Apache :: Password Protect Directory
Mar 10, 2014What is the proper way. to password protect a directory for apache 2.4.7. Information i gather seems to not work.
View 4 Replies
ADVERTISEMENT
How To Password Protect Web Pages, I Can Protect Directories But Can't Put Pages In
Mar 4, 2007i did make a big message on here but it deleted when i back spaced
my website is aviation cafe dot net / sample and i need you to help me with password protecting a webpage, i wanted the address to be / the silver sword and definitly not to look like it does now.
username: webforum
pass: password
Protect Directory
May 22, 2007i have another question is their a way to protect a directory without using .htaccess because i dont have modrewrite installed on my apache server.
View 4 Replies View RelatedHow Do I Password Protect A Folder On The Server
Jan 15, 2007Is it possible to do it through a standard FTP package?
View 2 Replies View RelatedHow Do I Password Protect A File On My Website
May 28, 2007im trying to password protect a single txt file on my server, but instead its password protecting the whole directory
so for example
i want to password protect the file 123.txt in directory "sample" but instead its password protecting the whole direcoty "sample"
Protect Your Password In A Cyber Cafe And On Public Computers
Jun 30, 2009Sometime you must have gone to a cyber cafe or used public computers to access the internet or mail.
Public computers are most prone to password hacking. Anyone can simply install a keylogger software to hack your password. Keylogging is one of the most insidious threats to a users personal information. Passwords,credit card numbers,etc.
It is very easy for the keylogger to harvest passwords. Each and every keystroke (whatever you type on the keyboard) gets recorded in the keylogger software and the person installing it can easily view what you have typed in.
For example,if you go to hotmail.com and check your mails. Say your ID is aaabbbccc@hotmail.com and password is snoopy2,the keylogger software records your usename and password in its log file as
www.hotmail.comaaabbbccc@hotmail.comsnoopy2
Risky isnt it?
Theres a solution to this problem and you can easily fool the software!!
The keylogger software sees and records everything,but it doesnt understand what it sees,it does not know what to do with keys that are typed anywhere other than the password or user name fields.
So between successive keys of the password if you enter random keys,the keylogger software wont ever come to know where you typed in what..
In the process of recording the keys,the string that the keylogger receives will contain the password,but embedded in so much random junk that discovering it is infeasible.
So...
1. Go to hotmail.com or yahoo.com or any other site where you need to insert a password or PIN.
2. Type in your user ID.
3. Type in the first characterof the password.
4. Click on the address bar in the browser,type in some random charachters.
5. Again go to password field and type in the second character of the password and probably third too.
6. Again go to the address bar and type in a few more random characters.
7. Back to the password field and the next characters of the password.
Keep on repeating the process till you type in the full password in the password field.
Instead of the password snoopy2,the keylogger now gets:
www.hotmail.comspqmlainsdgsosdgfsodgfdpuouuyhdg2
Heres a total of 26 random characters have been inserted among the 7 characters of the actual password!
No doubt it takes a little bit of more time than the usual process,but you are safe and secure that way!
Directory Password Protection
Jan 4, 2008When I use password protection using cPanel I have the following issue which is illustrated using the following example:
Main folder: X
Sub folders inside X: A, B
All three folders are password protected.
If a user has access to X, I would like that user to have access to A and B as well automatically. But this does not happen. I need to manually add this user to both A and B as well.
If a user has access to A, I would not like that user to have access to X. This is possible to do.
Password Directory- No Images Showing On Webpages
Mar 29, 2007I use bluehost's pagewizard. So i created the members.htm then moved it to a password protected directory.
I don't know how to get the pics to show up, i only know that the location of the images is in wizard images.
Plesk 11.x / Linux :: Password Protected Directory With IP Exception?
May 24, 2014On Plesk 11.5 / Centos 6.5 / Linux
I normally protect a given directory in the Plesk Contral Panel with a Username / Password. I would like to bypass the username and password for visitors from one IP.
