I used .htaccess and .htpasswd to restrict the admin folder which is located at root/admin
for that i used the following
.htaccess file
AuthName "Alertalert"
AuthType Basic
AuthUserFile http://alertalert.freetzi.com/admin/.htpasswd
require valid-user
.htpasswd file
rajasekar:$apr1$0yd92n1r$McIxIiQXPRF1u3gRBNRNc1
the .htaccess and .htpasswd file is located inside the admin folder.
When i try to access admin folder, it asks for username and password and thats ok. if I give correct username and password, its not accepting and so prompting again.
Check the documentation for the AuthUserFile directive. Its argument should be the path to the htpasswd file, not a URL.
do you have any code in .htacess that prevents viewing of .htpasswd? Because you are going though HTTP, it may not be accessible. What about using the system path?
What about something like:
AuthUserFile /var/admin/.htpasswd
Related
In my website having sub folder, so I trying to protect that folder files using .htaccess and .htpasswd.
Root Folder
Root Files
Sub Folder
Sub Folder Files
.htaccess
.htpasswd
-- Root Files
.htaccess code looks like below
AuthType Basic
AuthName "My Protected Area"
AuthUserFile ./.htpasswd
Require valid-user
And .htpasswd code looks like below
test:pass#word1
When I enter the http://10.10.10.11/website/subfolder/test.html it's prompted the password, I entered but it's throwing error. See below image.
Video of Screenshot:
Please suggest to do this.
.htaccess
AuthType Basic
AuthName "restricted area"
AuthUserFile ./.htpasswd
require valid-user
If you don't want to use online password generator, you could use openssl
openssl passwd -apr1 pass#word1
Then put the generated password to .htpasswd with format:
username:
Example:
.htpasswd
username:$apr1$h81U4v3.$8Msypa0Kx2hQ/C0948BuV1
I have an simple .htaccess and a .passwd file for a password protection of an folder under apache2: /var/www/test
Works fine if i want to connect to example.com/test.
But in the test folder is also a download.exe. If i connect to example.com/test/download.exe i can download the file without being asked for a username and a password.
How can i change that? The .htaccess file:
AuthType Basic
AuthName "protected area"
AuthUserFile /var/www/test/.passwd
Require valid-user
Try a different browser or a different computer to access example.com/test/download.exe before accessing example.com/test. Browsers you are using can have cached the downloaded file or the credentials used.
I copied my code in my dev.domain.com path. But i want to use this method for only reach by me to /dev directory. I planned this, write a parameter like dev.domain.com?hash=h1g24j45kjjjkhj this going to make cookie. And I will enter directory with this.
I hope you will understand.
Thanks.
Like #Revent proposed, use .htaccess.
1) Create a .htaccess file in the folder you want to protect and put the following code in it:
AuthName "Got root ?"
AuthType Basic
AuthUserFile C:\wamp\.htpasswd
AuthGroupFile /dev/null
require valid-user
Change AuthUserFile to a path that isn't accessible from the internet.
2) Create a .htpasswd file (in this case in C:\wamp\) and add the following (change the values):
username:password
Now when a user tries to access that folder, a login prompt will show up !
I need to password protect a directory with .htaccess, which I have successfully done. But the front end of the website was programmed to link to images within this password protected directory (not by me), but when a webpage tries to access those images it prompts the user to login.
Is it possible to password protect that directory, but allow any access to any image file type like *.jpg and *.gif?
My current .htaccess code is this:
AuthName "Secure Area"
AuthUserFile "/home/siteuser/.htpasswds/public_html/admin/passwd"
AuthType Basic
require valid-user
Thanks for any help!
AuthName "Secure Area"
AuthUserFile "/home/siteuser/.htpasswds/public_html/admin/passwd"
AuthType Basic
require valid-user
<FilesMatch "\.(png|jpe?g|gif)$">
Satisfy Any
Allow from all
</FilesMatch>
Edit to incorporate Shef's improvement
You could check all the different options of configuration .htaccess gives you in the following site:
Stupid htaccess Tricks
Did you try put it inside Filematch?
<FilesMatch "^.*(png|jpe?g|gif)$">
AuthName "Secure Area"
AuthUserFile "/home/siteuser/.htpasswds/public_html/admin/passwd"
AuthType Basic
require valid-user
</FilesMatch>
What you could try is to write an image display proxy:
Keep the directory like you have it now, with password protection.
On the .htaccess on the root of the website where the images are linked, add a Rewrite rule for those image types you want. This rule should redirect the call to a PHP handler script.
That script should evaluate the path that was being requested, load the file from the filesystem, deduct its header and send that to the client using header(), followed by the image file's content echo file_get_contents()should do.
PHP is not affected by the .htaccess so it should be able to read the file you need and proxy it to the end user.
I created a password protected folder using .htpasswd. In .htacces how should i specify this .htpasswd file.
like this
AuthUserFile http://alertalert.freetzi.com/admin/.htpasswd
or
like this
AuthUserFile /admin/.htpasswd
or any other method. Plz help
You should reference the file using its filesystem path, not anything relative to the web server. So if your site is hosted in the folder /var/www/localhost/htdocs/, then you would write:
AuthUserFile /var/www/localhost/htdocs/admin/.htpasswd