Search Results

Search found 162 results on 7 pages for 'htpasswd'.

Page 4/7 | < Previous Page | 1 2 3 4 5 6 7  | Next Page >

  • Apache whitelist a single location, but require basic auth for everything else

    - by Chris Lawlor
    I'm sure this is simple, but Google is not my friend this morning. The goal is: /public... is openly accessible everything else (including /) requires basic auth. This is a WSGI app, with a single WSGI script (it's a django site, if that matters..) I have this: <Location /public> Order deny,allow Allow from all </Location> <Directory /> AuthType Basic AuthName "My Test Server" AuthUserFile /path/to/.htpasswd Require valid-user </Directory> With this configuration, basic auth works fine, but the Location directive is totally ignored. I'm not surprised, as according to this (see How the Sections are Merged), the Directory directive is processed first. I'm sure I'm missing something, but since Directory applies to a filesystem location, and I really only have the one Directory at /, and it's a Location that I wish to allow access to, but Directory always overrides Location... EDIT I'm using Apache 2.2, which doesn't support AuthType None.

    Read the article

  • How to configure Apache on Amazon Elastic Beanstalk

    - by Ian
    My PHP5.3 application is currently running on a Windows 2003 server running XAMPP 1.7.7 I've decided it will be better if I can get it moved onto the cloud, and Amazon Elastic Beanstalk looks like the easiest way to go. I'm starting with a 64bit Amazon Linux running PHP 5.3 container. My next step is to limit access to the website with an htpasswd file. I'd rather not use .htaccess files. How do I configure Beanstalk Apache conf file settings (on Windows the settings are stored in httpd.conf)?

    Read the article

  • How do I force .htaccess authorization to occur over ssl?

    - by kenja
    I'm trying to force a particular directory to require only allowed IPs and a valid username/password through basic authorization. To ensure that the username/password are sent in encrypted form, I want the directory to also force SSL use. Here is what I have in my .htaccess file: # Force HTTPS-Connection RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule (.*) https://www.mywebsite.com%{REQUEST_URI} [R,L] ## password begin ## AuthName "Restricted Access" AuthUserFile /var/www/admin/.htpasswd AuthType Basic Require valid-user Order deny,allow Deny from all Allow from 79.1.231.151 62.123.134.83 Satisfy All Unfortunately, when I access that directory using http protocol, it is asking for the password before it redirects the page to the secure version. This means the password is sent unencrypted. What am I doing wrong? Is there a way to do this?

    Read the article

  • LameUser trying - apache2 webserver authentication - IP range to access without pass prompt others with it

    - by Mikee
    I have (maybe silly) question regarding the apache2 webserver and security - I am trying to archieve this: Users connecting from 192.168.1.24 not to be prompted for password and allowed Others asked for username and password if correct then connect. I am trying to do this for the whole directory /var/www No matter whether I put the code into .htaccess file or in httpd.conf it doesn't work for me. Order deny,allow Deny from all AuthName "PassRequest" AuthType Basic AuthUserFile /var/.htpasswd Require valid-user Allow from 192.168.1.24 Satisfy Any If I try to connect to the page I am allowed from both the allowed IP or any other, If I remove the satisfy any line then I am prompted for password, if I remove the password too and try to connect from different IP I am NOT REFUSED ... is there some module that needs to be activated or why is the IP directive skipped ? It needs to be put in every folder or /var/www/.htaccess is enough ? can I just put it in httpd.conf instead or not ?? I spend last 4 hours trying to google up why it is acting like that, Any help will be highly appreciated :-))

    Read the article

  • htaccess rewrite and auth conflict

    - by Michael
    I have 2 directories each with a .htaccess file: html/.htaccess - There is a rewrite in this file to send almost everything to url.php RewriteCond %{REQUEST_URI} !(exported/?|\.(php|gif|jpe?g|png|css|js|pdf|doc|xml|ico))$ RewriteRule (.*)$ /url.php [L] and html/exported/.htaccess AuthType Basic AuthName "exported" AuthUserFile "/home/siteuser/.htpasswd" require valid-user If I remove html/exported/.htaccess the rewriting works fine and the exported directory can be access. If I remove html/.htaccess the authentication works fine. However when I have both .htaccess files exported/ is being rewritten to /url.php. Any ideas how I can prevent it?

