htaccess permissions on addon domains - .htaccess

i have two domains setup one called fastcms.com and the other is called fastautos.com.
fastautos.com is based in the /home/speedycm/public_html/fastautos/ directory on my fastcms.com server (acting as an add on domain)
the problem i'm having now is that i want to allow users to use the fastautos.com website but continue to restrict usage to the fastcms.com website (password request).
currently both sites ask for a passsword. i only want it to ask for a password on the fastcms.com website.
this is my htaccess file at the moment!
RewriteEngine on
AuthType Basic
AuthName "restricted area"
AuthUserFile /home/fastcm/public_html/.htpasswd
require valid-user
RewriteCond %{HTTP_HOST} ^fastautos.co.uk$ [OR]
RewriteCond %{HTTP_HOST} ^www.fastautos.co.uk$
RewriteRule ^/?$ "http\:\/\/fastcms\.co\.uk\/fastautos\/" [R=301,L]
please help! many thanks in advance

If my memory is good, you can put the AuthType etc into a Directory section, that is applied to one directory only.
Also, if you have not denied it, you can create .htaccess file within directories of each of your site the override general settings.

Related

is it possible to change URL of webpage using .htaccess and also want to protect folders using .htaccess?

I want to change Webpage URL http://www.xyz.com/in/index.php?mpid=page1 to http://www.xyz.com/in/page1 using .htaccess.
And also want to protect my folders with username and password.
AuthType Basic
AuthName "Protected Area"
#path to htpaswd
AuthUserFile /path/to/.htpasswd
Require valid-user
RewriteEngine on
RewriteCond %{REQUEST_URI} !^in
RewriteRule /in/(.+) in/index.php?mpid=$1

htaccess login on multi domain

I've got a multi domain site (custom CMS) where all sites have the same documentroot. Depending on the url(domain) it will serve a different site. Having only 1 root they also have only 1 .htaccess
Now I want to protect 1 domain with a simple .htacess login (like this)
How do I specify this login to 1 domain?
You can use mod_setenvif support to protect only one of your domain. Here is the code that you need to put in your common .htaccess under $DOCUMENT_ROOT:
SetEnvIfNoCase Host ^www\.subdomain\.com$ SECURED=yes
AuthType Basic
AuthName "My Protected Area"
AuthUserFile /your/path/to/passwords
Require valid-user
Satisfy any
Order allow,deny
Allow from all
Deny from env=SECURED
Above code will show basic auth popup only for www.subdomain.com while leaving other domains open.
To enable an .htpasswd file you must use a specific subdirectory for that protected domain. The trick is to use a subdomain-based internal redirect based on the %{HTTP_HOST} variable in the docroot .htaccess file, for example
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} =admin.example.com
RewriteRule ^(?!admin).* admin/$0 [L]
This will internally redirect any htttp://admin.example.com/ references to the DOCROOT/admin subdirectory which can have its own .htaccess and .htpasswd files.
You may need to symlink and CMS entry scripts and subdirectories back to the shared instance. This is how I did this for phpBB.

Hiding admin page as a subdomain

I have a site that has an admin page (eg admin.php) that is normally accessed via mydomain.com/admin.php
What I was hoping to be able to do is to use htaccess to map
"admin.mydomain.com" to "mydomain.com/admin.php" in such a way that the user would never know that it was a 'file'.
That is, if someone externally tried to access "mydomain.com/admin.php", I want it to 404.
Now, for the even hard part: the admin.php page will want to serve links as "/admin.php?param=value", etc and so I'd need to look at the referrer (???) to let this work as expected.
can htaccess do this? Any idea on where to start?
If you have set up a record for admin.mydomain.com with the same IP Address as mydomain.com as well as the same DocumentRoot,
Then this can be done like this in your .htaccess:
RewriteEngine On
RewriteBase /
RewriteCond %{ENV:REDIRECT_STATUS} 200
RewriteRule ^ - [L]
RewriteCond %{HTTP_HOST} ^(admin\.) [NC]
RewriteRule ^ %1php [L]
RewriteCond %{REQUEST_URI} admin\.php$ [NC]
RewriteRule ^ - [R=404,L]
I don't really understand what you are trying to do (or really why you absolutely need to have the page mydomain.com/admin.php).
If you are trying to "hide" it from the users, why not actually create a subdomain, place the file in the subdomain, implement security on the entire subdomain and then there is no need for messing around with redirections, referrers or query strings.
For security you might want to do something like this:
In your .htaccess put:
AuthUserFile /path/to/htpasswd/file/.htpasswd
AuthGroupFile /dev/null
AuthName "MyDomain Admin Area"
AuthType Basic
require valid-user
Create the file .htpasswd using a generator such as this
Then you will have no need to hide the page from the user because without the correct username and password, they will get a 403.