Apache :: Protect Against Constant F5?
Oct 24, 2013Today i was informed that some of Apache instances are vulnerable for serving content while client is constantly pressing F5 button in browsers - once is pressed CPU load is increasing, page became slow etc. (it's dynamic content served by back-end Tomcats). In the same time i see errors with connection between Apache and Tomcats' instances.
Is there any good way to protect Apache against it ?
Mod_evasive Doesn't Protect From Apache DOS
Feb 6, 2008We tried to use one software for offline browsing to download our site and test it if it will fail or not. We used 500 threads at once. Program was able to request 56 pages per second. Of course server (site) failed because there were no more available mysql connections. So site went down. Mod_evasive didn't block that.
Here is the config:
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 80
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 30
DOSLogDir "/var/log/httpd"
</IfModule>
Here is the copy of text I found on one site about mod_evasive:
Mod_evasive does work relatively well for small to medium sized brute force or HTTP level DoS attacks. There is, however, an important limitation that mod_evasive has that you should be aware of. The mod_evasive module is not as good as it could be because it does not use shared memory in Apache to keep information about previous requests persistent. Instead, the information is kept with each child process or thread. Other Apache children that are then spawned know nothing about abuse against one of them. When a child serves the maximum number of requests and dies, the DoS information goes with it. So, what does this mean? This means that if an attacker sends their HTTP DoS requests and they do not use HTTP Keep-Alives, then Apache will spawn a new child process for every request and it will never trigger the mod_evasive thresholds. This is not good…
Is there any solution for such type of attack with Keep Alive disabled?
Apache :: Way To Protect Server From Overload?
Feb 19, 2014Is there a way to protect apache server from overload? For example Nginx has a module called SysGuard when system load or memory use goes too high all subsequent requests will be redirected to the URL specified by the 'action' parameter.
View 1 Replies View RelatedApache :: Login And Password For Tomcat 7
Dec 5, 2010I am unable to get A username and password requested by http://127.0.0.1:8080. "Tomcat Manager Application"..I created userid and password in tomcat-users.x.
View 4 Replies View RelatedApache :: Password Htdigest In Batch
May 22, 2013I would to use: htdigest -c filename.htpasswd Group usernamein file batch to insert a set of users with password.I can use it without having to enter the password from the keyboard?I tried echo pass| htdigest -c filename.htpasswd Group username but it does not work.
View 1 Replies View RelatedApache :: Possible To Log Username And Password Passed By GET
Jan 22, 2015Is this possible to log username and password passed by GET request for basic authentication?I generate link to some part of my website by [URL] ....
It works without any problems for 90% users but some of them got information that there is password mismatch.So I would like to log all request with information about passed login and password in text plain.
Setup Login ID And Password In Apache
Jan 25, 2014Where can I get examples to create login ID and password with changing of password function for valid user to access apache web server?Â
View 3 Replies View RelatedApache :: Require Password For All But One File
Jan 16, 2015I would like my entire website to be password protected except for one file called allowThisFileWithoutPassword.php.
How could this be accomplished. Below is my attempt :
Code:
<VirtualHost *:80>
ServerName example.com
ServerAlias *.example.com
# ServerSignature Off
ErrorDocument 404 /error-404.html
DocumentRoot /var/www/html
<Directory "/var/www/html">
[Code] .....
Apache :: Configuration To Setup Password For Website
Jul 8, 2013I want to setup a password for a website running on Ubuntu server, and find Apache can be used. It is implemented by config httpd.conf file and .htaccess file.
So I want to ask:
1. In this case, the password is setup for a path on the server configured in httpd.conf file. Like in the following example:
Code: <Directory "/var/www/html/MySite">
The password is setup for the path to Mysite,right?
2. If my content of website is not stored under /var/www folder, I cannot use this way to setup a password for website, right? May use PHP instead?
