I+m trying make a folder on my server protected by .htaccess & .htpasswd. When I try to enter the folder in question I'm asked for a password like I want. But then when the page is loaded I get a 500 error, which also happens on all pages on my site now. With ErrorDocument 500 it says:
This webpage has a redirect loop
The webpage at http://example.com/test/folder/ has resulted in too many redirects.
...
This is what my .htaccess file looks like:
ErrorDocument 500 http://81.18.24.170/test/appload/
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /test/folder/admin/.htpasswd
require valid-user
Can anyone see a problem or something that I've missed to make it work?
EDIT: I had the rewrite rule to prevent the 301 error I get for to many redirects. (Found in another solution but it didn't help.) So I just want to get rid of the 500 error.
When you are putting the file path for the AuthUserFile, make sure you use the FULL filepath from your root directory, for example:
AuthUserFile /var/www/html/test/folder/admin/.htpasswd
A similar issue was discussed in this thread:
htaccess / htpasswd in subdir
Related
I tried to implement this code into my .htaccess on wordpress.
Everything works fine but when you get access, it throws an 500 Error and redirects me to my hosting park website. It seems that it doesn't load the content. Not sure if the problem is that the path I'm providing doesn't contain the actual content.
SetEnvIf Request_URI ^/quetecalles require_auth=true
AuthUserFile /kaycho.com/wp-admin/.htpasswrd
AuthName "Password Protected"
AuthType Basic
Order Deny,Allow
Deny from all
Satisfy any
Require valid-user
Allow from env=!require_auth
The snippet is based on this article
Error 500 protecting a single url with .htpasswd
AuthUserFile /kaycho.com/wp-admin/.htpasswrd
The file-path to your password file looks incorrect. This needs to be an absolute filesystem-path, not a root relative URL-path (which is what this looks like). If the path is incorrect and the password file cannot be found then you'll get a 500 Internal Server Error response when submitting the user/password.
Ideally, this should be a file-path outside of your document root directory - that is naturally inaccessible to user requests. It should not be in the same location as the .htaccess file implementing the protection.
Reference:
https://httpd.apache.org/docs/2.4/mod/mod_authn_file.html#authuserfile
I tried to implement this code into my .htaccess on wordpress.
Everything works fine but when you get access, it throws an 500 Error and redirects me to my hosting park website. It seems that it doesn't load the content. Not sure if the problem is that the path I'm providing doesn't contain the actual content.
SetEnvIf Request_URI ^/quetecalles require_auth=true
AuthUserFile /kaycho.com/wp-admin/.htpasswrd
AuthName "Password Protected"
AuthType Basic
Order Deny,Allow
Deny from all
Satisfy any
Require valid-user
Allow from env=!require_auth
The snippet is based on this article
Error 500 protecting a single url with .htpasswd
AuthUserFile /kaycho.com/wp-admin/.htpasswrd
The file-path to your password file looks incorrect. This needs to be an absolute filesystem-path, not a root relative URL-path (which is what this looks like). If the path is incorrect and the password file cannot be found then you'll get a 500 Internal Server Error response when submitting the user/password.
Ideally, this should be a file-path outside of your document root directory - that is naturally inaccessible to user requests. It should not be in the same location as the .htaccess file implementing the protection.
Reference:
https://httpd.apache.org/docs/2.4/mod/mod_authn_file.html#authuserfile
I have a shared hosting server where each subdomain is in its folder in root. The www.domain.com is in the /www folder, the subdomain.domain.com subdomain is in the /subdomain folder, etc.
What I want right now, is to restrict access to subdomain.domain.com with a .htaccess password, but show a customized message for users who don't have a password. And I can't get Apache2 to read the 401 error document. I have found some common troubleshooting saying that the file has to be readable, which in my case it definitely is.
So, the only two places where I can put the auth file in this configuration, since /subdomain is protected, is either under the /www folder, or in the root (like /401.html), which I have no idea if it makes any difference. But in both cases, those are folders obviously readable by Apache2, because I am using them, I am using the other (main) domain for PHP scripts, and I am getting error logs in the root, the file permissions are the same as on the 404 document (which works), and the owner is the same.
