Apache :: Password Protect Directory

Mar 10, 2014

What is the proper way. to password protect a directory for apache 2.4.7. Information i gather seems to not work.

View 4 Replies


How To Password Protect Web Pages, I Can Protect Directories But Can't Put Pages In

Mar 4, 2007

i did make a big message on here but it deleted when i back spaced

my website is aviation cafe dot net / sample and i need you to help me with password protecting a webpage, i wanted the address to be / the silver sword and definitly not to look like it does now.

username: webforum
pass: password

View 4 Replies View Related

Protect Directory

May 22, 2007

i have another question is their a way to protect a directory without using .htaccess because i dont have modrewrite installed on my apache server.

View 4 Replies View Related

How Do I Password Protect A Folder On The Server

Jan 15, 2007

Is it possible to do it through a standard FTP package?

View 2 Replies View Related

How Do I Password Protect A File On My Website

May 28, 2007

im trying to password protect a single txt file on my server, but instead its password protecting the whole directory

so for example

i want to password protect the file 123.txt in directory "sample" but instead its password protecting the whole direcoty "sample"

View 10 Replies View Related

Protect Your Password In A Cyber Cafe And On Public Computers

Jun 30, 2009

Sometime you must have gone to a cyber cafe or used public computers to access the internet or mail.

Public computers are most prone to password hacking. Anyone can simply install a keylogger software to hack your password. Keylogging is one of the most insidious threats to a users personal information. Passwords,credit card numbers,etc.

It is very easy for the keylogger to harvest passwords. Each and every keystroke (whatever you type on the keyboard) gets recorded in the keylogger software and the person installing it can easily view what you have typed in.

For example,if you go to hotmail.com and check your mails. Say your ID is aaabbbccc@hotmail.com and password is snoopy2,the keylogger software records your usename and password in its log file as


Risky isnt it?

Theres a solution to this problem and you can easily fool the software!!

The keylogger software sees and records everything,but it doesnt understand what it sees,it does not know what to do with keys that are typed anywhere other than the password or user name fields.

So between successive keys of the password if you enter random keys,the keylogger software wont ever come to know where you typed in what..

In the process of recording the keys,the string that the keylogger receives will contain the password,but embedded in so much random junk that discovering it is infeasible.


1. Go to hotmail.com or yahoo.com or any other site where you need to insert a password or PIN.

2. Type in your user ID.

3. Type in the first characterof the password.

4. Click on the address bar in the browser,type in some random charachters.

5. Again go to password field and type in the second character of the password and probably third too.

6. Again go to the address bar and type in a few more random characters.

7. Back to the password field and the next characters of the password.

Keep on repeating the process till you type in the full password in the password field.

Instead of the password snoopy2,the keylogger now gets:

Heres a total of 26 random characters have been inserted among the 7 characters of the actual password!

No doubt it takes a little bit of more time than the usual process,but you are safe and secure that way!

View 5 Replies View Related

Directory Password Protection

Jan 4, 2008

When I use password protection using cPanel I have the following issue which is illustrated using the following example:

Main folder: X
Sub folders inside X: A, B

All three folders are password protected.

If a user has access to X, I would like that user to have access to A and B as well automatically. But this does not happen. I need to manually add this user to both A and B as well.

If a user has access to A, I would not like that user to have access to X. This is possible to do.

View 2 Replies View Related

Password Directory- No Images Showing On Webpages

Mar 29, 2007

I use bluehost's pagewizard. So i created the members.htm then moved it to a password protected directory.

I don't know how to get the pics to show up, i only know that the location of the images is in wizard images.

View 1 Replies View Related

Plesk 11.x / Linux :: Password Protected Directory With IP Exception?

May 24, 2014

On Plesk 11.5 / Centos 6.5 / Linux

I normally protect a given directory in the Plesk Contral Panel with a Username / Password. I would like to bypass the username and password for visitors from one IP.

View 3 Replies View Related

Apache :: Protect Against Constant F5?

