I have a folder named "adminhide", wich is inside the folder "forum" and which should be password protected. In the folder "adminhide", I have more than 50 sub-folders and all those sub-folders should not be password protected.
The .htaccess file should be placed in the folder "adminhide", or in the folder "forum".
Example:
forum/adminhide: protected
forum/adminhide/js: unprotected
forum/adminhide/js/something: unprotected
forum/adminhide/images: unprotected
forum/adminhide/something: unprotected
Here is what I have now:
AuthType Basic
AuthName "admin"
AuthUserFile "/home/xgclanco/.htpasswds/public_html/xg-clan.pt/forum/adminhide/passwd"
require valid-user
You could do this by placing a .htaccess file in the subdirectories that you want to exclude with the "Allow from all" directive.
.htaccess works down from the current directory, so if you included .htaccess in a subdirectory containing:
Allow from all
You will get the desired result.
You could also achieve this by specifying just the individual files you would like to protect in the adminhide folder by doing this in your htaccess file:
AuthUserFile "/home/xgclanco/.htpasswds/public_html/xg-clan.pt/forum/adminhide/passwd"
AuthName "admin"
AuthType Basic
<Files "index.php">
require valid-user
</Files>
All subfolders below the one you put your .htaccess-file in are automaticly protected. I think there is no way to change that.
So you either have to change your folder structure or put the stuff you want to pretect somewhere else.
Related
And sorry if this question has already been answered. But I'm trying to add a folder to my Drupal 7 installation that can be accessed only via password. I have created the folder in my FTP (and named it folder), but unfortunately I can't access this folder. I'd like the folder to look like this (like in Wordpress)
But instead I get "Page isn't working".
Br. Five
Assuming you are running Apache, try adding a .htaccess file to that folder with the following content:
Options +Indexes
When you want to password protect the directory with .htaccess you'll also have to add this:
AuthType Basic
AuthName "My Protected Area"
AuthUserFile /path/to/.htpasswd
Require valid-user
So I've been trying to set up a more specific .htaccess file for a few hours now and I just don't understand what's going on.
Setup: several php files for operation, we can simplify it to 'index.php' and 'open.php' and 'upload.php'; then there are uploaded files, we don't know their names nor how many there will ever be.
What I want: There's two different users. Let's call them 'cUser' and 'oUser'. cUser is allowed to access any file. oUser is only allowed to access open.php and the uploaded files.
What I did: Here's my .htaccess file:
AuthType Basic
AuthName "Download"
AuthUserFile /[...]/.htusers
followed by
<FilesMatch "[^(open\.php)]$">
Require user cUser
</FilesMatch>
or
<FilesMatch "!(open\.php)">
Require user cUser
</FilesMatch>
and many other different attempts. I expected to require cUser for any file other than oUser with what I did and wanted to go from there, but I never got it to work. What am I doing wrong? As soon as I added a '!' whereever no file needed authentification anymore and with the [^] expression it went wild and some files where accessible while others weren't, by no pattern that I would recognize. So how do I do a 'NOT' in a FilesMatch?
The easiest way to do this is to add a new subdirectory for the uploaded files. This is the best way to handle uploaded files anyway, instead of loading them in the same directory as the php files. Now there's a htaccess file in the main directory:
AuthType Basic
AuthName "Download"
AuthUserFile /[...]/.htusers
Require user cUser
<FilesMatch "open.php">
Require user cUser oUser
</FilesMatch>
and a second htaccess file in the directory for the uploads:
AuthType Basic
AuthName "Download"
AuthUserFile /[...]/.htusers
Require user cUser oUser
In my CakePHP app, I have a directory of files which I want to allow direct access to with a username/password. For reasons that are overly complicated, placing the directory inside the /webroot folder is not an option. My folder is located here:
/app/parent_folder/folder_full_of_files
So I want to be able to access files directly like this:
http://mysite.com/app/parent_folder/folder_full_of_files/some_file.pdf
I think I need to modify the .htaccess file in the root, and also add another .htaccess file and .htpasswd file in the folder_full_of_files
I have already found this post which asks a similar question... but I can't translate it to my application.
