Apache :: 2 Username / Password Protected Directories
Aug 7, 2014
I have been trying to get password protected directories working on my Linode server. It works / behaves in a desktop browser somewhat but not like I am used to with hostmonster. Also for some reason my phone (windows phone just loads the page in the protected directory without prompting for a password. So I imagine there is some security thing I am missing that none of the info I have found searching talks about. Here is what I have done. I have created a password file and set the permissions correctly on that and it works on the desktop. However when I close the browser or open a private browsing session I am never prompted for a password again. It just feels insecure. Plus my windows phone just loads the page with no prompt. With hostmonster if I closed the browser window it would ask me for the username and password again. I also tested hostmonster directory passwords on my phone and it prompts for a username/password.
Here is what I have added to the apache2.conf file. The rest is pretty much default. There is no .htaccess file for that directory.
<Directory "/var/www/protected">
AllowOverride All
AuthType basic
AuthName "Enter Login"
AuthUserFile /etc/htpasswd/.htpasswd
Require valid-user
Order deny,allow
Allow from user1
</Directory>
It may be worth noting that I have two virtual sites / domain names running on this server at the moment however the one that is being used for this is the primary domain name.
OS: Debian 7.3
Apache 2.2.22
View 6 Replies
ADVERTISEMENT
Dec 16, 2007
I was wondering if it would be advisable to use the Password Protected Directory option in cPanels to limit part of my website to no more than 1,000 paying customers (yearly subsciption). Can cPanels handle this? Would accessing .htaccess and .htpassword to authenticate be too slow? Would management become too much? Has anyone attempted this? Are there any good alternatives such as open source programs? I've looked and found a few that are expensive and do way more than what I need.
View 2 Replies
View Related
Oct 16, 2014
Plesk 11.5.30 Update #47
When I look in a directory password protected by the Plesk Panel, I don't see an .htaccess file...
So, how does Plesk password protect directories?
And, is it possible to add functionality that would limit number of login attempts, and block an offending IP for a period of time?
View 2 Replies
View Related
Jan 22, 2015
Is this possible to log username and password passed by GET request for basic authentication?I generate link to some part of my website by [URL] ....
It works without any problems for 90% users but some of them got information that there is password mismatch.So I would like to log all request with information about passed login and password in text plain.
View 1 Replies
View Related
Apr 8, 2014
I have an app that opens a new browser window to a URL that opens a PDF file at a named destination. For example: URL.....I need to authenticate each user that enters this link, but preferably only once per browser session (valid until user closes browser). This authentication process needs to be performed by an oracle-database stored procedure (via a Java servlet, or other technology). Any outline steps or reference link?
The idea would be when the user enters this link, that a popup window appears asking for a username and password, which then get verified by the stored procedure, and then, and only then, the URL address is allowed to proceed.I know I can implement password protection in `.htaccess` as follows.
AuthType Basic
AuthName "Secured Area"
AuthUserFile /path/to/.htpasswd
<Files "myFile.pdf">
Require valid-user
</Files>
But, I need this process to connect to the stored procedure to validate the user, because this stored procedure has to apply business logic to determine the users' subscription status, etc., which can change at any time.
View 1 Replies
View Related
Feb 17, 2008
A client wants to FTP some files to my server but I don't want him to see/have access to all the other stuff on the server. Is there a way that I can 'corden-off' an area for him to FTP stuff to? A password protected area perhaps?
View 2 Replies
View Related
Mar 22, 2007
I have 2 domains on 1 account. My main website is www.aviationcafe.net and i added on www.modelcuir.com thats what it looks like to the public. But with my host it will be www.modelcuir.aviationcafe.net.
I noticed in the files area that modelcuir is it's own file, i can password protect that but it will stop people getting onto the website completly and i only want to stop them getting into the members area.
I can't create a members area either unless i can add a new folder which i can't i dont think.
View 2 Replies
View Related
Nov 19, 2007
I've got a file I want to access via cURL that is within a password protected directory.
I've tried sending:
Code:
$headers = array(
"HTTP_AUTH_LOGIN: admin3e",
"HTTP_AUTH_PASSWD: opensesame",
"Content-Type: text/html"
);
curl_setopt($curl, CUROPT_HTTPHEADER, &$headers);
(insecure)
and:
Code:
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($curl, CURLOPT_USERPWD, '[user]:[pass]');
but I can't figure out how to get past the login:
Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
Apache/2.0.52 (CentOS) Server at ****** Port 80
View 3 Replies
View Related
May 24, 2014
On Plesk 11.5 / Centos 6.5 / Linux
I normally protect a given directory in the Plesk Contral Panel with a Username / Password. I would like to bypass the username and password for visitors from one IP.
View 3 Replies
View Related
Mar 12, 2007
Is it possible to pass the username and password info to a Cpanel login, so that typing it in will let the user log in to his Cpanel without having him to type it manually?