    Read the article

  • subversion: enforce TLS

    - by Daniel Marschall
    Hello, I am running subversion on a Debian Squeeze system with Apache2 and mod_dav for viewing the contents with a webbrowser. I want to enforce the usage of TLS, so that the login data and the SVN contents cannot be read from the connection. I have tried following: <Location /svn> DAV svn SVNParentPath /daten/subversion/ # our access control policy AuthzSVNAccessFile /daten/subversion/access_control # try anonymous access first, resort to real # authentication if necessary. Satisfy Any Require valid-user # how to authenticate a user AuthType Basic AuthName "Subversion repository" AuthUserFile /daten/subversion/.htpasswd # Test SSLRequireSSL RewriteEngine On RewriteCond %{SERVER_PORT} !443 RewriteRule ^svn/(.)$ https://www.viathinksoft.de/svn/$1 [R,L] </Location> at file /etc/apache2/conf.d/subversion.conf Alas, this does not work. There is no redirect and there is still a HTTP request working at /svn/(projectname)/(somefolder) . This SSL-enforce-policy should work for - viewing the contents with webbrowser - retrieve contents with TurtoiseSVN client - committing contents with TurtoiseSVN client Can you please help me? Regards Daniel Marschall

    Read the article

  • How can I whitelist a user-agent in nginx?

    - by djb
    I'm trying to figure out how to whitelist a user agent from my nginx conf. All other agents should be shown a password. In my naivity, I tried to put the following in before deny all: if ($http_user_agent ~* SpecialAgent ) { allow; } but I'm told "allow" directive is not allowed here (!). How can I make it work? A chunk of my config file: server { server_name site.com; root /var/www/site; auth_basic "Restricted"; auth_basic_user_file /usr/local/nginx/conf/htpasswd; allow 123.456.789.123; deny all; satisfy any; #other stuff... } Thanks for any help.

    Read the article

  • How to whitelist a user agent for nginx?

    - by djb
    I'm trying to figure out how to whitelist a user agent from my nginx conf. All other agents should be shown a password prompt. In my naivity, I tried to put the following in before deny all: if ($http_user_agent ~* SpecialAgent ) { allow; } but I'm told "allow" directive is not allowed here (!). How can I make it work? A chunk of my config file: server { server_name site.com; root /var/www/site; auth_basic "Restricted"; auth_basic_user_file /usr/local/nginx/conf/htpasswd; allow 123.456.789.123; deny all; satisfy any; #other stuff... } Thanks for any help.

    Read the article

  • Apache mod_setenvif Server_Addr

    - by user18330
    I have an Apache server in a DMZ, reachaable on the LAN from 192.168.1.1, public 123.456.789.123. I'm trying to get it to require authentication if the inbound hits are coming from the public side. This doesn't seem to work: SetEnvIf SERVER_ADDR 123.456.789.123 local_nic=1 <Location /junk> Order Deny,Allow AuthName "Access required" AuthType Basic AuthUserFile /etc/httpd/conf/htpasswd Require valid-user </Location> What am I doing wrong? Sorry, HTML tags were wiping out my Apache directives.

    Read the article

  • Allowing users in from an IP address without certificate client authentication

    - by John
    I need to allow access to my site without SSL certificates from my office network and with SSL certificates outside. Here is my configuration: <Directory /srv/www> AllowOverride All Order deny,allow Deny from all # office network static IP Allow from xxx.xxx.xxx.xxx SSLVerifyClient require SSLOptions +FakeBasicAuth AuthName "My secure area" AuthType Basic AuthUserFile /etc/httpd/ssl/index Require valid-user Satisfy Any </Directory> When I'm inside network and have certificate - I can access. When I'm inside network and haven't certificate - I can't access, it requires certificate. When I'm outside network and have certificate - I can't access, it shows me basic login screen When I'm outside network and haven't certificate - I can't access, it shows me basic login screen and following configuration works perfectly <Directory /srv/www> AllowOverride All Order deny,allow Deny from all Allow from xxx.xxx.xxx.xxx AuthUserFile /srv/www/htpasswd AuthName "Restricted Access" AuthType Basic Require valid-user Satisfy Any </Directory>

    Read the article

  • How to allow Hudson build URL through Nginx auth_basic?

