Search Results

Search found 162 results on 7 pages for 'htpasswd'.

Page 1/7 | 1 2 3 4 5 6 7  | Next Page >

  • htpasswd not working when set up in the httpd.conf file

    - by Shamoon
    My httpd.conf file looks like: <Directory "/path/to/mysite"> AuthType Basic AuthName "Restricted Files" AuthUserFile "/path/to/.htpasswd" Require user valid-user Options Indexes FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> I generated my .htpasswd file using the htpasswd command: $ htpasswd ~/.htpasswd myuser So now when I restart apache, it prompts for a username and password, however, when I type in my username and password, it just prompts again. Any help would be appreciated. Thanks My .htpasswd file looks like: myuser:$aaa1$rsU3A8zu$1xiIou2elcL3QLIPhzsaj0

    Read the article

  • Apache - Same username in several .htpasswd files

    - by greydet
    In a virtual host, I setup two different <Location> blocks for which the access is restricted by two basic authentication htpasswd files. One htpasswd contains different usernames + a common user name. The other htpasswd file only contains the common user name. My problem is that once users connect a location with the common user name, they have immediate access to the other location without being asker for a different user name. Is there a way to restrict the username access only to the corresponding htpasswd file? Is there a way for users to ask to be re-prompted for another username/password?

    Read the article

  • 500 error after creating htpasswd and edit htaccess

    - by bacord
    I just edited the htaccess file to include: AuthType Basic AuthName "My Protected Area" AuthUserFile /home/path/to/public_html/ Require valid-user I then created a htpasswd file via the htpasswd command. I have enabled the module: LoadModule authn_file_module modules/mod_authn_file.so in the Apache configuration. Now, when I load the page I now get a 500 error and apache log says "configuration error: couldn't check user. No user file?: /"

    Read the article

  • Apache is looking for htaccess and htpasswd files that aren't there

    - by user1094092
    Having an issue where Apache is requesting authentication, and looking for an .htpasswd file, based on instructions from an .htaccess file that's no longer in DocumentRoot. Background: In my DocumentRoot, I'd previously copied an .htaccess and .htpasswd file from another machine (along with all of the other website files). .htaccess contents: AuthType Basic AuthName "Password is required" AuthUserFile /some/directory/that/was/on/the/other/server/not/this/one/.htpasswd Require valid-user Here's the catch: I moved .htaccess and .htpasswd out of DocumentRoot and even renamed the files. There is no longer an .htaccess file in DocumentRoot at all. But, when I try to access localhost from a browser, I am prompted to enter the login and password. When I enter the login and password (from the old, not-in-DocumentRoot .hpasswd file), I get a 500 Internal Server error and the log shows: [error] [client 127.0.0.1] (2)No such file or directory: Could not open password file: /some/directory/that/was/on/the/other/server/not/this/one/.htpasswd This has been quite a puzzle, because there's no longer a .htaccess or .htpasswd file anywhere in DocumentRoot !! Have tried several apache restarts and also tried using a blank .htaccess file in the DocumentRoot. Even grepped the entire machine for references to AuthType Basic to see if I missed anything. httpd.conf looks normal enough...I can post that if needed, but this question seems long enough as it is :) Thanks for any assistance you can provide

    Read the article

  • force https with apache before .htpasswd

    - by johnlai2004
    I have this in my .htaccess file RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://www.myweb.com/phpmyadmin$1 [R,L] AuthUserFile /var/www/myweb/.htpasswd AuthGroupFile /dev/null AuthName "Sovereign Databases" AuthType Basic <Limit GET> require valid-user </Limit> But everytime I go to http://www.myweb.com/phpmyadmin, the .htpasswd prompts me for a credentials BEFORE i'm redirected to https://www.myweb.com/phpmyadmin. After I type in my username and password, I get redirected to https://www.myweb.com/phpmyadmin. The problem is that I don't want anyone to submit their username and password unencrypted via http. How do I force people to login via the https version even if they typed in the http version?