Oct 24, 2013

Today i was informed that some of Apache instances are vulnerable for serving content while client is constantly pressing F5 button in browsers - once is pressed CPU load is increasing, page became slow etc. (it's dynamic content served by back-end Tomcats). In the same time i see errors with connection between Apache and Tomcats' instances.

Is there any good way to protect Apache against it ?

View 8 Replies View Related

Mod_evasive Doesn't Protect From Apache DOS

Feb 6, 2008

We tried to use one software for offline browsing to download our site and test it if it will fail or not. We used 500 threads at once. Program was able to request 56 pages per second. Of course server (site) failed because there were no more available mysql connections. So site went down. Mod_evasive didn't block that.

Here is the config:

<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 80
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 30
DOSLogDir "/var/log/httpd"

Here is the copy of text I found on one site about mod_evasive:

Mod_evasive does work relatively well for small to medium sized brute force or HTTP level DoS attacks. There is, however, an important limitation that mod_evasive has that you should be aware of. The mod_evasive module is not as good as it could be because it does not use shared memory in Apache to keep information about previous requests persistent. Instead, the information is kept with each child process or thread. Other Apache children that are then spawned know nothing about abuse against one of them. When a child serves the maximum number of requests and dies, the DoS information goes with it. So, what does this mean? This means that if an attacker sends their HTTP DoS requests and they do not use HTTP Keep-Alives, then Apache will spawn a new child process for every request and it will never trigger the mod_evasive thresholds. This is not good…

Is there any solution for such type of attack with Keep Alive disabled?

View 4 Replies View Related

Apache :: Way To Protect Server From Overload?

Feb 19, 2014

Is there a way to protect apache server from overload? For example Nginx has a module called SysGuard when system load or memory use goes too high all subsequent requests will be redirected to the URL specified by the 'action' parameter.

View 1 Replies View Related

Apache :: Login And Password For Tomcat 7

Dec 5, 2010

I am unable to get A username and password requested by "Tomcat Manager Application"..I created userid and password in tomcat-users.x.

View 4 Replies View Related

Apache :: Password Htdigest In Batch

May 22, 2013

I would to use: htdigest -c filename.htpasswd Group usernamein file batch to insert a set of users with password.I can use it without having to enter the password from the keyboard?I tried echo pass| htdigest -c filename.htpasswd Group username but it does not work.

View 1 Replies View Related

Apache :: Possible To Log Username And Password Passed By GET

Jan 22, 2015

Is this possible to log username and password passed by GET request for basic authentication?I generate link to some part of my website by [URL] ....

It works without any problems for 90% users but some of them got information that there is password mismatch.So I would like to log all request with information about passed login and password in text plain.

View 1 Replies View Related

Setup Login ID And Password In Apache

Jan 25, 2014

Where can I get examples to create login ID and password with changing of password function for valid user to access apache web server? 

View 3 Replies View Related

Apache :: Require Password For All But One File

Jan 16, 2015

I would like my entire website to be password protected except for one file called allowThisFileWithoutPassword.php.

How could this be accomplished. Below is my attempt :


<VirtualHost *:80>
ServerName example.com
ServerAlias *.example.com
# ServerSignature Off

ErrorDocument 404 /error-404.html
DocumentRoot /var/www/html
<Directory "/var/www/html">

[Code] .....

View 2 Replies View Related

Apache :: Configuration To Setup Password For Website

Jul 8, 2013

I want to setup a password for a website running on Ubuntu server, and find Apache can be used. It is implemented by config httpd.conf file and .htaccess file.

So I want to ask:

1. In this case, the password is setup for a path on the server configured in httpd.conf file. Like in the following example:

Code: <Directory "/var/www/html/MySite">

The password is setup for the path to Mysite,right?

2. If my content of website is not stored under /var/www folder, I cannot use this way to setup a password for website, right? May use PHP instead?

