload/ with the following content:
AuthType None
Require all granted

Htaccess and htpasswd authentication fail

I have the following code to protect my application:
.htaccess:
AuthType Basic
AuthName "My Protected Area"
AuthUserFile .htpasswd
Require valid-user
.htpasswd:
username:$apr1$Am/5PMEt$JofEYwKBM8rhEnsoLndir/
The .htpasswd file is in the same directory as the .htaccess file.
It does ask me for authentication, but then gives me a 500 server error. I just used this tool, so I am wondering what I might be doing wrong?
Thanks!
Try changing the .htpasswd to use the full path starting from / and using this tool instead: http://www.askapache.com/online-tools/htpasswd-generator/
AuthType Basic
AuthName "My Protected Area"
AuthUserFile /var/www/public_html/full/path/to/.htpasswd
Require valid-user
Satisfy All
Otherwise it sounds like the error is being caused by some other issue. Likely 1 of 2:
The permissions on the .htaccess or .htpasswd file are bad
There is some other error like a rewrite or something in a .htaccess or php error
You need to cause this error to happen again, and then view your /var/log/httpd/error_log file (or named something similar) which will tell you the reason for the 500 error.

htaccess file protecting but no pass prompt

Hi I have the following in a .htaccess file:
AuthType Basic
AuthName "restricted area"
AuthUserFile /web/clients/.htpasswd
require valid-user
this works in making the directory private, however I get a 403 error and no password/user pop up appears to even give me the chance? Any ideas as to what I am doing wrong, both htaccess and htpasswd are together in the directory I want to protect.
Thanks

Resources