    - by rodreegez
    Hi, I have Hudson running and made available to the world via nginx. I have protected Hudson with nginx's auth_basic and that works great. The trouble is, I want to allow unauthenticated requests to the build URL, i.e. /job/<job_name>/build. Currently I have this in my nginx conf: upstream hudson { server 127.0.0.1:8888; } server { server_name ci.myurl.com; root /var/lib/hudson; location / { proxy_pass http://hudson/; auth_basic "Super secret stuff"; auth_basic_user_file /var/opt/hudson/htpasswd; } location ~ \/build { auth_basic off; } } I can't get that second location to allow unauthenticated requests. I have tried various combinations of location ~ /job/(.*)/biuld { } location ^~ \/build { } location ~ \/job\/(.*)\/build { } etc... Maddening! Can anyone point me in the right direction? Thanks, Ad.

    Read the article

  • Does nginx auth_basic work over HTTPS?

    - by monde_
    I've been trying to setup a password protected directory in a SSL website as follows: /etc/nginx/sites-available/default server { listen 443: ssl on; ssl_certificate /usr/certs/server.crt; ssl_certificate_key /usr/certs/server.key; server_name server1.example.com; root /var/www/example.com/htdocs/; index index.html; location /secure/ { auth_basic "Restricted"; auth_basic_user_file /var/www/example.com/.htpasswd; } } The problem is when I try to access the URL https://server1.example.com/secure/, I get a "404: Not Found" error page. My error.log shows the following error: 011/11/26 03:09:06 [error] 10913#0: *1 no user/password was provided for basic authentication, client: 192.168.0.24, server: server1.example.com, request: "GET /secure/ HTTP/1.1", host: "server1.example.com" However, I was able to setup password protected directories for a normal HTTP virtual host without any problems. Is it a problem with the config or something else?

    Read the article

  • How can I prevent Apache from exposing a user's password?

    - by Marius Marais
    When using basic authentication (specifically via LDAP, but htpasswd also) with Apache, it makes the REMOTE_USER variable available to the PHP / Ruby / Python code underneath -- this is very useful for offloading authentication to the webserver. In our office environment we have lots of internal applications working like this over SSL, all quite secure. BUT: Apache exposes the PHP_AUTH_USER (=REMOTE_USER) and PHP_AUTH_PW variables to any application inside PHP. (PHP_AUTH_PW contains the plaintext password the user entered.) This means it's possible for the app to harvest usernames and passwords. Presumably the same information is available to Python and Ruby (all three are currently in use; PHP is being phased out). So how can I prevent Apache from doing this? One idea is to use Kerberos Negotiate authentication (which does not expose the password and has the benefit of being SSO), but that automatically falls back to Basic for some browsers (Chrome and in some cases Firefox), causing the password to be exposed again.

    Read the article

  • How to prevent nginx from appending the location to root? [duplicate]

    - by simonszu
    This question already has an answer here: nginx location pathing issue 2 answers I want to serve an Icinga Webview via nginx. This webview should be accessible via myserver.com/icinga (as the debian autoconfig for apache will do). I have the following lines in my nginx config: location /icinga { root /usr/share/icinga/htdocs; index index.html; auth_basic "Restricted"; auth_basic_user_file /etc/icinga/htpasswd.users; } However, i get an error 404 and a log entry that says: *10 open() "/usr/share/icinga/htdocs/icinga" failed (2: No such file or directory), So it seems that nginx appends the location value to the root value. I think i figured it out how to prevent this some time ago, but i did not document it for myself and have forgotten how to do it. And now i can't fix it for myself. Can you tell me how to prevent this behaviour?

