Apache :: Possible To Log Username And Password Passed By GET
Jan 22, 2015
Is this possible to log username and password passed by GET request for basic authentication?I generate link to some part of my website by [URL] ....
It works without any problems for 90% users but some of them got information that there is password mismatch.So I would like to log all request with information about passed login and password in text plain.
I have been trying to get password protected directories working on my Linode server. It works / behaves in a desktop browser somewhat but not like I am used to with hostmonster. Also for some reason my phone (windows phone just loads the page in the protected directory without prompting for a password. So I imagine there is some security thing I am missing that none of the info I have found searching talks about. Here is what I have done. I have created a password file and set the permissions correctly on that and it works on the desktop. However when I close the browser or open a private browsing session I am never prompted for a password again. It just feels insecure. Plus my windows phone just loads the page with no prompt. With hostmonster if I closed the browser window it would ask me for the username and password again. I also tested hostmonster directory passwords on my phone and it prompts for a username/password.
Here is what I have added to the apache2.conf file. The rest is pretty much default. There is no .htaccess file for that directory.
<Directory "/var/www/protected"> AllowOverride All AuthType basic AuthName "Enter Login" AuthUserFile /etc/htpasswd/.htpasswd Require valid-user Order deny,allow Allow from user1 </Directory>
It may be worth noting that I have two virtual sites / domain names running on this server at the moment however the one that is being used for this is the primary domain name.
I have an app that opens a new browser window to a URL that opens a PDF file at a named destination. For example: URL.....I need to authenticate each user that enters this link, but preferably only once per browser session (valid until user closes browser). This authentication process needs to be performed by an oracle-database stored procedure (via a Java servlet, or other technology). Any outline steps or reference link?
The idea would be when the user enters this link, that a popup window appears asking for a username and password, which then get verified by the stored procedure, and then, and only then, the URL address is allowed to proceed.I know I can implement password protection in `.htaccess` as follows.
But, I need this process to connect to the stored procedure to validate the user, because this stored procedure has to apply business logic to determine the users' subscription status, etc., which can change at any time.
each time i migrate a Domain from a plesk 9.5.5 Windows Hosting Server towards the new plesk 11.5 Server the customers iusr Password does not match the Systems iusr Password.so after each Migration the Website is requesting a username and Password.
1. how to solve that for the whole Installation?
2. at plesk 7.5 and later there was a Workaround which is not anymore supported: websrvmng.exe â€“update-anon-password â€“domain-name=yourdomain.com
I am using user authentication with the following components:
Apache/2.4.10 (Win32) + mod_auth_basic + mod_authn_dbd + mod_dbd + ODBC Driver + Microsoft SQL Server 2008(SP3).
It works fine except when I do not provide any username when browser asks for username and password. In this case I receive the "Internal Server Error" as the response instead of "Unauthorized" response.
The most interesting part of the error.log is:
[Sat Sep 27 21:23:17.639860 2014] [authn_dbd:error] [pid 1208:tid 1636] [client 127.0.0.1:1363] AH01656: Query execution error looking up '' in database [[dbd_odbc] SQLBindParameter returned SQL_ERROR (-1) at apr_dbd_odbc.c:604 [Microsoft][ODBC SQL Server Driver]Invalid precision value HY104 ]
The AuthDBDUserPWQuery directive in my httpd.conf is:
AuthDBDUserPWQuery "SELECT password FROM member WHERE CONVERT(VARCHAR(10), member_Index) = %s"
And the member_Index column in the database is smallint.
I would to use: htdigest -c filename.htpasswd Group usernamein file batch to insert a set of users with password.I can use it without having to enter the password from the keyboard?I tried echo pass| htdigest -c filename.htpasswd Group username but it does not work.
I'm trying to set up password protection on an Apache HTTP server, and it's not working.
First, the environment: Apache 2.4.4 installed with XAMPP Control Panel 3.2.1 under Windows 7 Professional.
http.config says "AllowOverride All."
The .htaccess file in the protected directory says:
Code: htpasswd -c .htpasswd samples
htpasswd prompted me for the password twice, and I entered it twice. When it quit I had a file named .htpasswd in the subsidy directory. I typed it and its contents looked correct according to the examples I've seen.
Then I restarted Apache and tried to load a page from the directory. The browser simply prompted me for the username and password over and over.
The Apache error log says, "AH01617: user samples: authentication failure for "/subsidy/filename.html": Password Mismatch."
I deleted the .htpasswd file and ran htpasswd again, specifying a different (very simple) password. I also confirmed that caps lock was not on both before and after. I restarted the server, tried to load a page, and got the same problem.
Apache seems to think I'm entering the wrong password, but that seems impossible when I've just defined it myself -- and I've tried twice, intentionally choosing a very simple password the second time. If the message means what it says, the cause must be something very different from the obvious one.
today i changed the password for the admin panel for a customer (username eg. mylogin). 10 minutes later he called me and said that he cannot get into his emailaccount anymore. Checked the password and saw that the emailpassword for his emailaddress (eg. email@example.com) is now the same from the admin panel login. So i changed the emailpassword and checked the admin panel login - it now has the emailpassword. What a mess.. I'm running Plesk Panel 11.5.30 MU47.
I have 2 domain names with 2 usernames setup on WHM:
domain1.com - domain1 domain2.com - domain2
I would like domain2.com website visitors to upload photos to a domain1 path. Unfortunately I can't, I think the problem is with the usernames and the fact that the path where I would like to add the photos belongs to domain1 user. The chmod is 777. How can I set this up on WHM so domain2.com visitors can upload photos to a domain1 username path?