I met some trouble with my website (www.barbarian-strongman28.fr).
I set some url rewriting using this .htaccess which is in the main public folder of my server (called www)
.htaccess:
Options +FollowSymlinks
RewriteEngine On
ErrorDocument 404 /index.php?p=404
# Pages with the PHP p= parameter
RewriteRule ^([^/]*)/([^/]*)\.html$ /index.php?p=$1&id=$2 [L]
RewriteRule ^([^/]*)\.html$ /index.php?p=$1 [L]
I have a folder called admin that I want to protect.
So I set this .htaccess
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /htdocs/admin/.htpasswd
AuthGroupFile /dev/null
require valid-user
I've uploaded this file in the folder that I want to protect
The trouble I have is that the website also require an authentification even if I am not in the directory protected.
Any kind of help will be much appreciated.
I'm guessing your .htaccess file is in the main directory of your server. That's your problem:
"Also note that if you place this htaccess file in your root directory, it will password protect your entire site, which probably isn't your exact goal."
(from http://www.javascriptkit.com/howto/htaccess3.shtml)
So the solution is simple: put the .htaccess file in the directory you want to protect. You should also make sure of a few things (though they seem ok in your script):
That the paths to all the files are server paths not URLs (you've done this);
That the .htpasswd file is in a secure location
That the .htpasswd file is in the format username:password, with the password encoded - here's a tool for creating .htpasswd files if you need it.
Hope this helps.
Related
I have an Apache site where all URLs that points to a file without an extension reads as a .php file. I put those entries in the .htaccess file, and allowed it inside the httpd.conf file.
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule !\. - [H=application/x-httpd-php]
It works great.
Now I add authentification to the website.
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/httpd/.htpasswd
Require valid-user
It only works if I comment out my RewriteEngine code.
One will work without the other, but not together. I've read a bit about the REMOTE_USER variable, but failed at some attempts.
Any recommendations to solve this?
Thanks
I have a page in Wordpress theme_directory/page-rsvp.php that i need password protected by .htaccess. I'm developing this locally using MAMP PRO.
I have an .htaccess and .htpasswd file in the theme_directory. I have the following in the .htaccess file but it's not working. Whenever I go to localhost:8888/site/rsvp the authentication prompt doesn't show up.
<Files “page-rsvp.php”>
AuthName "Username and password required"
AuthUserFile ./.htpasswd
Require valid-user
AuthType Basic
</Files>
There is of course the .htaccess file in the root of the wordpress install that looks like this:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /thepowerfulnow/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /thepowerfulnow/index.php [L]
</IfModule>
# END WordPress
How do I get this to work using only the first .htaccess file (the one in the theme_directory)? I need to have this theme be modular. I'm very new to .htaccess files. Thank you all!
You've added the authentication to your theme directory, so it'll work only if you access your theme file directly, using a URL like this:
http://localhost:8888/site/wp-content/themes/theme_directory/page-rsvp.php
If you want to restrict the access to your page URL (e.g. /site/rsvp), you need to use a different rule. You can add the following lines to the end of your main .htaccess file, that in the WordPress root dir.
# Set an env variable "auth" if the URI starts with "/site/rsvp"
SetEnvIf Request_URI ^/site/rsvp auth=1
AuthName "User and password required"
AuthType Basic
AuthUserFile "./.htpasswd"
# First, allow anyone
Order Allow,Deny
Satisfy any
Allow from all
Require valid-user
# Then, deny only if auth is required
Deny from env=auth
Remember to keep a copy of .htpasswd file into the same directory or set the path to that file using the AuthUserFile directive.
Alternative solution
My original answer used a <Location> directive to filter the URL to restrict, but it do not work in .htaccess files. Only under server config or a virtual host. Check the Context here: http://httpd.apache.org/docs/2.2/mod/core.html#location
If you want to use the restriction rule as below, and you have access in the server to do so, you need to add it to some of those contexts (server config or virtual host). Apache's config files are usually in the /etc/httpd or /etc/apache2 directories.
