I push my website to multiple servers where I have different usernames. I want to have a .htaccess file that password protects a file regardless of which server I'm on.
The issue is that AuthUserFile only takes absolute paths, so if I have:
AuthUserFile /home/will/.htpasswd
I get a server error on a box where my username is wjholcomb (and home directory is /home/wjholcomb/).
.htaccess can have multiple AuthUserFile lines:
AuthUserFile /home/will/.htpasswd
AuthUserFile /home/wjholcomb/.htpasswd
Related
I have followed the procedure to the letter and it does not work for me.
The procedure: Create file .htaccess which has the following lines of text.
AuthType Basic
AuthName "restricted area"
AuthUserFile "C:/Apache24/htdocs/protected/.htpasswd"
require valid-user
Next create file .htpasswd which has a username and encrypted password created by http://www.htaccesstools.com/htpasswd-generator/
Next I insert both .ht files into the folder named protected, which is in the folder htdocs.
When I type in the browser address window http://localhost/protected/ and hit enter I get Index of protected and the list of files in it. It never asks for username or password.
See summary above.
AuthType Basic
AuthName "restricted area"
AuthUserFile "C:/Apache24/htdocs/protected/.htpasswd"
require valid-user
I'm trying to temporarily password protect my Heorku app with the .htaccess and .htpasswrd files in the root of the app.
I'm getting a 'Internal Server Error' with the following codes and can't figure out where I'm going wrong
.htaccess
AuthUserFile .htpasswd
AuthType Basic
AuthName "Restricted Access"
Require valid-user
.htpasswrd (MD5 encrypted)
rob:$apr1$MRsSwhFN$buG0YTSOezeY8YJ32LXnT1
Looks like your path is off.
As of July 2016, some subtle changes are necessary on heroku-php-apache2. Please note that the path to the .htpasswd file no longer contains the www directory and that the .htpasswd file should be in the webroot as well.
Create an .htaccess file in the webroot:
AuthUserFile /app/.htpasswd
AuthType Basic
AuthName "Restricted Access"
Require valid-user
Create a .htpasswd file, also in the webroot:
htpasswd -c .htpasswd [username]
Commit local changes. Deploy to Heroku.
https://gist.github.com/bbrewer97202/3316425
i have this htaccess :
AuthType Basic
AuthName " Vip User Only
AuthBasicProvider file
AuthUserFile c:\inetpub\htpasswd
Require valid-user
<FilesMatch ".(jpg|gif|png|tiff|jpeg|html)$">
Allow from any
Satisfy any
</FilesMatch>
i want to remotely read htpasswd from another server ?
e.g : this htpasswd is in Server A and i want too use htaccess in Server B with Server A's htpasswd !
is this possible ?
See the documentation of AuthUserFile
File-path is the path to the user file.
There's no mention of URI anywhere. To the contrary, it advises (rightly!) to make the file inaccessible from the web
Security
Make sure that the AuthUserFile is stored outside the document tree of the web-server. Do not put it in the directory that it protects. Otherwise, clients may be able to download the AuthUserFile.
Otherwise anybody could download the file, and crack all your passwords.
I would like to use a .htaccess file to protect my symfony2 website while developing it.
I added the following line at the beginning of my .htaccess located in /web and a .htpasswd file just next with my password.
AuthName "Développement"
AuthType Basic
AuthUserFile ".htpasswd"
Require valid-user
I have a Error 500 when I try to access my website. Is it possible to use a htaccess in my case ? What should I use if it is not posible ?
Assuming the 500 error is caused by these directives, the most likely reason is the path to .htpasswd. AuthUserFile says
The AuthUserFile directive sets the name of a textual file containing the list of users and passwords for user authentication. File-path is the path to the user file. If it is not absolute, it is treated as relative to the ServerRoot.
So either use an absolute path (e.g. /var/www/.htpasswd) or add the complete path starting from your document root (e.g. web/.htpasswd).
Also note the last section in AuthUserFile
Security
Make sure that the AuthUserFile is stored outside the document tree of the web-server. Do not put it in the directory that it protects. Otherwise, clients may be able to download the AuthUserFile.
This means, store the auth file somewhere else, like /etc/apache2/htpasswd.
Would it be possible to have the {HTTP_HOST} variable in this path?
Because my htaccess is used for multiple domains and I want to use different passwords for each domain!
AuthUserFile /usr/test/{HTTP_HOST}/.htpasswd
AuthType Basic
AuthName "My Files"
Require valid-user
UPDATE:
I tested the above code and it gives a 500 Internal Server Error (off course the AuthUserFile points to a directory that DOES exist on my server)