I am attempting to set up htaccess to restrict access to a particular folder. I currently have as follows:
Htaccess:
AuthType Basic
AuthName "Restricted area"
AuthUserFile /home3/user/public_html/.htpasswd
require valid-user
ErrorDocument 404 "Error"
ErrorDocument 401 "Error"
ErrorDocument 403 "Error"
htpasswd:
Guest:GuestPassword
Using this method I will either have a 500 server error returned, OR it will loop and continuously prompt me for authentication.
Any help is appreciated!
ALSO: I used showphp() to get the Document root. So AuthUserFile path should be correct.
Thanks!
The infinite loop asking for your password is what you want to see. That means you typed in your password wrong. The Internal Server 500 Error means you have another issue in your code. The reason your username and password aren't working is because your server expects the password to be hashed.
Change your .htpasswd file to:
Guest:$apr1$u5E5vgOR$6rPNEYkeaF5IVE4c3FyKM0
(The password is GuestPassword)
Related
My htaccess is giving some problems.
AuthType Basic
AuthName "Please Log In"
AuthUserFile ./lib/.htpasswd
Require valid-user
Order deny,allow
Deny from all
allow from xxx.xxx.xxx.xxx
Satisfy any
The ip whitelist works.
But the authentication doesnt work.
When i give some data to the login page it returns 500 internal server error
I tried lots of things and couldn't fix it
My htpasswd:
user:fv6WWK8ZYdGtU
I have the directory structure
folder
↳file1(public access)
↳file2(require password)
When I put the following in the .htaccess:
AuthType Basic
AuthName "asdf"
AuthUserFile path/to/.htpasswd
<Files file2>
require user asdf
</Files>
A non-logged in view shows this structure:
folder
↳file1(public access)
How do I provide the non logged in user visibility to file2 so that they know that the file is in fact there, but may have to log in?
In this simple case, I believe you can employ IndexOptions ShowForbidden.
If you get more complicated (like an auth covered directory or you want to show some forbidden but hide the rest), you'll have to resort to other methods (eg, generate your own index then show it, like in #Fred-ii- answer).
In addition to an already given answer (a good option), you can place this in your .htaccess file
ErrorDocument 401 error401.htm
and create a page called error401.htm with anything you want inside it.
That, being in the root of your server.
Use something like:
ErrorDocument 401 /folder/error401.htm
if placed in a different folder.
It could also be 403 depending how you set it up.
The complete list of ErrorDocument(s) are:
400 - Bad request
401 - Authorization Required
403 - Forbidden directory
404 - Page not found
500 - Internal Server Error
Of course, you can use .php as the preferred file extension and I'm leaning more towards using a 403 which is for Forbidden directory
Footnotes:
In some cases, you may need to use a full http:// call:
ErrorDocument 401 http://www.example.com/error401.htm
Designed to bring up a specific error .php page when someone doesnt enter right credentials, but seems to bring up its own. Also protects all my directories regardless of which one it is placed in.
Has 777 permission.
ErrorDocument 401 Mywebsite.com/CustomError.php
AuthName "My Password Protected Site" AuthUserFile
MYwebsite.com/Folder/.htpasswd
AuthType Basic
Require valid-user
# Set REMOTE_USER env variable on 401 ErrorDocument
RewriteEngine On
RewriteBase /
RewriteCond %{ENV:REDIRECT_STATUS} ^401$
RewriteRule .* - [E=REMOTE_USER:%{ENV:REDIRECT_REMOTE_USER}]
Here's what it always says as of now:
Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
I used to have the spefic directories as /folder/file instead of website/folder/file but when i did that, the error page would have this line as well:
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
This line:
ErrorDocument 401 Mywebsite.com/CustomError.php
According to the documentation
URLs can begin with a slash (/) for local web-paths (relative to the DocumentRoot), or be a full URL which the client can resolve. Alternatively, a message can be provided to be displayed by the browser. Examples:
ErrorDocument 500 http://foo.example.com/cgi-bin/tester
ErrorDocument 404 /cgi-bin/bad_urls.pl
ErrorDocument 401 /subscription_info.html
ErrorDocument 403 "Sorry can't allow you access today"
Additionally, the special value default can be used to specify Apache's simple hardcoded message. While not required under normal circumstances, default will restore Apache's simple hardcoded message for configurations that would otherwise inherit an existing ErrorDocument.
ErrorDocument 404 /cgi-bin/bad_urls.pl
<Directory /web/docs>
ErrorDocument 404 default
</Directory>
So you can't have Mywebsite.com/CustomError.php as the second parameter, it's got to be a full URL starting with http://, an absolute path that starts with a /, or a message. You can't have relative paths as the second parameter.
I'm trying to setup a directory on my website with a password and I keep getting Internal Server Error:
The server encountered an internal error or misconfiguration and was unable to complete your request....
What could be the cause?
I have all my files in folder named "PasswordProtected". In this folder I have file .htaccess :
AuthType Basic
AuthName "restricted area"
AuthUserFile /main/PasswordProtected/.htpasswd
require valid-user
and I also have file .htpasswd :
user:isFu5zSvpK5Xg
When it type url http://domain.com/main/PasswordProtected/index.html on the browser
I do get prompted to enter user name and password but then I get the error message.
Am I doing something wrong in here?
All I need is a one user one password setup to demo the site
I'll appreciate any advice. Thank you.
What is the best way to send all traffic to your site a 404 page? I'm currently working on the site and would like it to just 404 for all requests. I've tried playing around with htaccess files but haven't been too successful in getting one working like this. Additionally, I would like traffic to a particular folder to still get through.
As your question is stated the easiest way would be to move all your content into that folder.
However, reading between the lines it sounds like you want to view the site in the root folder, and block anyone else from doing the same. It seems to me what you want to do is look at the Apache manual's section on Authentication and Authorization
http://httpd.apache.org/docs/2.0/howto/auth.html
Something like the following in a Location or Directory section of your Apache config, or in a .htaccess file should work. You can put the page you want to show your users in a special location
#The page you want to show denied users.
ErrorDocument 403 /path/to/403.html
#The page you want to show when pages aren't found (404)
ErrorDocument 404 /path/to/404.html
#For Password Protection
#Use the htpasswd utility to generate .htpasswd
AuthType Basic
AuthName "My Secret Stuff"
AuthUserFile /path/to/my/passwords/.htpasswd
Require valid-user
#For IP protection
Order allow,deny
Allow from 1.2.3.4 #Your IP Here
#If you want to use a combination of password and IP protection
#This directive works if they have a valid IP OR a valid user/pass
Satisfy any