View 1 Replies View Related

Apache :: 2 Username / Password Protected Directories

Aug 7, 2014

I have been trying to get password protected directories working on my Linode server. It works / behaves in a desktop browser somewhat but not like I am used to with hostmonster. Also for some reason my phone (windows phone just loads the page in the protected directory without prompting for a password. So I imagine there is some security thing I am missing that none of the info I have found searching talks about. Here is what I have done. I have created a password file and set the permissions correctly on that and it works on the desktop. However when I close the browser or open a private browsing session I am never prompted for a password again. It just feels insecure. Plus my windows phone just loads the page with no prompt. With hostmonster if I closed the browser window it would ask me for the username and password again. I also tested hostmonster directory passwords on my phone and it prompts for a username/password.

Here is what I have added to the apache2.conf file. The rest is pretty much default. There is no .htaccess file for that directory.

<Directory "/var/www/protected">
AllowOverride All
AuthType basic
AuthName "Enter Login"
AuthUserFile /etc/htpasswd/.htpasswd
Require valid-user
Order deny,allow
Allow from user1

It may be worth noting that I have two virtual sites / domain names running on this server at the moment however the one that is being used for this is the primary domain name.

OS: Debian 7.3
Apache 2.2.22

View 6 Replies View Related

Apache Ignoring <Directory>

May 17, 2007

I am trying to get Apache to disable .htaccess overrides and php for a certain directory (and it's subdirectories).

I can disable PHP scripting using a .htaccess file containing:

Options -ExecCGI -Indexes

I now want to disable .htaccess overrides, which Apache's documentation says is only possible in a <Directory> directive. I have therefore attempted to add the following to the website's Virtual host in httpd.conf:

<Directory /home/ceejayce/www/dropbox/*>
AllowOverride None

However, the above posted .htaccess file (which is located in /home/ceejayce/www/dropbox/2007/.htaccess) still runs and disables ExecCGI and Indexes. So, it looks like the <Directory> directive is not being processed? I have tried it outside the virtual host, straight into the config file - but it works the same way.

Apache's error log says nothing, other than ExecCGI is off in this directory and Directory Index is forbidden (so basically it's reading the options from the .htaccess file and applying them).

I want to make a folder than can only serve static content (no php etc).

View 1 Replies View Related

Apache Directory Listing

Jul 21, 2007

May be this is a stupid question, but I really don't know why I can't list the files in the root folder of a website(I didn't put any index.html or index.php in the folder).

I point my domain.com to /home/user/docs, the server can list domain.com/test/ files. But it can't list the files of domain.com/. It just shows the page at /var/www/htm, if I don't have any index file under /home/user/docs.

I have this in the httpd.conf file:

<Directory "/home/user/docs">
Options +Indexes
allow from all

View 2 Replies View Related

Apache :: Need To Locate A Directory

Jul 10, 2014

When I enter my_domain.com the browser displays index.php located in httpdocs on my server. When I enter my_domain.com/main/ the browser displays another page, but there's no directory "main" in my httpdocs. Somehow it's redirected to another location (but in URL bar in the browser it's still my_comain.com/main/). I need to find that location.

As I searched through the web, such redirection can be made in .htaccess file, but I can't locate this one either. My server is Apache on CentOS6, and httpdocs directory is located in /var/www/vhosts/my_domain.com. I searched for .htaccess in several locations that I googled, I also tried executing "find / -type d -name '.htaccess'" on PuTTy, but it gives no results.

View 2 Replies View Related

Apache :: How To Setup Directory

Apr 20, 2014

When I open my site in a browser and I point the URL to specifically // ipaddress / location A it's all good. (Apache Server)..My problem is, if you open the site in a browser with just the IP address alone it goes there for a second and then automaticlly goes to and opens the other site in location // ipaddress / location B.

However, what I need it to do, I think, is edit the apache conf file to make it open location A as the default. What do I need to do in the apache (httpd-conf) to fix that? For that matter is that the right file to edit?

View 1 Replies View Related

Apache :: Rewrite For Any Directory

Oct 15, 2014

I would like to write a rewrite rule that does the following:

RewriteEngine On

Redirect 301 URL...