Apache :: 2 Username / Password Protected Directories
Aug 7, 2014 I have been trying to get password protected directories working on my Linode server. It works / behaves in a desktop browser somewhat but not like I am used to with hostmonster. Also for some reason my phone (windows phone just loads the page in the protected directory without prompting for a password. So I imagine there is some security thing I am missing that none of the info I have found searching talks about. Here is what I have done. I have created a password file and set the permissions correctly on that and it works on the desktop. However when I close the browser or open a private browsing session I am never prompted for a password again. It just feels insecure. Plus my windows phone just loads the page with no prompt. With hostmonster if I closed the browser window it would ask me for the username and password again. I also tested hostmonster directory passwords on my phone and it prompts for a username/password.
Here is what I have added to the apache2.conf file. The rest is pretty much default. There is no .htaccess file for that directory.
<Directory "/var/www/protected">
AllowOverride All
AuthType basic
AuthName "Enter Login"
AuthUserFile /etc/htpasswd/.htpasswd
Require valid-user
Order deny,allow
Allow from user1
</Directory>
It may be worth noting that I have two virtual sites / domain names running on this server at the moment however the one that is being used for this is the primary domain name.
OS: Debian 7.3
Apache 2.2.22
Apache Ignoring <Directory>
May 17, 2007I am trying to get Apache to disable .htaccess overrides and php for a certain directory (and it's subdirectories).
I can disable PHP scripting using a .htaccess file containing:
Code:
Options -ExecCGI -Indexes
I now want to disable .htaccess overrides, which Apache's documentation says is only possible in a <Directory> directive. I have therefore attempted to add the following to the website's Virtual host in httpd.conf:
Code:
<Directory /home/ceejayce/www/dropbox/*>
AllowOverride None
</Directory>
However, the above posted .htaccess file (which is located in /home/ceejayce/www/dropbox/2007/.htaccess) still runs and disables ExecCGI and Indexes. So, it looks like the <Directory> directive is not being processed? I have tried it outside the virtual host, straight into the config file - but it works the same way.
Apache's error log says nothing, other than ExecCGI is off in this directory and Directory Index is forbidden (so basically it's reading the options from the .htaccess file and applying them).
I want to make a folder than can only serve static content (no php etc).
Apache Directory Listing
Jul 21, 2007May be this is a stupid question, but I really don't know why I can't list the files in the root folder of a website(I didn't put any index.html or index.php in the folder).
I point my domain.com to /home/user/docs, the server can list domain.com/test/ files. But it can't list the files of domain.com/. It just shows the page at /var/www/htm, if I don't have any index file under /home/user/docs.
I have this in the httpd.conf file:
<Directory "/home/user/docs">
Options +Indexes
allow from all
</Directory>
Apache :: Need To Locate A Directory
Jul 10, 2014When I enter my_domain.com the browser displays index.php located in httpdocs on my server. When I enter my_domain.com/main/ the browser displays another page, but there's no directory "main" in my httpdocs. Somehow it's redirected to another location (but in URL bar in the browser it's still my_comain.com/main/). I need to find that location.
As I searched through the web, such redirection can be made in .htaccess file, but I can't locate this one either. My server is Apache on CentOS6, and httpdocs directory is located in /var/www/vhosts/my_domain.com. I searched for .htaccess in several locations that I googled, I also tried executing "find / -type d -name '.htaccess'" on PuTTy, but it gives no results.
Apache :: How To Setup Directory
Apr 20, 2014When I open my site in a browser and I point the URL to specifically // ipaddress / location A it's all good. (Apache Server)..My problem is, if you open the site in a browser with just the IP address alone it goes there for a second and then automaticlly goes to and opens the other site in location // ipaddress / location B.
However, what I need it to do, I think, is edit the apache conf file to make it open location A as the default. What do I need to do in the apache (httpd-conf) to fix that? For that matter is that the right file to edit?
Apache :: Rewrite For Any Directory
Oct 15, 2014I would like to write a rewrite rule that does the following:
RewriteEngine On
Redirect 301 URL...
