I want to protect an admin folder in my PHP web site from other people.
I created two files .htaccess and .htpasswd, but when I enter to the index page on this folder it doesn't show me that dialog where I have to enter the username and the password, here are the content of the files :
The .htpasswd file :
mateo21:$1$MEqT//cb$hAVid.qmmSGFW/wDlIfQ81
ptipilou:$1$/lgP8dYa$sQNXcCP47KhP1sneRIZoO0
djfox:$1$lT7nqnsg$cVtoPfe0IgrjES7Ushmoy.
vincent:$1$h4oVHp3O$X7Ejpn.uuOhJRkT3qnw3i0
The .htaccess file :
AuthName "Page d'administration protégée"
AuthType Basic
AuthUserFile "/var/www/sec/.htpasswd"
Require valid-user
I'm running Linux ubuntu and apache.
You need to deny everything first. Try:
Order Deny,Allow
Deny from all
AuthName "Page d'administration protégée"
AuthType Basic
AuthUserFile "/var/www/sec/.htpasswd"
Require valid-user
If what #Jon Lin said doesn't work, then make sure you have
AllowOverride AuthConfig
in your /etc/httpd/httpd.conf file
If you can't find your configuration file, then try searching for it in terminal...
locate "httpd.conf"
Or
find /etc/ -name "httpd.conf"
Related
I would like to use a .htaccess and a .htpasswd file to protect access to a website.
The following code successfully brings up the auth dialog when visiting mysite.com. But when visiting mysite.com/index.html the auth dialog does not appear and the website can be accessed without protection.
.htaccess
AuthUserFile /path/to/.htpasswd
AuthType Basic
AuthName "Password Protected"
Require valid-user
What do I need to change to ensure that mysite.com/index.html is protected as well?
I have tried adding:
Order Deny,Allow
Deny from all
Satisfy any
Require valid-user
and also:
<Files "index.html">
Require valid-user
</Files>
Neither make any difference to the problem.
maybe you could try it with
AllowOverride AuthConfig
If I remember it right it is not activated on the default :)
you can get more information in the official apache doc
https://httpd.apache.org/docs/2.4/howto/auth.html
I am trying to restrict access to directories in my root so that others cannot access the files in those dir directly in a browser. Problem I am running into is now the pages in the root for example the index.php is asking for a password and the .htaccess is in the root of the directories and not the root of the domain. This is preventing the index file from accessing include files from those directories.
What is a simple way to lock down those directories from browser access while still allowing the files in the root to access them and vistors being able to access the root pages without being asked for a password. I would like to to be as far as they know they site is viewable but, if someone starts prying around in the sub directories to steal code it will deny them but, allow the pages to access them.
I have tired this in each of the directories I have been wanting to restrict direct browser access to.
AuthType Basic
AuthName "Administrator"
AuthUserFile /home2/mesquiu0/.htpasswds./htpasswd
Require valid-user
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
All you need to do is add the following line with an extra empty line to disable indexing the directories:
Options -Indexes
See Documentation for more info: http://httpd.apache.org/docs/current/mod/core.html#options
In your .htaccess file put the following line
Deny from all
And this if you like to put exceptions.
allow from all
Just allow the scripts that match php, aspx, etc.
apache 2.2
AuthType Basic
AuthName "Administrator"
AuthUserFile /home2/mesquiu0/.htpasswds./htpasswd
Require valid-user
#Forbid access to any files except from localhost, because of Order Deny,Allow, Allow gets applied later.
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
#Allow access to files matching index.php
<Files index.php>
Order Allow,Deny
Allow from all
</Files>
In Apache 2.4 the rules has changed, and the correct syntax is to use Require all denied instead of Deny from all.
This is for apache 2.4
AuthType Basic
AuthName "Administrator"
AuthUserFile /home2/mesquiu0/.htpasswds./htpasswd
Require valid-user
Require host 127.0.0.1
#Allow access to files matching index.php
<Files index.php>
Require all granted
</Files>
I have a website made with WordPress and I want to make two different htaccess logins for two template files. Is this possible?
I have this next code for one of the templates but I want to do the same thing for the second template, only with different username and password.
The templates are located in the same directory and the .htaccess, .htpasswd files are in the root of the website.
I tried user username instead of valid-user, made a different directory in public_html for another .htpasswd file with the password and username for the second file. Nothing worked as it should.
The code:
SetEnvIf Request_URI /colaborators/$ require_auth=true
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/my_whole_path/public_html/.htpasswd
Require valid-user
Order Deny,Allow
Deny from all
Satisfy any
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=!require_auth
I will answer my own question, maybe this will help someone:
In my case, I had the .htaccess and .htpasswd files outside WordPress, in the root directory. What I had to do to make my second page .htaccess protected with different user and password than the first one:
I made a new directory in the root folder, inside it I created another .htaccess file and a new .htpasswd, plus my page (called it index.php).
SetEnvIf Request_URI /test/$ require_auth=true
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/my_whole_path/public_html/new_directory/.htpasswd
Require valid-user
Order Deny,Allow
Deny from all
Satisfy any
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=!require_auth
In index.php I loaded WordPress with a require_once 'wp-load.php', the header.php and the rest of the page code.
And that's all.
Hope will help.
I've got a problem with my .htaccess :
AuthType Basic
AuthName "Acces protege"
AuthUserFile "/home/sites/.htpasswd"
require valid-user
IMO, the file .htaccess is not read as I tried to write with syntax error.
And nothing happened while I access to the page.
I've changed the conf file of Apache : apache2.conf.
Instead of
AllowOverride None
I've put
Allow Override All
Then
service apache2 restart
Yet no authentification activated.
AuthType Basic
AuthName "Acces protege"
AuthUserFile "/home/sites/.htpasswd"
Require valid-user
Change the require keyword to Require
I have to prompt an authentication for a file while opening on every time. I have tried it with PHP Authentication.
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
}
But, It is not asking for every time.
Can we do it either using Htaccess or Htpasswd?
Please advice.
You can try using .htaccess & .htpasswd
create file .htaccess & put :
AuthType Basic
AuthName "restricted area"
AuthUserFile /opt/lampp/htdocs/test/.htpasswd # should be you file path & .htpasswd
require valid-user
the above solution for whole directory. if you want for single file than use this in .htaccess
AuthType Basic
AuthName "demo.php" # name of the file for which you want authentication
AuthUserFile /opt/lampp/htdocs/test/.htpasswd #path of the folder
<Files "demo.php">
require valid-user
</Files>
in .htpasswd
test:do43GnYbHanDE #username test & pwd (download)
You can create your .htpasswd password from here