I'm attempting to password protect my public folder so that anyone trying to access externally is prompted to enter a password but not locally. So far I have got it to work using 127.0.0.1 but not localhost. Obviously I COULD just used the ip address but it's more the fact I want to know why it doesn't work. I don't like to be defeated!
#Enable Password Protection
AuthName "Password Protected Server"
AuthType Basic
AuthUserFile c:\xampp\apache\security\.htpasswd
Require valid-user
Order allow,deny
Allow from localhost
Allow from 127.0.0.1
Satisfy Any
My code so far is an accumulation of:
http://www.groovypost.com/howto/how-to/htaccess-password-protect-apache-website-security/
htaccess password protect but not on localhost
I'm running XAMPP 1.7.3 on Windows 7, in case that helps.
Any assistance would be greatly appreciated!
Sounds like an IPv6 issue. When you're connecting to the site with 127.0.0.1, Apache sees the request as coming from the IPv4 localhost (127.0.0.1). But, when connecting to localhost, Apache sees the request as coming from the IPv6 localhost (::1).
If this is the problem, you should be able to solve it by replacing the Allow from localhost line with a Allow from ::1 line.
Related
Probably this question was already asked, but I would appreciate a confirmation that I'm doing things right.
I run XAMPP 5.6 and all pcs connected to wifi are trusted. I'm behind a router and no virtual server or port forwarding are enabled.
(On this version of XAMPP the security.php page is gone.)
I would like that XAMPP allow access to htdocs folder (mysites) ONLY from pcs connected to my wifi, and stay locked from Internet (rejecting access to htdocs and all xampp setting folder and files).
QUESTION 1:
1) if I do nothing (not even add a password to root), is XAMPP (settings folder and/or my sites in htdocs folder) open to internet or just to my local wifi pcs?
QUESTION 2:
Adding this to httpd.conf
<Directory />
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order deny,allow
Deny from all
Allow from 127.0.0.1 ::1 localhost 192.xxx.xxx
</Directory>
will reinforce security allowing only connection from specified local ips (and reject ANY connections from internet)?
As a test, I did try the following addresses (from another internet connection):
1) my-isp-ip/routerip/mysite
2) my-isp-ip:80/routerip/mysite
and the pages just did not load.
Is it a good test?
Thanks!
I'm trying to deny all requests sent to a website, but allow only 2 IP-addresses.
I've learned this should be done with .htaccess.
Basically there are 3 modules: Website Server, Form-handling Server and my own network IP.
Let's appoint the following IP addresses to the servers:
Website Server: 1.1.1.1
Form-handling Server: 2.2.2.2
Own Network: 3.3.3.3
The .htaccess is placed in the public_html directory of the form-handling server (2.2.2.2).
Now, this works:
order deny,allow
deny from all
allow from 3.3.3.3
The form-handling server is accessible with my own browser, but the form post request sent from the website is blocked. (which is good, in this case)
But when I edit the .htaccess to the following, the form post request is still blocked:
order deny,allow
deny from all
allow from 1.1.1.1
allow from 3.3.3.3
To make sure this .htaccess is functional I tried:
order deny,allow
deny from all
allow from 1.1.1.1
Now I cannot reach the Form-handling Server. Which proves the .htaccess is 'running'. (also, the Website Server cannot access the server tho..)
How can I achieve that the Website server has access to the Form-handling Server (and preferably me as well), but any other visitor/server hasn't?
Worth knowing: When I delete these lines from my .htaccess, the connection between the Website and Form-handling server works beautifully.
I am pretty sure your htaccess is ok. Most likely your webserver connects the form server with a different ip - i.e. the IP from the internal LAN between your webserver and your form server is different.
I have installed gerrit on my centos server, but I have a problem with the authentication. I would like to give authentication privileges for the centos users in a given group. Basically, every user in the gerrit group should have the possibility to log in with its password.
But, when I access the gerrit link, there is a redirect to gerrit:8081/login when I get the following message:
The HTTP server did not provide the username in the Authorization
header when it forwarded the request to Gerrit Code Review.
If the HTTP server is Apache HTTPd, check the proxy configuration
includes an authorization directive with the proper location, ensuring
it ends with '/':
Do you have any hints why this doesn't work?
