I'm setting up basic http authentication for my dev site with .htaccess and .htpasswd.
First, I created my .htpasswd user and password (https://shop.alterlinks.com/htpasswd/htpasswd.php MD5).
Then, my htaccess file with some basic configurations.
I placed both my .htaccess and .htpasswd files in my php_site_project folder (I know it's not safe, but I did it for testing first the authentication).
Also in my apache configuration file, I have AllowOverride All
AuthuserFile /home/my_user/public_html/php_site_project/.htpasswd
AuthName "Protected Area"
AuthType Basic
AuthGroupFile /dev/null
Require user admin
After all those configurations, I cleared my cache and tested on Chrome, it keeps asking me for user and password over and over... On Firefox asks just once but doesn't let me enter either.
By the way, I don't have logs on this problem.
Related
I have an simple .htaccess and a .passwd file for a password protection of an folder under apache2: /var/www/test
Works fine if i want to connect to example.com/test.
But in the test folder is also a download.exe. If i connect to example.com/test/download.exe i can download the file without being asked for a username and a password.
How can i change that? The .htaccess file:
AuthType Basic
AuthName "protected area"
AuthUserFile /var/www/test/.passwd
Require valid-user
Try a different browser or a different computer to access example.com/test/download.exe before accessing example.com/test. Browsers you are using can have cached the downloaded file or the credentials used.
I use .htaccess to ask for credentials to access members only data. The .htaccess file is stored in one of the directories and protects everything in directories below it. The .htaccess file itself is very simple:
AuthName "Members Area"
AuthType Basic
AuthUserFile /home/xxxxx/public_html/xxx/data/.htpasswd
require valid-user
Problem is, when we moved to a new server (and built the new website within that directory using WordPress), the Authentication Box now comes up twice and requires users to enter the same correct login information both times.
I've read in other strings here about trailing /, but since I don't have a redirect or anything else in my .htaccess, I'm not quite sure what to do.
Anybody have any suggestions on a workaround or rewrite?
This is most likely because you're running an https redirect (or another redirect) inside another .htaccess file. So it is asking for the authentication once in http, and once in https. If you do this:
<If "%{HTTPS} == 'on'">
AuthType Basic
AuthName "Password Area"
AuthUserFile "/yourdirectory/.htpasswd"
<IfVersion >= 2.4>
AuthMerging And
</IfVersion>
Require valid-user
</If>
then it will only ask for the password once the redirect has happened. Otherwise, get rid of the second redirect.
I have a need to password protect an entire website. I am developing on a live URL (don't ask me why -_- clients...) and I want to be able to develop the site but access it using a username and password so the general public won't be able to see the site being modified.
I've tried to use a .htaccess and .htpasswd file in the same directory.
Here are the contents of it
AuthUserFile /htdocs/.htpasswd
AuthGroupFile /dev/null
AuthName "Development space"
AuthType Basic
Require development
and the .htpasswd file contains the user development:encryptedpassword
It doesn't appear to be working at all. The password box is generated but just carries on coming back up once I enter the credentials (I have confirmed they are correct).
Can anyone tell me where I'm going wrong?
Please note both the htpasswrd and htaccess files are currently within the htdocs directory
htdocs file permissions are drwxr-xr-x
Your Require line is wrong. It should be:
Require user development
^^^^--missing
Require can require many different things (env vars, http methods, groups, blah blah blah), so you have to say WHAT kind of thing you're requiring. You might be better off with just
Require valid-user
unless you're going to have multiple accounts in your .htpasswd and want to allow only certain ones.
Here's my .htaccess file:
AuthType Basic
AuthName "LOG IN"
AuthUserFile .htpasswd
Require valid-user
After logging in, I get a 500 error. If I clear the .htaccess file, it works fine.
Any ideas?
I think you have to write the full path to your .htpasswd (on linux: /path/to/.htpasswd)
From http://weavervsworld.com/docs/other/passprotect.html
Troubleshooting
Make sure that the path specified in AuthUserFile is the correct full
path. This is a major cause of problems. If Apache cannot find the
.htpasswd file, then all attempts will fail.
Make sure the permissions
on the .htaccess and .htpasswd files are set so that Apache can read
them. chmod 0644 .htaccess chmod 0644 .htpasswd
Other issues may be
out of your control. Web administrators can lock down Apache so that
it ignores all .htaccess files it encounters. This can be achieved
with an AllowOverride None directive and option on the
ServerRoot/DocumentRoot directories. If this is the case (.htaccess
not allowed) you will have to kindly ask your web administrator to
allow .htaccess files with authorization directives in your personal
web directory. This can be achieved with AllowOverride AuthConfig
directive and option.
Important : Full path to .htpasswd refers to the real full path if you are using terminal than use
maddy#maddy:/var/www/html/project_name$ pwd
/var/www/html/project_name
File In /var/www/html/project_name/.htaccess
AuthType Basic
AuthName "My restricted Area"
AuthUserFile /var/www/html/project_name/.htpasswd
Require valid-user
File In /var/www/html/project_name/.htpasswd
someuser:$apr1$oi0zg2sf$jTagKK2S7StjC0WSVJLUH0
To generate user: password combination refer
1) http://www.htaccesstools.com/htpasswd-generator/
2) https://www.web2generators.com/apache-tools/htpasswd-generator
Not tested
https://www.gaslampmedia.com/generate-htaccess-password-htpasswd-from-the-command-line/
Since this question scores high in Google, I thought I'd append steven's answer a bit:
Full path to .htpasswd here refers to the real full path, not the path you see via ftp. For example, when I login to my shared hosting account with ftp, it seems my web root lives in /public_html
However that's just because how the ftp server is set up. The actual path to my web root is /home/username/public_html and setting the AuthUserFile keeping that in mind resolved the issue, at least for me.
I found the missing piece of information on the Webmasters site after some more googling.
If you use php and get Error - 500
A good shot is:
create a php file 'info.php' with content:
<?php
phpinfo();
Enter in this url in your browser
In Apache Environment
Look for DOCUMENT_ROOT
Get this content Ex: 'C:/wamp/www/'
And update your .htaccess:
AuthUserFile 'C:/wamp/www/.htpasswd'
Note: The question contains "After logging in" and the answers are not for that case.
I've ran into the same issue:
set up the authentication just as in the question
open the site in a browser
the login window pops up, I authenticate successfully
all subsequent requests result in 500
the access log shows the response was 500 but nothing in the error log
In this case the parent directory of the htpasswd file was not readable to the user running Apache. Apparently the first authentication is served using root credentials and subsequent ones (checking if the auth is still correct?) done by the user running Apache.
I had a production server which used to authenticate user before granting access. I setup a new machine and copied files from the old server. Now, I can access pages fine, but it does not ask for username and password. When I checked the value of $_SERVER['PHP_AUTH_USER'] is returns nothing.
Is a way to activate it on the server or I missed any file while copying it from old server ?
Check the .htaccess file on the old server. There is probably something like:
AuthGroupFile /dev/null
AuthName "admin"
AuthType Basic
AuthUserFile /home/path/to/.htpasswd/public_html/admin/.htpasswd
require valid-user
That's what's doing the authentication, not PHP.