    Read the article

  • htaccess and htpasswd trouble

    - by hjpotter92
    This is the first time that I have ever tried working with .htpasswd and .htaccess files, so please point out my childish works. I have my apache document root set to /www/ on my debian server. Inside it, there's a folder named Logs/ which I want to restrict access using a htpasswd. I created my htpasswd file using the shell's htpasswd command. And this is the result: > user:<encoded password here> > hjp:<encoded password here> > hjpotter92:<encoded password here> I put this file named .htaccess inside /www/. The Logs/ has following htaccess file in it: > AuthName "Restricted Area" > AuthType Basic > AuthUserFile /www/.htpasswd > AuthGroupFile /dev/null > require valid-user This was again created using an online tool(I forgot its name/link, and can't search the browser-history now). The problem, as it might've already struck you is that I am experiencing no change on my Logs folder access. The folder is still accessible to everyone. I am running apache as root user(if that matters/helps). Please help/guide me. I've tried reading some htaccess guides and have followed some of older SO questions, but still haven't figured out a way to restrict access to Logs folder with a password.

    Read the article

  • Nginx Server Block Port 8081 Path to Root Folder

    - by Pamela
    I'm trying to password protect all of port 8081 on my Nginx server. The only thing this port is used for is PhpMyAdmin. When I navigate to https://www.example.com:8081, I successfully get the default Nginx welcome page. However, when I try navigating to the PhpMyAdmin directory, https://www.example.com:8081/phpmyadmin, I get a "404 Not Found" page. Permission for my htpasswd file is set to 644. Here is the code for my server block: server { listen 8081; server_name example.com www.example.com; root /usr/share/phpmyadmin; auth_basic "Restricted Area"; auth_basic_user_file htpasswd; } I have also tried entirely commenting out #root /usr/share/phpmyadmin; However, it doesn't make any difference. Is my problem confined to using the incorrect root path? If so, how can I find the root path for PhpMyAdmin? If it makes any difference, I'm using Ubuntu 14.04.1 LTS with Nginx 1.4.6 and ISPConfig 3.0.5.4p3.

    Read the article

  • Can htpasswd be used to restrict access to a URL rather than a specific folder?

    - by me_here
    I would like to restrict access to certain URLs with htpasswd files, rather than folders, is this possible? For example, I wish to restrict the URL: www.example.com/pages/id/227/Restricted_Page But allow access to other URLs such as: www.example.com/pages/id/100/Normal_Page Is this possible? The "pages" part of the url refers to a pages.php file, and the "id" part is the function name in that file. The reason for wanting to do this is because of migrating existing restrict lists, in the form of htpasswd files from another site. Many thanks.

    Read the article

  • Password protect web directory with htpasswd on Cherokee

    - by wdkrnls
    I have a directory on my Cherokee webserver that I am trying to password protect so that when I try to enter it from a web browser, I get a pop up demanding username and password. Needless to say I am getting stuck. I have created the .htaccess file with: AuthUserFile /srv/http/protected AuthGroupFile /dev/null AuthName "Protected Stuff" AuthType Basic Require valid-user And I used the apache-tools' htpasswd command: htpasswd -c .htpasswd wdkrnls I configured Cherokee with a behavior rule on the /protected directory which requires htpasswd authentication and restarted. I get Error 405 Method Not Allowed whenever I navigate there in a directory. What more do I need to do? Thanks for your help.

    Read the article

  • File access forbidden in htpasswd

    - by Nerd-Herd
    I have been using the htpasswd generated in this question and it seemed to have been working well until recently. Since yesterday, I am not able to access the newest file created in the folder ChatLogs(named 10_07_2012.txt). The server returns a 403 Forbidden error saying: Forbidden You don't have permission to access /ChatLogs/2012/07/10_07_2012.txt on this server. I am still able to access older files(until 09 July, 2012). At first I thought it might be because of file permissions, but they are the same as on other 9 files in the folder. What could be the problem? Please Help.

    Read the article

  • Is it possible to write an htpasswd file that redirects certain users to certain directories?

    - by racl101
    Hi there, Assuming that I have a domain, say, mydomain.com and three directories under it call them dir1, dir2 and dir3, then is it possible to put an htpasswd file at the web root and have it redirect authenticated users to their respective directories (e.g. user joecorleone101 always get redirected to dir3 upon being authenticated.)? First of all I want to know if this is possible and second is it safe or practical (or impractical)? Am I thinking about it the wrong way? Should I maybe use an htaccess file?

    Read the article

  • protecting a single .exe-file for downloading with htaccess and htpasswd?