So what I want is that the first url is rewritten to go to the second ..I have a whole bunch of links that I have to redirect, so I would like to place them all into one .htaccess file or into the default configuration file of apache. So what I do not want is to create SomeFolder1 and someOtherFolder2 and to place a .htaccess file into that place in order to make it work. In fact I want to ignore the folders of the old link and only use the pagename.

View 1 Replies View Related

Apache :: Using UNC Path In Directory

Dec 18, 2012

Earlier I made a setup using UNC path in my Apache configuration. I managed to make this work. Now on another installation using Apache 2.2.22 nothing works like before.

This is how my configuration looks like ....

View 4 Replies View Related

Apache :: Unable To Set Up Password Protection On HTTP Server

Apr 24, 2014

I'm trying to set up password protection on an Apache HTTP server, and it's not working.

First, the environment: Apache 2.4.4 installed with XAMPP Control Panel 3.2.1 under Windows 7 Professional.

http.config says "AllowOverride All."

The .htaccess file in the protected directory says:

htpasswd -c .htpasswd samples

htpasswd prompted me for the password twice, and I entered it twice. When it quit I had a file named .htpasswd in the subsidy directory. I typed it and its contents looked correct according to the examples I've seen.

Then I restarted Apache and tried to load a page from the directory. The browser simply prompted me for the username and password over and over.

The Apache error log says, "AH01617: user samples: authentication failure for "/subsidy/filename.html": Password Mismatch."

I deleted the .htpasswd file and ran htpasswd again, specifying a different (very simple) password. I also confirmed that caps lock was not on both before and after. I restarted the server, tried to load a page, and got the same problem.

Apache seems to think I'm entering the wrong password, but that seems impossible when I've just defined it myself -- and I've tried twice, intentionally choosing a very simple password the second time. If the message means what it says, the cause must be something very different from the obvious one.

View 1 Replies View Related

Apache :: Page Loads Doesn't Ask For Password Until Refresh

Oct 9, 2012

Im using apache2.2 on Ubuntu 12.04. Im trying to password protect a page using htacces and/or the directory command.

Basically no matter what method I use to try and password the index page it doesnt work. I can protect pages and dir's below, but not in the root www of a vhost.


/home/cackles/mysite with index.html and .htaccess will allow index.html to load and wont prompt for a pass until the page is refreshed.

/home/cackles/mysite/subdir will prompt for a pass before it goes any further.

I purged and started from scratch again last night and for nothing, it would seem, well I learned/refreshed a few things so it wasnt a complete bust ... just 7hrs

View 2 Replies View Related

Apache :: How To Use Data Outside Of Root Directory

Jan 2, 2014

I have home a server Apache. I want to put all my party songs in one partition and can listen from anywhere without having to take CDs. I have my site in C:Site and the songs I put it in D:Songs.

In php I see the D:Songs directory, I can read subdirectories, I see the .mp3 and .Wav files, I created the playlist, but the audio player doesn't start.

If I move the songs files in C:Site or C:SiteSongs goes perfectly, I can listen my music, but I do not want to be there.
Why I see in D:Songs, but does not want to go? In httpd.conf I have:

DocumentRoot "C:/Site/"
<Directory />
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all


<Directory "C:/Site/">
Options Indexes FollowSymLinks
AllowOverride all
Order Allow,Deny
Allow from all

I try to put also:

<Directory "D:/Songs/">
Options Indexes FollowSymLinks
AllowOverride all
Order Allow,Deny
Allow from all

bud does not work. "What Can I Do"?

[URL] ....

View 7 Replies View Related

Apache :: Document Root Must Be Directory

Jun 2, 2014

In httpd.conf I have

DocumentRoot "C:/Programme/Apache_Group/Tomcat-8.0.5/webapps/ROOT/"

2.4.9 is complaining about this having to be a directory. It is definiteley. I can browse it with explorer.

When I change this to "C:/Program Files/..." it works.

Why is that? In the stock Win32 server I downloaded from the apache site I did not have to make this change.

View 4 Replies View Related

Copyrights 2005-15 www.BigResource.com, All rights reserved