So what I want is that the first url is rewritten to go to the second ..I have a whole bunch of links that I have to redirect, so I would like to place them all into one .htaccess file or into the default configuration file of apache. So what I do not want is to create SomeFolder1 and someOtherFolder2 and to place a .htaccess file into that place in order to make it work. In fact I want to ignore the folders of the old link and only use the pagename.
Apache :: Using UNC Path In Directory
Dec 18, 2012Earlier I made a setup using UNC path in my Apache configuration. I managed to make this work. Now on another installation using Apache 2.2.22 nothing works like before.
This is how my configuration looks like ....
Apache :: Unable To Set Up Password Protection On HTTP Server
Apr 24, 2014I'm trying to set up password protection on an Apache HTTP server, and it's not working.
First, the environment: Apache 2.4.4 installed with XAMPP Control Panel 3.2.1 under Windows 7 Professional.
http.config says "AllowOverride All."
The .htaccess file in the protected directory says:
Code:
htpasswd -c .htpasswd samples
htpasswd prompted me for the password twice, and I entered it twice. When it quit I had a file named .htpasswd in the subsidy directory. I typed it and its contents looked correct according to the examples I've seen.
Then I restarted Apache and tried to load a page from the directory. The browser simply prompted me for the username and password over and over.
The Apache error log says, "AH01617: user samples: authentication failure for "/subsidy/filename.html": Password Mismatch."
I deleted the .htpasswd file and ran htpasswd again, specifying a different (very simple) password. I also confirmed that caps lock was not on both before and after. I restarted the server, tried to load a page, and got the same problem.
Apache seems to think I'm entering the wrong password, but that seems impossible when I've just defined it myself -- and I've tried twice, intentionally choosing a very simple password the second time. If the message means what it says, the cause must be something very different from the obvious one.
Apache :: Page Loads Doesn't Ask For Password Until Refresh
Oct 9, 2012Im using apache2.2 on Ubuntu 12.04. Im trying to password protect a page using htacces and/or the directory command.
Basically no matter what method I use to try and password the index page it doesnt work. I can protect pages and dir's below, but not in the root www of a vhost.
basically:
/home/cackles/mysite with index.html and .htaccess will allow index.html to load and wont prompt for a pass until the page is refreshed.
/home/cackles/mysite/subdir will prompt for a pass before it goes any further.
I purged and started from scratch again last night and for nothing, it would seem, well I learned/refreshed a few things so it wasnt a complete bust ... just 7hrs
Apache :: How To Use Data Outside Of Root Directory
Jan 2, 2014I have home a server Apache. I want to put all my party songs in one partition and can listen from anywhere without having to take CDs. I have my site in C:Site and the songs I put it in D:Songs.
In php I see the D:Songs directory, I can read subdirectories, I see the .mp3 and .Wav files, I created the playlist, but the audio player doesn't start.
If I move the songs files in C:Site or C:SiteSongs goes perfectly, I can listen my music, but I do not want to be there.
Why I see in D:Songs, but does not want to go? In httpd.conf I have:
DocumentRoot "C:/Site/"
<Directory />
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
and
<Directory "C:/Site/">
Options Indexes FollowSymLinks
AllowOverride all
Order Allow,Deny
Allow from all
</Directory>
I try to put also:
<Directory "D:/Songs/">
Options Indexes FollowSymLinks
AllowOverride all
Order Allow,Deny
Allow from all
</Directory>
bud does not work. "What Can I Do"?
[URL] ....
Apache :: Document Root Must Be Directory
Jun 2, 2014In httpd.conf I have
DocumentRoot "C:/Programme/Apache_Group/Tomcat-8.0.5/webapps/ROOT/"
2.4.9 is complaining about this having to be a directory. It is definiteley. I can browse it with explorer.
When I change this to "C:/Program Files/..." it works.
Why is that? In the stock Win32 server I downloaded from the apache site I did not have to make this change.