The VirtualHost part of the /etc/httpd/conf/httpd.conf file looks something like this:
<VirtualHost gerrit:8081>
ServerName gerrit
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location "/login/">
AuthType Basic
AuthName "Gerrit Code Review"
AuthBasicProvider file
AuthUserFile /etc/passwd
Require valid-user
</Location>
AllowEncodedSlashes On
ProxyPass /r http://localhost:8081/r nocanon
</VirtualHost>
And the gerrit.config file:
[gerrit]
basePath = /repos
canonicalWebUrl = http://freshattitude.eu:8081/
[database]
type = mysql
hostname = localhost
database = gerrit
username = gerrit
[auth]
type = HTTP
emailFormat = {0}#example.com
[sendemail]
smtpServer = localhost
smtpUser = root
[container]
user = gerrit
javaHome = /usr/java/jdk1.7.0_25/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = http://*:8081/
[cache]
directory = cache
You made some mistakes. On the one hand, you have to set in gerrit.config
httpd.listenUrl = proxy-http://127.0.0.1:8081/
so that Gerrit knows about the proxy in front of it.
Furthermore, your Apache vhost has to listen to a different port (at least when both services run on the same server). In fact, I'm wondering how you've been able to start both at the same time ;-)
So set an apache vhost up for port 80, not for port 8081. Then users will connect to http://freshattitude.eu/.
Finally, again in gerrit.config, you have to fix your canonicalWebUrl and remove the :8081, as because of you're using a proxy, this is how you tell to Gerrit what its URL towards the outside world is.
I think you should go through Gerrit docs on reverse proxy config once.
Afterwards you will end up with Gerrit listening only on localhost port 8081 and apache listening to port 80 (sure, you might want to use SSL, then use the proxy-https variant in gerrit.config).
This is the configuration which runs and help you https://groups.google.com/forum/?hl=en#!topic/repo-discuss/qwQxy_izXzo
Thanks & Regards,
Alok Thaker
As far as I know Gerrit requires the authentication details to be provided in the request header when using HTTP authentication. So, when using this anonymous access is not possible.
Because of this I changed the Location "/login/" to Location "/", then authentication is always done before going to Gerrit. That it works and I can live with it.
This might actually be some regression bug that crept in somewhere but that how I have it working.
I want to set up .htaccess on my Apache web server such that all users are straight-up denied access except one user which is my IP. Since this IP represents my entire home network, I also want to add authentication in the case the IP is correct to ensure that only I can access that directory and no one else using my home network.
This is how my .htaccess file looks so far:
Order deny,allow
Deny from all
AuthType Basic
AuthUserFile /var/www/path_to_forbiden_dir/.htpasswd
AuthName "Protected"
require valid-user
Allow from xxx.xx.xx.xxx
where xxx.xx.xx.xxx is my IP
This works in denying IPs outside the local network, however no authentication is shown when I try to access that directory from the IP specified. So, how can I create authentication only for the IP specified?
Try adding Satisfy all to your .htaccess
Thanks, but I resolved the issue by following the instructions on
https://help.ubuntu.com/community/EnablingUseOfApacheHtaccessFiles
I had forgotten to set up Directory override of htpasswd in apache2.conf
I want to create a subdomain I followed this steps :
cd /etc/apache2/sites-available
nano test.mydomaine.com
<VirtualHost *:80>
ServerAdmin mymail#gmail.com
ServerName test.mydomaine.com
ServerAlias www.test.mydomaine.com
DocumentRoot /var/www/testfolder/
<Directory "/var/www/testfolder">
AuthType Basic
AuthName "test"
AuthUserFile /var/www/testfolder/passwords
Require valid-user test
</Directory>
</VirtualHost>
exit and save
a2ensite test.mydomaine.com
/etc/init.d/apache2 reload
but It's not working am I missing something ?
In order for this to work, you additionally have to configure DNS resolution for the new hostname test.mydomain.com. If you are just playing with this locally and do not want to create a "real" DNS entry, you have to edit the file /etc/hosts so that your computer can resolve the hostname to an IP address. If you are running the web server on the same machine as the browser, you will want to map test.mydomain.com to 127.0.0.1. If the browser is on a different machine on your local network, you'll need to determine the server's IP address and then on the browser machine, edit /etc/hosts to add the mapping.
On Windows, the file is called C:\windows\system32\drivers\etc\hosts
A sample entry would be (for the browser running on the same machine as the server):
127.0.0.1 test.mydomain.com
If the server is at, say 192.168.0.5, the entry would be
192.168.0.5 test.mydomain.com
EDIT: If the server has a real routable IP address, then if you want the test.mydomain.com address to resolve on the global Internet you will have to get your service provider to add it to DNS. For testing purposes, you can still use /etc/hosts as described above. Just substitute the server's real IP instead of 127.0.0.1. Do this on the system where you are running the browser.