<Location "/site/rsvp"> # Where /site/rsvp is the URL you want to restrict
AuthName "Username and password required"
AuthUserFile /path/to/.htpasswd
Require valid-user
AuthType Basic
</Location>
I have a Zend aplication that uses a hatccess and redirects everything to index.php, but now i need to use a password protect folder in one of the subfolder, but when i tried to acess the subfolder keep giving me 404 error.
here the zend htaccess in the public_html folder:
RewriteEngine On
RewriteRule !\.(js|txt|ico|gif|GIF|jpg|JPG|png|PNG|css|swf|pdf|xml|XML|eot|svg|ttf|woff)$ index.php
SetEnv APPLICATION_ENV "production"
here the subfolder htaccess:
RewriteEngine off
AuthType Basic
AuthName "*folder*"
AuthUserFile "/home/*user*/.htpasswds/public_html/*folder*/passwd"
require valid-user
i tried to add RewriteRule ^blog/ - [L]to the public_html folder as i see in:
Overwrite rewrite-rule of htaccess in parent folder
but it didnt work. what is weird is that if i take the password part of the subfolder htaccess, the "rewriteEngine off" work and i got a list of the files in that folder.
Obs: the server is a apache 2.2.25, so rewriteOptions InheritBefore is not a options
Obs2: the folder and user is not like that on the actual htaccess that was just to hide the names.
Obs3: im a noob in server configurations :)
This usually works for me. Paste code in the parent htacesss underneath your RewriteRule
RewriteRule ^(blog)($|/) - [PT,L]
I'm converting a site from an ASP shopping cart to Magento. I had to switch hosts to a php server. A lot of the configurations I'm testing require that I have the site hosted on the domain (SSL, module keys, etc).
I set up the new host, have everything set up database and magento wise. But I wanted to know if there was a way to have a landing page on the root while working on magento site on the live url. so if you go to example.com it takes you to the landing page (index.html) but I can bypass this by going to example.com/index.php.
I could put this on a subdomain but that is not ideal since I don't have an SSL cert on subdomains and some of the modules won't be activated on there as well.
Any help would be greatly appreciated as it is up right now and don't want users to see the beta site.
Thanks
just make a file int the root folder and call it "maintenance.flag" magento is redirecting to the "Underconstruction"-File automatically. You might want to style that file though since the default is rather ugly
I used this .htaccess file so that only I could access the page.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^xxx\.xxx\.xxx\.xxx
RewriteCond %{REQUEST_URI} !/index.html$ [NC]
RewriteCond %{REQUEST_URI} !\.(jpe?g?|png|gif) [NC]
RewriteRule .* /index.html [R=302,L]
</IfModule>
(replace the "x"s with your IP address)
This redirects everything to index.html, unless it's from your IP address.
If you go for the sub-directory version, just work with .htaccess to authenticate access:
http://www.htaccesstools.com/htpasswd-generator/
Otherwise, in the root folder, you may do the following
.htaccess:
DirectoryIndex index.html
AuthType Basic
AuthName "My Protected Area"
AuthUserFile .htpasswd
Require valid-user
<FilesMatch "index.html">
Allow from all
Satisfy any
</FilesMatch>
how properly can I hide .php extensions form my url : example:
www.example.com/index.php
to
www.example.com/index
My .htaccess file content is:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php
And it is not working although phpinfo() shows that mod_rewrite is in "Loaded Modules" section. What's wrong here?
When I tried to set Authentication:
AuthUserFile /usr/home/vesa/.htpasswd
AuthGroupFile /dev/null
AuthName Somewhere Neat
AuthType Basic
<Limit GET POST>
require user vesa
</Limit>
enter code here
It asked for username and password. Therefore I assume that .htaccess files are processed by server. Right?
When I try to add
Options +FollowSymlinks
I get 500 Internal Server Error
When I add RewriteRule (.*)\.asp $1.php it successfully changes any .asp extension to .php
When I use RewriteRule it just redirects my browser to another file. So in case if I will try to hide extension it should redirect me to file with no extension - in which case I will get error because there is no such file exists. What is the simplest way to make mod_rewrite "hide" (write url filenames without extension .php) while linking to .php files?
Is your PHP file sending a redirect to force the user to index.php? Use something like firebug to see what's going on in the headers.
Probably, there is some configuration set that allows (for .htaccess file) to redirect to any file, it is basically rewrite URL, but in the same time it is not allowing Options +FollowSymlinks. I'm not familiar with php config file, but i am sure system administrators knows what is going on.