In my website having sub folder, so I trying to protect that folder files using .htaccess and .htpasswd.
Root Folder
Root Files
Sub Folder
Sub Folder Files
.htaccess
.htpasswd
-- Root Files
.htaccess code looks like below
AuthType Basic
AuthName "My Protected Area"
AuthUserFile ./.htpasswd
Require valid-user
And .htpasswd code looks like below
test:pass#word1
When I enter the http://10.10.10.11/website/subfolder/test.html it's prompted the password, I entered but it's throwing error. See below image.
Video of Screenshot:
Please suggest to do this.
.htaccess
AuthType Basic
AuthName "restricted area"
AuthUserFile ./.htpasswd
require valid-user
If you don't want to use online password generator, you could use openssl
openssl passwd -apr1 pass#word1
Then put the generated password to .htpasswd with format:
username:
Example:
.htpasswd
username:$apr1$h81U4v3.$8Msypa0Kx2hQ/C0948BuV1
Related
I have an simple .htaccess and a .passwd file for a password protection of an folder under apache2: /var/www/test
Works fine if i want to connect to example.com/test.
But in the test folder is also a download.exe. If i connect to example.com/test/download.exe i can download the file without being asked for a username and a password.
How can i change that? The .htaccess file:
AuthType Basic
AuthName "protected area"
AuthUserFile /var/www/test/.passwd
Require valid-user
Try a different browser or a different computer to access example.com/test/download.exe before accessing example.com/test. Browsers you are using can have cached the downloaded file or the credentials used.
Ok so I want to protect a single webpage using .htaccess and .htpasswd
I have successfully implemented this to work on my index.php page but if I go any deeper it doesn't work.
I'm using codeigniter and here is the code from my .htaccess file
# password-protect single file
<Files "vAdmin.php">
AuthName "site"
AuthType Basic
AuthUserFile /home/bg33qn/public_html/ci/application/views/.htpasswd
require valid-user
</Files>
I have both the .htaccess file and the .htpasswd file saved in:
/home/bg33qn/public_html/ci/application/views/
Using this to protect the index page at the following location works fine:
/home/bg33qn/public_html/ci/
Any suggestions?
Thanks
Do you want to password protect just one file?
<FilesMatch "vAdmin.php">
AuthName "Member Only"
AuthType Basic
AuthUserFile /home/bg33qn/public_html/ci/application/views/.htpasswd
require valid-user
</FilesMatch>
Just a tip: I hope you don't use this tool as the only security process protecting that page. It seems that page has something to do with administrators.
Updated: Create this .htaccess file where vAdmin.php is stored. So in your case, /home/bg33qn/public_html/ci/application/views/.
I have to prompt an authentication for a file while opening on every time. I have tried it with PHP Authentication.
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
}
But, It is not asking for every time.
Can we do it either using Htaccess or Htpasswd?
Please advice.
You can try using .htaccess & .htpasswd
create file .htaccess & put :
AuthType Basic
AuthName "restricted area"
AuthUserFile /opt/lampp/htdocs/test/.htpasswd # should be you file path & .htpasswd
require valid-user
the above solution for whole directory. if you want for single file than use this in .htaccess
AuthType Basic
AuthName "demo.php" # name of the file for which you want authentication
AuthUserFile /opt/lampp/htdocs/test/.htpasswd #path of the folder
<Files "demo.php">
require valid-user
</Files>
in .htpasswd
test:do43GnYbHanDE #username test & pwd (download)
You can create your .htpasswd password from here
I want to protect an admin folder in my PHP web site from other people.
I created two files .htaccess and .htpasswd, but when I enter to the index page on this folder it doesn't show me that dialog where I have to enter the username and the password, here are the content of the files :
The .htpasswd file :
mateo21:$1$MEqT//cb$hAVid.qmmSGFW/wDlIfQ81
ptipilou:$1$/lgP8dYa$sQNXcCP47KhP1sneRIZoO0
djfox:$1$lT7nqnsg$cVtoPfe0IgrjES7Ushmoy.
vincent:$1$h4oVHp3O$X7Ejpn.uuOhJRkT3qnw3i0
The .htaccess file :
AuthName "Page d'administration protégée"
AuthType Basic
AuthUserFile "/var/www/sec/.htpasswd"
Require valid-user
I'm running Linux ubuntu and apache.
You need to deny everything first. Try:
Order Deny,Allow
Deny from all
AuthName "Page d'administration protégée"
AuthType Basic
AuthUserFile "/var/www/sec/.htpasswd"
Require valid-user
If what #Jon Lin said doesn't work, then make sure you have
AllowOverride AuthConfig
in your /etc/httpd/httpd.conf file
If you can't find your configuration file, then try searching for it in terminal...
locate "httpd.conf"
Or
find /etc/ -name "httpd.conf"
I used .htaccess and .htpasswd to restrict the admin folder which is located at root/admin
for that i used the following
.htaccess file
AuthName "Alertalert"
AuthType Basic
AuthUserFile http://alertalert.freetzi.com/admin/.htpasswd
require valid-user
.htpasswd file
rajasekar:$apr1$0yd92n1r$McIxIiQXPRF1u3gRBNRNc1
the .htaccess and .htpasswd file is located inside the admin folder.
When i try to access admin folder, it asks for username and password and thats ok. if I give correct username and password, its not accepting and so prompting again.
Check the documentation for the AuthUserFile directive. Its argument should be the path to the htpasswd file, not a URL.
do you have any code in .htacess that prevents viewing of .htpasswd? Because you are going though HTTP, it may not be accessible. What about using the system path?
What about something like:
AuthUserFile /var/admin/.htpasswd