    Read the article

  • Is it possible to get the matched regex from within the apache LocationMatch directive?

    - by tftd
    I'm wondering if the following code should be working: <LocationMatch "/(.*)([/])?(.*)"> Order allow,deny Allow from all AuthType Basic AuthName "Git" AuthUserFile /git/.htpasswd AuthGroupFile /git/.htgroup Require group $1 </LocationMatch> What I am trying to achieve with this is to require a group based on the first regex variable. So if the user goes to http://localhost/a-repository-name he has to be in the group a-repository-name to be able to open the url. For some reason I can't get this code working and apache returns: Authorization of user **** to access /a-repository-name failed, reason: user is not part of the 'require'ed group(s). I guess it's not matching against the proper variable at Require group $1. Is this the right way to be done or I'm missing something?

    Read the article

  • Phpmyadmin Not Working

    - by glenbl54
    I recently installed phpmyadmin onto ubuntu server 10.04 using sudo apt-get install phpmyadmin The installation went fine and everything was working including phpmyadmin. I then performed a restart of the server and now apache2 starts up but when I navigate to http://192.168.1.72/phpmyadmin/ I am getting a 403 error. I have included /etc/phpmyadmin/apache.conf file in /etc/apahe2/apache2.conf file /etc/phpmyadmin/apache.conf # phpMyAdmin default Apache configuration Alias /phpmyadmin /usr/share/phpmyadmin <Directory /usr/share/phpmyadmin> Options FollowSymLinks DirectoryIndex index.php <IfModule mod_php5.c> AddType application/x-httpd-php .php php_flag magic_quotes_gpc Off php_flag track_vars On php_flag register_globals Off php_value include_path . </IfModule> </Directory> # Authorize for setup <Directory /usr/share/phpmyadmin/setup> <IfModule mod_authn_file.c> AuthType Basic AuthName "phpMyAdmin Setup" AuthUserFile /etc/phpmyadmin/htpasswd.setup </IfModule> Require valid-user </Directory> #Disallow web access to directories that don't need it <Directory /usr/share/phpmyadmin/libraries> Order Deny,Allow Deny from All </Directory> <Directory /usr/share/phpmyadmin/setup/lib> Order Deny,Allow Deny from All </Directory> The only change that was made since phpmyadmin was installed was that timetrex was installed. Is there anyway to manually start phpmyadmin or should it already be working once apache started?

    Read the article

  • Properly force SSL with .htaccess, no double authentication

    - by cwd
    I'm trying to force SSL with .htaccess on a shared host. This means there I only have access to .htaccess and not the vhosts config. I know you can put a rule in the VirtualHost config file to force SSL which will be picked up there (and acted upon first), preventing double authentication, but I can't get to that. Here's the progress I've made: Config 1 This works pretty well but it does force double authentication if you visit http://site.com - once for http and then once for https. Once you are logged in, it automatically redirects http://site.com/page1.html to the https coutnerpart just fine: RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] RewriteEngine on RewriteCond %{HTTP_HOST} !(^www\.site\.com*)$ RewriteRule (.*) https://www.site.com$1 [R=301,L] AuthName "Locked" AuthUserFile "/home/.htpasswd" AuthType Basic require valid-user Config 2 If I add this to the top of the file, it works a lot better in that it will switch to SSL before prompting for the password: SSLOptions +StrictRequire SSLRequireSSL SSLRequire %{HTTP_HOST} eq "site.com" ErrorDocument 403 https://site.com It's clever how it will use the SSLRequireSSL option and the ErrorDocument403 to redirect to the secure version of the site. My only complaint is that if you try and access http://site.com/page1.html it will redirect to https://site.com/ So it is forcing SSL without a double-login, but it is not properly forwarding non-SSL resources to their SSL counterparts. Regarding the first config, Insyte mentioned "using mod_rewrite to perform a simple redirect is a bit of overkill. Use the Redirect directive instead. It's possible this may even fix your problem, as I believe mod_rewrite rules are some of the last directives to be processed, just before the file is actually grabbed from the filesystem" I have not had no such luck on finding a force-ssl config option with the redirect directive and so have been unable to test this theory.