    - by ThomasK
    I have this, and only this, in a .htaccess file inside my downloads folder: <FilesMatch "\.(exe)$"> AuthType Basic AuthName "Downloads" AuthUserFile path/to/.htpasswd Require valid-user </FilesMatch> Once I click the link to download a href="fileName.exe">FileName</a>, I'm getting a 500 server error. If I leave out the <FilesMatch>-part; The protection part is working, I guess, since I get the login box. But once I get into the protected area, the 500 server error occurs. What am I doing wrong here? My intention was to protect only a single .exe file to prevent downloaded by anyone. Is there any easier or more correct way of doing this?

    Read the article

  • htpasswd and htaccess in Plesk 9.3

    - by J White
    Greetings Here is my situation. I currently have one website on my dedicated server. As of now, I have protected the directory /exclusive using the Plesk control panel. I am having a billing company install their password management script on the server but they need the absolute location to the .htpasswd file. I can't find it or the .htaccess file. Would it be easier to unprotect the /exclusive directory and create the .htaccess file in notepad? If this is done, where should I place the .htpasswd file? -jw

    Read the article

  • htpasswd and htaccess in Plesk 9.3

    - by J White
    Greetings Here is my situation. I currently have one website on my dedicated server. As of now, I have protected the directory /exclusive using the Plesk control panel. I am having a billing company install their password management script on the server but they need the absolute location to the .htpasswd file. I can't find it or the .htaccess file. Would it be easier to unprotect the /exclusive directory and create the .htaccess file in notepad? If this is done, where should I place the .htpasswd file? -jw

    Read the article

  • htaccess/htpasswd in hierarchical folder structure

    - by chessweb
    I have a folder (folder_1) that is protected by htaccess/htpasswd files. Inside that folder is another folder (folder_2) that is protected by another couple of htaccess/htpasswd files. When a php-script in folder_1 or folder_2 is called, the user has to authenticate herself using the correct username and password as specified in the respective htaccess/htpasswd files. This works as intended. However, as soon as the php-script in folder_2 tries to refer to another script or a css-file that is located in folder_1, the user must enter username and password for folder_1 as well. Is there a way to avoid this that does not involve copying scripts and css-files from folder_1 to folder_2? Regards, Ralf

    Read the article

  • .htpasswd under IIS - does it work?

    - by Cyrcle
    I'm trying to password protect a directory on a server that's running IIS. I've put the following in the .htaccess file in that directory - AuthName "Restricted Area" AuthType Basic AuthUserFile /path/.htpasswd AuthGroupFile /dev/null require valid-user I've tried a whole bunch of different paths and although it's asking for a username and password it won't take it. I've tried using the path provided by _SERVER["PATH_TRANSLATED"] but that's no help either. Is this a problem with my path, or does IIS just not support .htpasswd?

    Read the article

  • how to edit .htpasswd using php?

    - by Mahmoud
    hey all i have a protected directory where only user on .htpasswd can access, but sometimes it requires the user to change password or username, edit a specific username password to his username him self sample users kevien : kka mike : mike

    Read the article

  • .htpasswd Problems

    - by William Hand
    I have setup an .htaccess and .htpasswd file correctly and my password gets accepted, but only on the second attempt. I have read somewhere what to do about this, but I lost the page. Any suggestions?

    Read the article

  • htpasswd, secure specific files in zend framework

    - by AKFourSeven
    Hi I have been bashing my head against the wall with this riddle and cannot find the way to solve this. I would like to secure couple of files to restrict access to certain pages but my attempts so far are unsuccessful. I do not want to use Zend Auth as it is a very small web site doing simple stuff. Here is a sample of what I have done: AuthUserFile /path/to/my/.htpasswd AuthName "Admin Restriction" AuthType Basic <Files file.phtml> require valid-user </Files> Is there any way to achieve this ?

