I have a passwordprotected directory with htaccess and htpasswd.
The htaccess looks like this
AuthUserFile /usr/local/you/safedir/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic
require user myusername
The htpasswd looks like this
myusername:password887
This password protected directory is named www.mydomainname.com/mystuff
Now, I want to access this page fram a iframe (with www.mydomain.com/mustuff/index.html as src) in index.php in my root, but I dont want to make the users fill in the username and password all the time, just keep them from entering the folder the src is in.
Is there a script that can fill out the username and password automatically without letting the "users" write the username and password all the time?
You can src the frame with the username and password in the link itself:
http://myusername:password887#www.mydomainname.com/mystuff
But this sort of defeats the purpose of password protecting the directory since anyone can look at the page source and know the username/password, and not all browsers support this type of URL.
You could make it so the referer is checked when attempting to access the /mystuff directory, and if it's from where the iframe is embedded, allow access without prompting for a password. But the referer can be spoofed very easily.
no, there is no possibility, because htpasswd is for this use case
Related
I would like to fake directory path with .htaccess, but I haven't got much experience with it, so I'm asking you, guys.
Let's say my URL is http://example.com/test and I got some scripts in that folder. I would like to hide the URL, so I wouldn't be able to access by it's real URL, but I could access it with e.g. http://example.com/test2.
I simply would like to hide and fake the directory.
To simply protect the page with a password you can add the following into your .htaccess on the page you want to protect:
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/.htpasswd <-- change this to your full path to .htpasswd
Require valid-user
Then create the .htpasswd file, and create user/password combinations. Like this:
test:dGRkPurkuWmW2
Directions can be found on this page:
http://www.htaccesstools.com/articles/password-protection/
Use a password generator like this one to generate an encrypted password:
http://www.htaccesstools.com/htpasswd-generator/
How to create a htpasswd file that allows the enter with blank username and password.
AuthType Basic
AuthName "User"
AuthUserFile "/home/passwd"
!require valid-user
Well, I personally would use a module that mitigates DOS attacks better than that solution. I've used them for DOS/Brute Force attacks at my previous jobs and they were very affective.
One such mod is mod_qos
However if you really want to present an authentication box to them without credentials you have to enable mod_authn_anon.
http://httpd.apache.org/docs/2.2/mod/mod_authn_anon.html
Then you can use the Anonymous_NoUserID directive to be able to provide an empty userid and/or password. Then they can just hit enter. You can get more info at the following link.
http://httpd.apache.org/docs/2.2/mod/mod_authn_anon.html#anonymous_nouserid
i am an Apache Illiterate person, and i need very simple password protection for a directory using a .htaccess file. very simple one.
i also wonder how tutorials simply tells me "put the .htpasswd file in the path.." i tried to create a .htpasswd file but failed to do that. if someone volunteers to help please keep in mind i use win server 2008 and please consider that my experience in Apache is almost zero.
Use this to generate your htpasswd file: http://www.htaccesstools.com/htpasswd-generator/
You should get a hash back from that and just place that in your htpasswd file. I very strongly suggest that you do not put your htpasswd file in your document root. It would make it accessible via apache.
Edit for clarification:
For example, your apache webserver serves this directory: C:\www\htdocs, and you want to protect this directory with username and password: C:\www\htdocs\secure. You create this .htaccess file and put it in your C:\www\htdocs\secure directory:
AuthType BASIC
# You can choose whatever name you want here
AuthName "Protected"
AuthUserFile C:\www\htpasswd
Require valid-user
You see the C:\www\htpasswd? You need to create that file. Go to that htpasswd-generator link above. Enter a username, enter a password, click on "Create .htpasswd file", the page will give you a text field with your username and a bunch of gibberish. Copy that whole thing and create the file C:\www\htpasswd and paste that into the file.
That's it.
Not sure how much simpler it can get.
I have password protected website with .htaccess. What I want to do now is to force users to login from the index.html page and not from any other which they can do now. ie. I have index.html (the main page) and I have two other pages 1.html and 2. html also protected with .htaccess password. Users can now type http://www.mypage.com/1.html and they will be asked for login data but I would like to force them (before they are asked for login details) to index.html to login. After they are loggedin they can use any link (ie.1.html or 2.html) as they want.
Can this be done by using .htaccess? I would need the whole code. Thank you!
With .htaccess you may protect the whole directory with password:
AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile /path/to/passwords/file/passwords
Require user myuser
you may create passwords file with the following command:
htpasswd -c /path/to/passwords/file/passwords myuser
You may complete description with good examples in Apache docs.
If you use apache to protect a directory you can't create a login form on your index.html for it. The login dialog is instead created by the browser.
You can however force people to first go to index.html, by checking the referrer header. If it exists and is different than domain.com/index.html you can redirect to index.html. You'll have to use mod_rewrite for this.
I have a private folder on my domain like
http://example.com/protected
and i stored lot of images and pdf file there
/protected/pad1.pdf
/protected/pad2.pdf
/protected/pad1.png
/protected/pad1.png
supose these are the files, how can i hide or protect access to there files with the help of .htaccess file.
allow only users those who knows the password.
is it possible ???
Check out Apache's page on Authentication, Authorization and Access Control -- one method would be using Basic or Digest authentication. That would look something like this:
AuthType Digest
AuthName "Private files"
AuthDigestFile /usr/local/apache/passwd/digest
Require user (usernames here)
Of course, you need to generate a password and/or digest file using htdigest or htpasswd as well, but that procedure is explained in the document I linked to.
Or for zero configuration and zero access:
Order Allow, Deny
Deny From All
=)