    Read the article

  • How to set up a VirtualHost on Amazon EC2 for phpmyadmin

    - by Oudin
    Hi I'm currently working on setting up a VirtualHost on Amazon EC2 for accessing phpmyadmin so i can access it with test.example.com as oppose to it being widely available as it's default example.com/phpmyadmin. So far I've created a file "testfile" in /etc/apache2/sites-available/ with the code below and enabled it "a2ensite testfile" However I'm not getting the vhost to work <VirtualHost *:80> ServerAdmin [email protected] ServerName test.example.com ServerAlias test.example.com #DocumentRoot /usr/share/phpmyadmin DocumentRoot /home/user/public_html/folder RewriteEngine On RewriteCond %{HTTP_HOST} !test.example.com RewriteRule (.*) [L] <Directory /home/user/public_html/folder> Options FollowSymLinks DirectoryIndex index.php AllowOverride None <IfModule mod_php5.c> AddType application/x-httpd-php .php php_flag magic_quotes_gpc Off php_flag track_vars On php_flag register_globals Off php_admin_flag allow_url_fopen Off php_value include_path . php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/ </IfModule> </Directory> # Authorize for setup <Directory /usr/share/phpmyadmin/setup> <IfModule mod_authn_file.c> AuthType Basic AuthName "phpMyAdmin Setup" AuthUserFile /etc/phpmyadmin/htpasswd.setup </IfModule> Require valid-user </Directory> # Disallow web access to directories that don't need it <Directory /usr/share/phpmyadmin/libraries> Order Deny,Allow Deny from All </Directory> <Directory /usr/share/phpmyadmin/setup/lib> Order Deny,Allow Deny from All </Directory> ErrorLog /home/user/public_html/folder/logs/error.log LogLevel warn CustomLog /home/user/public_html/folder/logs/access.log combined </VirtualHost> sudo ln -s /usr/share/phpmyadmin /home/user/public_html/folder The above line creates a link of the phpmyadmin in the public folder. Any help on this would be greatly appreciated. Note: example.com will be replaced with my official domain

    Read the article

  • Password protect an alias virtual difrecory

    - by Jason
    I have a main domain being hosted through CPanel. I also have a sub-domain that I would like to appear as a path under the main domain instead of as a sub-domain. So I have: http://example.com/ pointing to the main hosted file. http://example.com/mydir pointing to the subdomain files. This is achieved by a httpd.conf include from the main domain section to set an alias: alias /mydir /path/to/subdomain/files/ Now, that works fine so far. The problem is that if a .htaccess file under /path/to/the/subdomain/files/ contains an error, the alias is completely skipped, and /mydir goes instead to the main host files. That is kind of surprising to me - I would expect an error to return an error instead. Now the killer: if I try to password protect /path/to/subdomain/files/, then trying to access http://example.com/mydir will again attempt to deliver from under the main hosted files and not from /path/to/subdomain/files/ I am not seeing any errors reported on the .htaccess file in the apache error log, so I am assuming the .htaccess is valid: AuthUserFile /path/to/valid/readable/.htpasswd AuthName "Secure Access" AuthType Basic Require valid-user This kind of behaviour does not seem right to me. Is there something obvious that could be causing it? Or is this just the way it works? Perhaps using an alias is the wrong way to go?

    Read the article

  • Password protect an alias virtual directory

    - by Jason
    I have a main domain being hosted through CPanel. I also have a sub-domain that I would like to appear as a path under the main domain instead of as a sub-domain. So I have: http://example.com/ pointing to the main hosted file. http://example.com/mydir pointing to the subdomain files. This is achieved by a httpd.conf include from the main domain section to set an alias: alias /mydir /path/to/subdomain/files/ Now, that works fine so far. The problem is that if a .htaccess file under /path/to/the/subdomain/files/ contains an error, the alias is completely skipped, and /mydir goes instead to the main host files. That is kind of surprising to me - I would expect an error to return an error instead. Now the killer: if I try to password protect /path/to/subdomain/files/, then trying to access http://example.com/mydir will again attempt to deliver from under the main hosted files and not from /path/to/subdomain/files/ I am not seeing any errors reported on the .htaccess file in the apache error log, so I am assuming the .htaccess is valid: AuthUserFile /path/to/valid/readable/.htpasswd AuthName "Secure Access" AuthType Basic Require valid-user This kind of behaviour does not seem right to me. Is there something obvious that could be causing it? Or is this just the way it works? Perhaps using an alias is the wrong way to go?

