I copied my code in my dev.domain.com path. But i want to use this method for only reach by me to /dev directory. I planned this, write a parameter like dev.domain.com?hash=h1g24j45kjjjkhj this going to make cookie. And I will enter directory with this.
I hope you will understand.
Thanks.
Like #Revent proposed, use .htaccess.
1) Create a .htaccess file in the folder you want to protect and put the following code in it:
AuthName "Got root ?"
AuthType Basic
AuthUserFile C:\wamp\.htpasswd
AuthGroupFile /dev/null
require valid-user
Change AuthUserFile to a path that isn't accessible from the internet.
2) Create a .htpasswd file (in this case in C:\wamp\) and add the following (change the values):
username:password
Now when a user tries to access that folder, a login prompt will show up !
Related
I have an simple .htaccess and a .passwd file for a password protection of an folder under apache2: /var/www/test
Works fine if i want to connect to example.com/test.
But in the test folder is also a download.exe. If i connect to example.com/test/download.exe i can download the file without being asked for a username and a password.
How can i change that? The .htaccess file:
AuthType Basic
AuthName "protected area"
AuthUserFile /var/www/test/.passwd
Require valid-user
Try a different browser or a different computer to access example.com/test/download.exe before accessing example.com/test. Browsers you are using can have cached the downloaded file or the credentials used.
I have a need to password protect an entire website. I am developing on a live URL (don't ask me why -_- clients...) and I want to be able to develop the site but access it using a username and password so the general public won't be able to see the site being modified.
I've tried to use a .htaccess and .htpasswd file in the same directory.
Here are the contents of it
AuthUserFile /htdocs/.htpasswd
AuthGroupFile /dev/null
AuthName "Development space"
AuthType Basic
Require development
and the .htpasswd file contains the user development:encryptedpassword
It doesn't appear to be working at all. The password box is generated but just carries on coming back up once I enter the credentials (I have confirmed they are correct).
Can anyone tell me where I'm going wrong?
Please note both the htpasswrd and htaccess files are currently within the htdocs directory
htdocs file permissions are drwxr-xr-x
Your Require line is wrong. It should be:
Require user development
^^^^--missing
Require can require many different things (env vars, http methods, groups, blah blah blah), so you have to say WHAT kind of thing you're requiring. You might be better off with just
Require valid-user
unless you're going to have multiple accounts in your .htpasswd and want to allow only certain ones.
I need to password protect a directory with .htaccess, which I have successfully done. But the front end of the website was programmed to link to images within this password protected directory (not by me), but when a webpage tries to access those images it prompts the user to login.
Is it possible to password protect that directory, but allow any access to any image file type like *.jpg and *.gif?
My current .htaccess code is this:
AuthName "Secure Area"
AuthUserFile "/home/siteuser/.htpasswds/public_html/admin/passwd"
AuthType Basic
require valid-user
Thanks for any help!
AuthName "Secure Area"
AuthUserFile "/home/siteuser/.htpasswds/public_html/admin/passwd"
AuthType Basic
require valid-user
<FilesMatch "\.(png|jpe?g|gif)$">
Satisfy Any
Allow from all
</FilesMatch>
Edit to incorporate Shef's improvement
You could check all the different options of configuration .htaccess gives you in the following site:
Stupid htaccess Tricks
Did you try put it inside Filematch?
<FilesMatch "^.*(png|jpe?g|gif)$">
AuthName "Secure Area"
AuthUserFile "/home/siteuser/.htpasswds/public_html/admin/passwd"
AuthType Basic
require valid-user
</FilesMatch>
What you could try is to write an image display proxy:
Keep the directory like you have it now, with password protection.
On the .htaccess on the root of the website where the images are linked, add a Rewrite rule for those image types you want. This rule should redirect the call to a PHP handler script.
That script should evaluate the path that was being requested, load the file from the filesystem, deduct its header and send that to the client using header(), followed by the image file's content echo file_get_contents()should do.
PHP is not affected by the .htaccess so it should be able to read the file you need and proxy it to the end user.
how i can protect folder which includes uploaded files?
i have folder include all files which uploaded by me, i want if user try to change url or pass to show all files, browser redirect him to another page like this example
www.tet.php/folder/text.doc
if user try to write (www.tet.php/folder) to show all files redirect him automatically to www.tet.php
or any one please tell me tricky way to disappear /folder/
I don't know php but one solution I am thinking about and don't know if php can handle or not:
You can put your “UsersUploads” folder outside the website directory, so if your website exist on “c:\website\example.com” you can put the “UsersUploads” there “c:\UsersUploads”, Like that Your web server has no control over this folder and its files, And your website code will still have access to this directory as a normal physical path.
If you use Apache, you have 2 solutions:
Move your uploaded_files folder out
of your DocumentRoot (the root of the
folders that are accessible from the
web).
Use an .htaccess file in that folder
to block access to this folder.
A little example of an .htaccess using an authentication to access to the folder:
AuthName "Page d'administration protégée"
AuthType Basic
AuthUserFile "/var/www/uploadedfiles/.htpasswd"
Require valid-user
If you use IIS then you have just to deny access to that folder for everyone through your IIS Administration console. You also can deny any access except for certain IP adresses or adressranges.
Just to expand on #Clement's answer to include the part about redirecting to a page on failure:
AuthName "Page d'administration protégée"
AuthType Basic
AuthUserFile "/var/www/uploadedfiles/.htpasswd"
Require valid-user
ErrorDocument 403 www.urlToRedirectTo.com
Also, .htpasswd should be placed outside of the web root, and should simply contain username:pasword. The password should be hashed. You can easily find utilities online to create these files for you.
I used .htaccess and .htpasswd to restrict the admin folder which is located at root/admin
for that i used the following
.htaccess file
AuthName "Alertalert"
AuthType Basic
AuthUserFile http://alertalert.freetzi.com/admin/.htpasswd
require valid-user
.htpasswd file
rajasekar:$apr1$0yd92n1r$McIxIiQXPRF1u3gRBNRNc1
the .htaccess and .htpasswd file is located inside the admin folder.
When i try to access admin folder, it asks for username and password and thats ok. if I give correct username and password, its not accepting and so prompting again.
Check the documentation for the AuthUserFile directive. Its argument should be the path to the htpasswd file, not a URL.
do you have any code in .htacess that prevents viewing of .htpasswd? Because you are going though HTTP, it may not be accessible. What about using the system path?
What about something like:
AuthUserFile /var/admin/.htpasswd