.htaccess mod_rewrite for web service as well as hide other files

I think I know how to hide the files but how do I use mod_rewrite to allow only the web service to be called in the same directory?
Here is the directory/file structure
/var/www/html/xmlrpc/xmlrpc.server.php
/var/www/html/xmlrpc/xmlrpc.client.php
/var/www/html/xmlrpc/xmlrpc.class.php
/var/www/html/xmlrpc/xmlrpc.ini
/var/www/html/xmlrpc/logs
Important note: /var/www/html/xmlrpc/logs has 777 permission
before you start harping on me I plan to move this into a non public directory and give the correct permissions. But I was asked to see if I could hide it with the .htaccess file.
.htaccess
AuthType Basic
AuthName "My hidden files"
AuthBasicProvider file
AuthUserFile /var/www/html/xmlrpc/.pswds
Require valid-user
.pswds
user:5/abcde1abcdE
Also I'm a newbie with mod_rewite/mod_alias and need this URL:
http://127.0.0.1/xmlrpc/xmlrpc.server.php
to be this:
http://127.0.0.1/xmlrpc/v1/
How does one do this?
Also on know on the virtual host setup in Apache you can set the log file paths/names, can this be done from the .htaccess file as well?
Examples are welcome as this is a learning experience for me as well.
Ah mod_rewrite. Try this in the xmlrpc directory:
RewriteEngine On
RewriteRule ^v1/$ xmlrpc.server.php [L]
Some questions though - does xmlrpc.server.php take any get parameters? Can you guarantee that the url will always include a trailing slash?
To enforce a trailing slash as well as some other stuff, try this:
# Allows direct linking to files
RewriteCond %{REQUEST_FILENAME} !-f
#Checks if the url is missing a slash, if so, evaluate rule below
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ^(.*)$ http://127.0.0.1/$1/ [L,R=301]
The last rule will have to be adjusted depending on where you put the .htaccess file. If it's at the root, then it will work for all lower directories. If it's in the xmlrpc folder, then you can leave off the localhost.
Also remember to restrict access to the .htaccess file:
<Files .htaccess>
order allow,deny
deny from all
</Files>
Someone else will have to answer the other questions - not as familiar with that.

Password Protect Virtual Directory With .htaccess

I have a site with a virtual directory structure like mysite.com/folder/title which is actually a .htaccess rewrite to mysite.com/f/index.php?p=title. I want to password protect the folder folder with .htaccess, and know how to do that with actual folders. But I don't want to password protect the main site mysite.com, and right now if I put the .htaccess file in the mysite.com directory, I am protecting mysite.com and mysite.com/folder. I have also tried protecting mysite.com/f.
How can I protect only mysite.com/folder using .htaccess?
EDIT: Added .htaccess contents of mysite.com.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^folder/(.*)$ /f/index.php?p=$1 [PT,L,QSA]
RewriteRule ^folder/*$ /f/index.php [L,QSA]
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
.htaccess file I tried in mysite.com/f This successfully protects the entire site when moved to mysite.com, so I know the path is correct. When it is in the subdirectory it generates a 404 error and not a password prompt.
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/myusername/.htpasswd
require valid-user
Old thread is old...
Stumbled across this while having a similar issue, password protecting a subdomain while keeping the main site without.
The solution was easier than I originally made it out to be.
In the document_root/.htaccess, domain.com/wiki was redirecting to domain.com/w (because that's cleaner? lol):
RewriteEngine On
RewriteRule ^/?w(/.*)?$ /wiki/index.php [PT,L,QSA]
RewriteRule ^/*$ /wiki/index.php [L,QSA]
In document_root/wiki/.htaccess the wiki directory was password protected:
AuthType Basic
AuthName "Restricted"
AuthUserFile "/home/user/.htpasswds/public_html/wiki/passwd"
require valid-user
I simply added this line to the top of document_root/.htaccess so it reads:
AuthType None
RewriteEngine On
RewriteRule ^/?w(/.*)?$ /wiki/index.php [PT,L,QSA]
RewriteRule ^/*$ /wiki/index.php [L,QSA]
domain.com is no longer password protected and domain.com/wiki redirects as intended and with password protection.
Hope it helps someone else.
One thing that works (but isn't the most elegant solution) is to actually create a folder named "folder" (or whichever virtual folder you're trying to password-protect) and put the .htaccess into it.
Assuming you are using Apache 2.2
... and, that your server is running on a machine to which you do not have permission to modify the server configuration
... then, create: mysite.com/f/.htaccess with the rule you desire.
A good discussion of when to use this and when not to can be found here.

Resources