How do I need to modify the root .htaccess file?
What should be in the new .htaccess file. Here's what I've tried, but just results in 500 error...
AuthType Basic
AuthName "restricted area"
AuthUserFile /bla/bla/mysite/app/parent_folder/folder_full_of_files/.htpasswd
require valid-user
What is the correct way to encrypt the password in the .htaccess file?
I got this to work. I had to do a couple things...
I added this to the .htaccess file in root:
RewriteCond %{REQUEST_URI} !^/app/parent_folder/folder_full_of_files
As #Jon pointed out, my original version above had a mistake ([L]).
I also have an .htaccess file in my /app directory. This might be a quirk about my installation because it is not 100% standard. I can't remember if it's there by default, so I'm mentioning it just in case. IF you don't have one in /app skip this step.
I added this to an .htaccess file in the /folder_full_of_files:
AuthType Basic
AuthName "restricted area"
AuthUserFile /bla/bla/mysite/.htpasswd
require valid-user
Make sure the path after AuthUserFile is a fully-qualified path to the .htpasswd file (see next step).
Create the actual .htpasswd file. It's not supposed to be under the document root, but mine is. I think the most important thing is that it's not inside /webroot. I used this command from the terminal and it created the file:
htpasswd -c /path/where/it/should/go/.htpasswd whatever_username
It asks for a plain text password which gets encrypted and written into the file.
That's it. One annoying "gotcha" is that the path in the .htaccess to the auth file must be absolute, which means it will probably have to be edited when moving between local testing and production (unless the two environments are exactly the same). It would be less clunky if relative paths were allowed.
You don't need to modify the htaccess file in your document root at all
Make sure you have AllowOverride AuthConfig or AllowOverride All configured for your /app/parent_folder/folder_full_of_files/ directory. Make sure that the directory also has a properly generated htpasswd file (named .htpasswd). You need to use the htpasswd program to generate it, or any number of online generators.
I have an htaccess to prevent access to a folder.
Howerver, I would like to one subfolder is allowed to be accessed.
Here is my htaccess file. How can I modifiy it to
AuthName "Private Zone"
AuthType Basic
AuthUserFile /vdir/www.web.net/var/www/vhosts/www.web.net/web/folder/.htpasswd
require valid-user
Here is the folder that I want to be not protected
/vdir/www.web.net/var/www/vhosts/www.web.net/web/folder/go/upload/
How can I do this?
Try to create a .htaccess file under ../go/upload/ with the following content:
AuthType None
Require all granted
I have created a .htaccess and .htpasswd files, and stored them in the folder I want to protect and when I navigated to that folder, I was asked for the username and passowrd (stored in the .htpasswd file) after entering the username and password, I got a 500 Internal server error. I have used the files on both localhost (windows) and on a web server (linux I guess) both gave the same result mentioned.
this is my .htaccess file:
<Files ~ "^\.(htaccess|htpasswd)$">
deny from all
</Files>
AuthUserFile /.htpasswd
AuthGroupFile /dev/null
AuthName "Please enter your ID and password"
AuthType Basic
require valid-user
order deny,allow
I doubt that your .htpasswd file is really located at the very root of the server's filesystem along with /bin, /usr, /home, and others (rather than inside the part of the filesystem served to web browsers).
According to Apache documentation (1, 2), AuthUserFile expects a file path (as if you were in ServerRoot, usually /usr/apache or similar, and trying to locate the file from the Unix shell). It cannot be a URL, either absolute or relative. Correct your .htpasswd file path accordingly.
Note that if possible, you shouldn't put the .htpasswd file inside a public_html or htdocs folder, because any configuration error could not only allow unauthorized access to the files you want to protect but also the authorized usernames and hashed passwords.
Use an absolute hosting path, eg:
/home/content/14/5267714/html/.htpasswd