This is for a demo and I'd like the client to see the inside without having to type anything in.
I tried this but it didn't work:
[url]
View 3 Replies
View Related
Nov 11, 2013
each time i migrate a Domain from a plesk 9.5.5 Windows Hosting Server towards the new plesk 11.5 Server the customers iusr Password does not match the Systems iusr Password.so after each Migration the Website is requesting a username and Password.
1. how to solve that for the whole Installation?
2. at plesk 7.5 and later there was a Workaround which is not anymore supported: websrvmng.exe –update-anon-password –domain-name=yourdomain.com
View 5 Replies
View Related
Jun 25, 2007
I am trying to install Joomla on httpme.com but I seem to have problems with it recognising the username/password. Could it be a localhost issue or something?
I just can't seem to get a solution to this. I am referring to step 1 of the Joomla installation.
View 10 Replies
View Related
May 17, 2007
Firewall settings are great for preventing Denial of Service (DoS) attacks, however it may not always be your only solution. The day has finally arrived when I found this excellent module called mod_dosevasive (DoS Evasive) which keeps track of how many requests each client makes to your server within intervals. If a client is being forceful with your server and making too many requests, then it is more than likely not just a web browser but some automated process unleashed on your site to try and take it down.
This handy Apache module we have found takes care of these issues. Let's get started by setting it up.
View 3 Replies
View Related
Oct 15, 2007
I have a website and i am trying to have a specific folder be able to list if u go to [url]
Anyone know how i can do this?
I thought it was something to do with the .htaccess but i cant seem to find anything for it.
View 6 Replies
View Related
Jan 20, 2008
how can i hide all files and directories in public_html so when using apps suck Flash Get Site Explorere and similar software it will not show any file or directories in public_html.
View 5 Replies
View Related
Nov 5, 2012
We have a website running on Apache ver 2.2.3.
A couple of directories on the website need authentication against LDAP. The setup has been working for many years and all of a sudden is giving some issues.
The page asks for authentication and once login details are entered, either it throws an error "Page has moved" or "Please refresh your browser or reload the page".
As far as I am aware no configuration has been changed for LDAP or for Apache. The website runs on Windows Server 2003.
I am very much new to Apache and cannot seem to find any errors logged.
View 2 Replies
View Related
May 24, 2013
I'm trying to get multiple GUN groups to have access to certain directories.
Access to transport, delete
When you go to access transport or delete you get prompted for user name and password when entered you get in. However when I add GUNtest10 in the required ldap group. It doesnt accept your user name and password.
######ACL Directives######
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
<Directory /bills/>
AuthType Basic
AuthBasicProvider ldap
AuthName "1Login with your Windows ID and password"
[Code]....
View 1 Replies
View Related
Sep 29, 2014
I am using user authentication with the following components:
Apache/2.4.10 (Win32) + mod_auth_basic + mod_authn_dbd + mod_dbd + ODBC Driver + Microsoft SQL Server 2008(SP3).
It works fine except when I do not provide any username when browser asks for username and password. In this case I receive the "Internal Server Error" as the response instead of "Unauthorized" response.
The most interesting part of the error.log is:
[Sat Sep 27 21:23:17.639860 2014] [authn_dbd:error] [pid 1208:tid 1636] [client 127.0.0.1:1363] AH01656: Query execution error looking up '' in database [[dbd_odbc] SQLBindParameter returned SQL_ERROR (-1) at apr_dbd_odbc.c:604 [Microsoft][ODBC SQL Server Driver]Invalid precision value HY104 ]
The AuthDBDUserPWQuery directive in my httpd.conf is:
AuthDBDUserPWQuery "SELECT password FROM member WHERE CONVERT(VARCHAR(10), member_Index) = %s"
And the member_Index column in the database is smallint.
View 5 Replies
View Related
Mar 4, 2007
i did make a big message on here but it deleted when i back spaced
my website is aviation cafe dot net / sample and i need you to help me with password protecting a webpage, i wanted the address to be / the silver sword and definitly not to look like it does now.
username: webforum
pass: password
View 4 Replies
View Related
Dec 23, 2007
I want to copy whole directories about 20gb to another server across the world.
If I type "mput *" it will say "not a plain file" for directories.
How do you move an entire site, I don't want to achive and move because it is big.
View 1 Replies
View Related
Dec 5, 2010
I am unable to get A username and password requested by http://127.0.0.1:8080. "Tomcat Manager Application"..I created userid and password in tomcat-users.x.
View 4 Replies
View Related
May 22, 2013
I would to use: htdigest -c filename.htpasswd Group usernamein file batch to insert a set of users with password.I can use it without having to enter the password from the keyboard?I tried echo pass| htdigest -c filename.htpasswd Group username but it does not work.
View 1 Replies
View Related