    Read the article

  • Nginx Password Protect Directory Downloads Source Code

    - by Pamela
    I'm trying to password protect a WordPress login page on my Nginx server. When I navigate to http://www.example.com/wp-login.php, this brings up the "Authentication Required" prompt (not the WordPress login page) for a username and password. However, when I input the correct credentials, it downloads the PHP source code (wp-login.php) instead of showing the WordPress login page. Permission for my htpasswd file is set to 644. Here are the directives in question within the server block of my website's configuration file: location ^~ /wp-login.php { auth_basic "Restricted Area"; auth_basic_user_file htpasswd; } Alternately, here are the entire contents of my configuration file (including the above four lines): server { listen *:80; server_name domain.com www.domain.com; root /var/www/domain.com/web; index index.html index.htm index.php index.cgi index.pl index.xhtml; error_log /var/log/ispconfig/httpd/domain.com/error.log; access_log /var/log/ispconfig/httpd/domain.com/access.log combine$ location ~ /\. { deny all; access_log off; log_not_found off; } location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } location /stats/ { index index.html index.php; auth_basic "Members Only"; auth_basic_user_file /var/www/web/stats/.htp$ } location ^~ /awstats-icon { alias /usr/share/awstats/icon; } location ~ \.php$ { try_files /b371b8bbf0b595046a2ef9ac5309a1c0.htm @php; } location @php { try_files $uri =404; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/lib/php5-fpm/web11.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_intercept_errors on; } location / { try_files $uri $uri/ /index.php?$args; client_max_body_size 64M; } location ^~ /wp-login.php { auth_basic "Restricted Area"; auth_basic_user_file htpasswd; } } If it makes any difference, I'm using Ubuntu 14.04.1 LTS with Nginx 1.4.6 and ISPConfig 3.0.5.4p3.

    Read the article

  • How can I lock a dictionary in debian server installed with ngix?

    - by Tin Aung Linn
    I tried so many methods and get stick hours with this.I edit /etc/nginx/nginx.conf and write these lines. location /home/user/domains/example.com/public_html/lockfolder/ { auth_basic "Restricted"; auth_basic_user_file /home/user/domains/example.com/.htpasswd; } and I use crypt(3) encryption to make passwd with the command mkpasswd.Then I did with the given procedure user:encryptedpasswd in .htpasswd. But things does not work as said.Let me know if anyone know how I can exactly make configure for my purpose! Thanks you.

    Read the article

  • Basic Auth on DirectoryIndex Only

    - by Brad
    I am trying to configure basic auth for my index file, and only my index file. I have configured it like so: <Files index.htm> Order allow,deny Allow from all AuthType Basic AuthName "Some Auth" AuthUserFile "C:/path/to/my/.htpasswd" Require valid-user </Files> When I visit the page, 401 Authorization Required is returned as expected, but the browser doesn't prompt for the username/password. Some further inspection has revealed that Apache is not sending the WWW-Authenticate header. GET http://myhost/ HTTP/1.1 Host: myhost Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 HTTP/1.1 401 Authorization Required Date: Tue, 21 Jun 2011 21:36:48 GMT Server: Apache/2.2.16 (Win32) Content-Length: 401 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Authorization Required</title> </head><body> <h1>Authorization Required</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> </body></html> Why is Apache doing this? How can I configure it to send that header appropriately? It is worth noting that this exact same set of directives work fine if I set them for a whole directory. It is only when I configure them to a directory index that they do not work. This is how I know my .htpasswd and such are fine. I am using Apache 2.2 on Windows. On another note, I found this listed as a bug in Apache 1.3. This leads me to believe that this is actually a configuration problem on my end.

    Read the article

  • Can I password protect a location (not directory) in apache using htaccess?

    - by dimvic
    I have used code like this in apache configuration to protect locations with password <Location ~ "/admin.*"> AuthType Basic AuthName "Protected Area" AuthUserFile /home/user/public_html/.htpasswd Require valid-user </Location> is there a way to do the same thing using an htaccess file? the locations I want to protect don't really exist on the filesystem, it's locations available thanks to mod_rewrite

    Read the article

  • I am trying to write an htaccess file performs authentication and redirects authenticated users to a

    - by racl101
    This is what I have so far but I can't get the RewriteCond and RewriteRule properly. RewriteEngine On RewriteCond %{LA-U:REMOTE_USER} (\d{3})$ RewriteRule !^%1 http://subdomain.mydomain.com/%1 [R,L]. AuthName "My Domain Protected Area" AuthType Basic AuthUserFile /path/to/my/.htpasswd Require valid-user This is what I mean the ReWriteCond and RewriteRule to say: "If the REMOTE_USER has a username ending in 3 digits then capture the three digits that match and for whatever url they are trying to access if it does not start with the 3 digits captured then redirect them to the sub directory with the name equal to those captured three digits." In other words, if a user named 'johnny202' is authenticated then if he's requesting any directory other than http://subdomain.mydomain.com/202/ then he should be redirected to http://subdomain.mydomain.com/202/ The only thing I can think of that is wrong is the first instance of '%1'.

    Read the article

1 2 3 4 5 6 7  | Next Page >