I've stumbled upon a strange issue.
Lets say I have folder in main domain directory: /myfolder
When I try to access index of files in this folder I go to: myurl.com/myfolder
And it works without any problems.
Now when I put .htaccess with password protection in this folder like:
AuthUserFile /home/mywebsite/.htpasssomerandomname
AuthType Basic
AuthName "Authentication Required"
Require valid-user
Suddenly instead of asking me for password when I try to access myurl.com/myfolder I get 404 wordpress template page.
Below is my .htaccess in main WordPress folder.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
Any ideas what might be a problem?
I don't understand why but it seems adding below line to .htaccess inside protected folder fixed this issue:
ErrorDocument 401 "Authorisation Required"
I've found this fix online but without explanation why it actually works that way. Anyone can add explanation? It just feels like it really shouldn't be like that.
Related
In my htaccess I think I must wrong path of RewriteBase.
My server has this structure:
/public_html/example
and in this example there are all my site so to go on my site I do this url:
http://home.com/example
But I get 500 internal server because I think I wrong my RewriteBase in my htacess:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /example/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /example/index.php [L]
</IfModule>
AuthBasicProvider file
AuthUserFile /public_html/festivalmusicasullacqua/.htpasswd.txt
AuthName "Authorization Form Title"
AuthType Basic
#Allow any valid user
require valid-user
#Allow only one user with specified username
require user festival
Anyone can help me to correct the code?
You have two parts in your .htaccess file: a rewrite part, and an auth part. I think that the error is not in the rewrite part, but in the auth part (you can try commenting it to confirm this hypothesis).
If I am right and the error is in the auth part, the reason is probably that FTP chroots you. Then you only see a relative filesystem path.
Thus I doubt that the AuthUserFile line has a correct path: you must specify an absolute path.
I have searched all day for a solution to the problem I'm having and found many proposed solutions, although none of them worked. I have url rewriting set up and everything works fine except for one folder. If a folder or file exists do not rewrite it otherwise send it into index.php for handling. The one subfolder that is giving the problem is password protected. The password protected folder gets re-written into the index.php as if the subfolder is invalid. The other subfolders work fine and do not have a .htaccess in them. folder structure and .htaccess below.
Folder structure with relevant files
public_html(root)
fonts
images
js
css
email
.htaccess
index.php
.htaccess
index.php
public_html/.htaccess
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ /index.php [L]
public_html/email/.htaccess
AuthType Basic
AuthName "email"
AuthUserFile "/home/site/.htpasswds/public_html/email/passwd"
require valid-user
I tried to turn off rewrite inside of email folder to prevent the rewrite form propagating in this solution had no apparent effect.
## turn off rewrite engine
RewriteEngine off
AuthType Basic
AuthName "email"
AuthUserFile "/home/site/.htpasswds/public_html/email/passwd"
require valid-user
I also tried filtering out the folder in the root .htaccess which also seemed to be ignored as well and made no apparent difference.
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^email
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Any help with this would be greatly appreciated!
update 2/23/2015: 11:20am(est)
One thing I have noticed if I disable the url rewriting and authenticate for the folder then re-enable rewriting everything works as expected. It appears to only happen if you are not already authenticated.
After giving up on this for a while I looked back into this today and found the solution. Posted below. The 401 error is interpreted by apache as a 404 error and passing along to the rewrite. The solution is to add ErrorDocument 401 default before the RewriteEngine is turned on. This seems redundant telling it to use the default error message explicitly, but it does resolve the error.
ErrorDocument 401 default
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^email [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Your filtering out email folder wasn't working because your condition isn't being matched. You almost had it. REQUEST_URI also matches the prepending / so because you didn't have it before email it was not matching. You have to include it when using REQUEST_URI in the condition. It's a real folder so you shouldn't need it but try it this way.
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/email [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Also clear you browser cache before trying updated rules.
I have a very strange problem. I have a folder on my webserver with one image in it named 1.jpg
When I want to call www.mydomain.com/folder/3.jpg in any browser it redirects automatically to www.mydomain/folder/1.jpg.
When I try another name like www.mydomain/folder/test.jpg it returns 404 like it should.
The problem is I want to check if the image exists and then display it (fileexists() in a php page).
But even so the image doesn't exist it always returns true and displays 1.jpg.
I also looked at the htaccess and even cleared the whole htaccess but I didn't change. I have no idea what is going on.
EDIT
I have one htaccess in the folder with
AuthType Basic
AuthName "restricted area"
AuthUserFile /.htpasswd
require valid-user
Allow from www.mydomain.com
Satisfy Any
and on in the root folder with
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R,L]
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*)\.(jpg|png) test.php
I tested this with my .htaccess and it always redirected to test.php if the image doesn't exists.
I am having problem with an htaccess authentification.
I have a wordpress website and would like to restrict access on it. In the root folder, i have added an htaccess and a htpasswd.
Htaccess codes:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
AuthType Basic
AuthName "Protected Area"
AuthUserFile /home/anglolabs/webapps/financial/.htpasswd
Require valid-user
And the htpasswd is as such:
admin:$apr1$wcax9ykl$uH5ktq9NL/9fqtw5lzYLy1
I am being prompted the box but when entering the username/password, I am being redirected to "500-Internal Server Error".
Sounds like the HTTP Auth is working, but you Apache/PHP is busted.
500 means there was an error executing the PHP. Check your server logs, if you have questions post back what the logs show (might need to use Github Gist or Pastbin)
I am trying to develop http authentication in one of my wordpress site.
I have done below code for this.
in my .htaccess file at root folder.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /htpass_wordpress/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /htpass_wordpress/index.php [L]
</IfModule>
# END WordPress
I have also created one more.htaccess file for my wp-admin folder.
AuthType Basic
AuthUserFile /htpass_wordpress/wp-admin/.htpasswd
AuthName "My Private Area"
require valid-user
I have created one htpasswd file and put it in wp-admin( same directory where htaccess for wp-admin is stored).
I have stored my user name and base 64 encrypted password in that file.
Now When I access my wp-admin area, pop up appears to ask login.
I provide the username/pass and it allows me to access wp-admin. but then it gives me 500 server error.
does any one know where I am going wrong?