I am trying to protect an index.php page of a subfolder with .htaccess.
The protection works as expected when I navigate to example.com/subfolder/index.php. However, when I just go to example.com/subfolder I get a 401 error.
Here is the relevant .htacess code:
AuthUserFile /home/myfolder/subfolder/.htpasswd
AuthName "Please enter your password"
AuthType Basic
<files index.php>
require valid-user
</files>
What do I need to do differently?
You should put a new .htaccess file in the subfolder directory with just the following in it:
AuthUserFile /home/myfolder/subfolder/.htpasswd
AuthName "Please enter your password"
AuthType Basic
require valid-user
That will password protect the entire directory
Related
I have created a simple CSM website using core PHP. I have placed my fronted code in root directory i.e. public_html and admin code inside admin directory i.e. public_html/admin.
I want to password protect my admin part with htpassword. Below is my code for admin/.htaccess file.
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/public_html/admin/.htpasswd
ErrorDocument 401 /admin
Require valid-user
I have also added redirect from http to https in root .htaccess file as below
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
htpassword for admin only working if I will remove above code from root .htaccess file.
Anything wrong is there?
Create .htpasswd file in your admin folder.
And then create username and password by using this link : Click Here
Paste the below code in your .htaccess file.
AuthType Basic
AuthName "Restricted Area"
AuthUserFile COMPLETE_PATH_TO_ADMIN_FOLDER/.htpasswd #complete path to .htpasswd file.
require valid-user
I hope it will help you.
Please make sure that both of your file should be readable to the Web Server i.e .htpasswd and .htaccess use chmod 644 for the trick to work.
Try using my code in your .htaccess file
AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName "My Secret Folder"
Require valid-user
I hope it works :D
Im trying to password protect index.php (or html) file only but can't manage. Subfolders need to be accessed without password...
Something like...
<Files "/var/www/clientarea/index.php">
AuthUserFile /var/www/clientarea/.htpasswd
AuthName "Salasanasuojattu sivusto"
AuthType Basic
require valid-user
</Files>
Try this code:
SetEnvIfNoCase Request_URI "^/index\.(php|html?)" SECURED
AuthUserFile /var/www/clientarea/.htpasswd
AuthName "Salasanasuojattu sivusto"
AuthType Basic
require valid-user
Satisfy any
Order allow,deny
Allow from all
Deny from env=SECURED
I need a password protection for a single site. This is a seo friendly url:
The default path is:
http://www.website-url.com/index.php?id_cms=xx&controller=cms
and here is the seo url:
http://www.website-url.com/content/xx-login
I have already the .htaccess and .htpasswd, but how to specify rewriting in .htaccess only for this url? I tried this:
<filesMatch "http://www.website-url.com/content/xx-login">
IndexIgnore .htaccess .htpasswd
AuthUserFile /absolut_path/.htpasswd
AuthName "Login"
AuthType Basic
require valid-user
</filesMatch>
I'm using Prestashop.
FilesMatch doesn't work that way, you could try using SetEnvIf to bypass the Auth unless the URI is something specific (which is what I gather you are trying to do):
IndexIgnore .htaccess .htpasswd
SetEnvIfNoCase Request_URI "^/content/xx-login" SECURED
# enforce auth if SECURED
AuthType Basic
AuthName "Login"
AuthUserFile /absolut_path/.htpasswd
Require valid-user
Order allow,deny
Allow from env=!SECURED
Satisfy any
I want to change Webpage URL http://www.xyz.com/in/index.php?mpid=page1 to http://www.xyz.com/in/page1 using .htaccess.
And also want to protect my folders with username and password.
AuthType Basic
AuthName "Protected Area"
#path to htpaswd
AuthUserFile /path/to/.htpasswd
Require valid-user
RewriteEngine on
RewriteCond %{REQUEST_URI} !^in
RewriteRule /in/(.+) in/index.php?mpid=$1
How do I write a RewriteRule for htaccess to block access to php/html (unless authenticated) and allow access to all other extensions?
You should be able to put a standard .htpassword auth inside a filesmatch attribute...
So...
<FilesMatch "\.(html|php)$">
AuthName "Private zone"
AuthType Basic
AuthUserFile .htpasswd
require valid-user
</FilesMatch>
That should cause any request to .html or .php to ask for a password, you must generate a valid .htpasswd file...