    Read the article

  • Do passwords used for .htaccess need to be encrypted?

    - by webworm
    I am using .htaccess files to control access to various Apache2 directories. I have a main "password" file that contains usernames and passwords. All the instructions I have found regarding .htaccess talk about how the passwords added are encrypted. The usernames and passwords are created using the following command line syntax ... htpasswd -nb username password What I am wondering is ... do the passwords always need to be encrypted? Could I store usernames and passwords in a plain-text form someonewhere on the system (above the web root)? This would allow me to easily edit user names and passwords via FTP without requiring access to the Shelll (which I do not always have). Thank you.

    Read the article

  • Automatic e-mail processing

    - by Jon Harrop
    I'd like to write a .NET application in F# to automate some of the processing of my e-mails. For example, when an order comes in my program might compute a new htpasswd from the e-mail's contents, upload it to our web server and reply to the customer with login details. How do people do this? I've tried Outlook 2007 automation but it just prompts the user for security and my attempts to get it to stop doing this have failed so I cannot automate anything with it. Is there a .NET-friendly e-mail client I can use more easily? This has been so tedious that I'm seriously considering writing my own .NET-friendly e-mail client...

    Read the article

  • protecting my web page and folder from external using .htaccess and .htpassword in php

    - by Testadmin
    Hai I want to protect a folder (protect) and the files inside that folder. I have created a .htaccess file and put the following code. AuthName "Myfolder" AuthType Basic AuthUserFile url/protect/.htpasswd Require valid-user Also created a .htpassword file which contain username:password When I run my URL http://localhost/url/protect, I got a pop up asking username and password, I entered username as username and password as password. After that I got an error page "server error 500" "The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there was an error in a CGI script. If you think this is a server error, please contact the webmaster." Why this happened?. Any thing wrong here? Anything needs to see my pages under the folder. Please give me the answer.

    Read the article

  • Regex to allow all php files except one

    - by Tim
    Hi all, I have this regex that allow all php files : ^.*\.([Pp][Hh][Pp]) how can I exclude a specific file, for example test.php ? Thanks for your answer, Best regards [edit] I omit to say that it is a reg from a htaccess file, the /i doesn't seems to work, and the ? neither. [Edit2] the purpose is to grant access to authenticated users, except for one file that has to be allowed for everyone. So I've done : <Files ~ "^.*\.([Pp][Hh][Pp])$"> AuthUserFile /directory/.htpasswd AuthGroupFile /dev/null AuthName "Please log in ..." AuthType Basic require valid-user </Files> So, all php files require valid user. I would like to add an exception for a specific file, says test.php

    Read the article

  • VisualSVN Server + Trac Authentication Problems

    - by danscott
    I have Trac set up on my VisualSVN server (using Subversion authentication), however every time I navigate to the Trac home page after opening the browser, I get the basic authentication dialog asking me for my username/password. What I would like to do is have a login form in Trac, which would allow me to log in forever using cookies. I have tried installing the AccountManagerPlugin, but I am completely unsure of how to correctly set it up. (I am used to working with IIS on corporate intranets, so this is kind of alien to me) I have managed to bypass the basic authentication dialog by setting this in my httpd-custom.conf: AuthName "Trac" AuthType Basic AuthBasicProvider file AuthUserFile "E:/Repositories/htpasswd" #Require valid-user I have tried using SvnServePasswordStore as my password store but I do not know which of the files in the repository directory to point it at. Help would be appreciated!

    Read the article

< Previous Page | 1 2 3 4 5 6 7  | Next Page >