And I don't think my hoster is disabling me from using custom 401 error documents (I am already successfully using custom 404 and 500 documents), because only when I try to specify a 401 document, I get an additional row in my error output that says Additionally, a 401 Authorization Required error was encountered while trying to use an ErrorDocument to handle the request.. As if it's trying to do it, but there is something else in the way.
What could it be, and what should I try?
EDIT:
This is the contents of the .htaccess file:
Options +Indexes +FollowSymLinks
RewriteEngine On
RewriteRule ^([^\.]+)$ index.php?data=$1 [QSA,L]
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /subdomain/.htpasswd
AuthGroupFile /dev/null
require valid-user
ErrorDocument 404 /tpl/errors/404.php
ErrorDocument 500 /tpl/errors/500.php
ErrorDocument 401 /auth_alpha.html
And what I'm noticing right now pasting this, is that my 404 messages are an absolute path starting with the http address, not the root of the file system, which means that if I start the 401 error document with a /, it will try to read it from the same domain? Which makes little sense to me, because it should be an Apache2 directive, not a browser directive, right? Anyway, when I tried putting ../auth_alpha.html instead of /auth_alpha.html, then the browser outputs ONLY the string ../auth_alpha.html on the page.
You need to exclude ErrorDocument URLs from authentication:
ErrorDocument 404 /tpl/errors/404.php
ErrorDocument 500 /tpl/errors/500.php
ErrorDocument 401 /auth_alpha.html
Options +Indexes +FollowSymLinks
RewriteEngine On
RewriteRule ^([^.]+)/?$ index.php?data=$1 [QSA,L]
SetEnvIfNoCase Request_URI ^/(auth_alpha\.html$|tpl/errors/) NO_AUTH
# force auth for everything except ErrorDocument URLs
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /subdomain/.htpasswd
AuthGroupFile /dev/null
Require valid-user
Satisfy any
Order deny,allow
Deny from all
Allow from env=NO_AUTH
I use mysql dumper to work with my database. The program prompts me to create folder protection. After typing name and password, program created htaccess. and password files in dumper's directory. Unfortunately after I am not able to access the same url - internal server error. Permissions are - folders 755, files 644. Apache error log shows no record. Path in file is correct. Basicaly in any folder where I try to put this htaccess file becomes unavailable with internal server error. What can be the problem? Thank you.
This is content of newly created htaccess file
<IfModule mod_rewrite.c>
RewriteEngine off
</IfModule>
AuthName "MySQLDumper"
AuthType Basic
AuthUserFile "/data/web/xxx/web/dump/msd1.24.4/.htpasswd"
require valid-user
The problem was, I had to enable authn_file and auth_basic modules in apache for this to work.
I have written a .htaccess file and I am able to authenticate a the username and password correctly. But when I click cancel during the htaccess authentication, I get an "Access Error - Unauthorized" or a server error message.
firstly I am not sure what the error code is. I tried the following
ErrorDocument 400 /400.html
I also tried with the error codes 401, 403, 404, 500 but still that error persists.
My htacess file looks like this.. I have used the < files > tag to enforce the authentication for different html files.
AuthType Basic
AuthName "prompt"
AuthUserFile /.htpasswd
Require user mike
Do I need to place the "ErrorDocument" for every html file that I am trying to protect or just one "ErrorDocument" statement at the end would suffice for all the files that I am trying to protect..?
There are two rules you may have forgotten.
The error page itself must not be protected by .htaccess. It must be reachable.
The path to the ErrorDocument files counts from document root.
If you obey the rules, the code works (just tested it). This is what my sucessfull test involved:
Files:
/protected/.htaccess
/protected/.htpasswd
/401.php
.htaccess
ErrorDocument 401 /401.php
AuthType Basic
AuthName "My Protected Area"
AuthUserFile protected/.htpasswd
Require valid-user