Apache :: Unable To Set Up Password Protection On HTTP Server
Apr 24, 2014
I'm trying to set up password protection on an Apache HTTP server, and it's not working.
First, the environment: Apache 2.4.4 installed with XAMPP Control Panel 3.2.1 under Windows 7 Professional.
http.config says "AllowOverride All."
The .htaccess file in the protected directory says:
Code:
htpasswd -c .htpasswd samples
htpasswd prompted me for the password twice, and I entered it twice. When it quit I had a file named .htpasswd in the subsidy directory. I typed it and its contents looked correct according to the examples I've seen.
Then I restarted Apache and tried to load a page from the directory. The browser simply prompted me for the username and password over and over.
The Apache error log says, "AH01617: user samples: authentication failure for "/subsidy/filename.html": Password Mismatch."
I deleted the .htpasswd file and ran htpasswd again, specifying a different (very simple) password. I also confirmed that caps lock was not on both before and after. I restarted the server, tried to load a page, and got the same problem.
Apache seems to think I'm entering the wrong password, but that seems impossible when I've just defined it myself -- and I've tried twice, intentionally choosing a very simple password the second time. If the message means what it says, the cause must be something very different from the obvious one.
View 1 Replies
ADVERTISEMENT
Apr 19, 2013
I have installed Apache 2.2.22 in Windows Server 2008 R2 Operating System. I want to upload a file using HTTP put command to "uploadtest" folder of the server
1. I have configured "uploattest" folder to accept file without any authentication (Anonymous_NoUserID On)
<IfModule alias_module>
Alias uploadtest G:DataImportSvcUploadTest
</IfModule>
<Directory "G:DataImportSvcUploadTest">
<FilesMatch ".(enc|xml|zip)$">
[Code] ....
We are using .enc files so I allowed that file type
2. "uploadtest" folder has right permission to everybody.
3. We are using WindowsCE client to send file using HTTP put command . Use HttpOpenRequest to send files with lpszVerb = PUT
HINTERNET WINAPI HttpOpenRequest(
HINTERNET hConnect,
LPCTSTR lpszVerb,
LPCTSTR lpszObjectName,
LPCTSTR lpszVersion,
LPCTSTR lpszReferrer,
LPCTSTR* lplpszAcceptTypes,
DWORD dwFlags,
DWORD dwContext
);
4. We are getting error as "Method Not Allowed"
TTP/1.1 405 Method Not Allowed
Date: Thu, 18 Apr 2013 07:26:25 GMT
Server: Apache/2.2.22 (Win32) DAV/2
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Length: 241
Content-Type: text/html; charset=iso-8859-1
5. I tried enable WebDav in Apache and tried with BitKinex WebDav client and still gives the same error
I just wondering PUT may be barred by any other allowed module. Please find the modules allowed.
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
[Code] .....
View 1 Replies
View Related
Jan 4, 2008
When I use password protection using cPanel I have the following issue which is illustrated using the following example:
Main folder: X
Sub folders inside X: A, B
All three folders are password protected.
If a user has access to X, I would like that user to have access to A and B as well automatically. But this does not happen. I need to manually add this user to both A and B as well.
If a user has access to A, I would not like that user to have access to X. This is possible to do.
View 2 Replies
View Related
Jul 11, 2014
After the upgrade of our Plesk installation from 9.5x to 11.5.30Everything works ok (sites,sites with databases, Plesk etc)but when I go to Home>Tools & Settings> Backup Manager.I see errors on every daily backup I have on schedule:
The backup Plesk_Daily_Full_Backup_1407060112.tar has completed with warnings. (View the details) Close this message
Error:mysql "myuser_drupal"
Unable to define superuser password for mysql server on localhost
Error:mysql "myuser_drupal"
Unable to get list of db servers (ErrorCode: 1, STDOUT.
Error:mysql "myuser_wp_eng"
Unable to define superuser password for mysql server on localhost
View 1 Replies
View Related
Mar 17, 2005
This is the first time I try a password protection with htaccess. For that tas k I have mainly copied exapmles from the documentation pages
The problem is however, that apache seem to ignore the .htaccess File completely. I am not asked for a password, nor is anything related to that in the logfiles
.htaccess:
Code:
AuthType Basic
AuthName "Password Required"
AuthUserFile /home/matthias/www/matthias/pwd/users
AuthGroupFile /dev/null
Require user photos
with the file users, created with htpasswd. It exisits and the path is correct
photos:EdlmuAi1RSkTM
commonhttpd.conf
Code:
<Directory />
Options*-All*-Multiviews
AllowOverride*All
Options*FollowSymLinks
<IfModule*mod_access.c>
Order*allow,deny
Allow*from*all
</IfModule>
</Directory>
AccessFileName .htaccess
httpd.conf
Code:
## Virtuelle Server (Matthias)
NameVirtualHost *:80
<VirtualHost *:80>
ServerName*www.local-matthias.de
DocumentRoot*/home/matthias/www/matthias
</VirtualHost>
Any Ideas what to do ?
View 1 Replies
View Related
Oct 5, 2008
Anyone know a good program to let me put passwords from opening the hard drives via My Computer or especific folders, shortcuts, programs etc?
Lets per say someone got a hold of my Administrator password to have those important confidential files not to be seen a program like this would help. I am also going to set up that the server is only accessed from 2 secure locations just in case.
View 5 Replies
View Related
Jul 6, 2015
After I've upgraded Plesk 1.0.18 to latest version, I'm unable to set protection on directories. Plesk say it is set, but it is not. I can access protected directory without pop-up of login-details. Old protected directories work, but for new one added not working anymore. I also tried by conventional way adding .htaccess and .htpasswd files to the directory, but it does not apply either.
View 2 Replies
View Related
Jun 27, 2013
its possible to do a P2V migration of a Apache http server 2.2
Present environment:
Windows 2003
Apache http server 2.0.63
There are 2 webservers (running Apache) for load balancing. The backend server runs an application which uses an oracle database. Is a P2V migration of the web servers possible?
View 2 Replies
View Related
Sep 22, 2009
I installed apache, mysql, php on my windows vista laptop, and want to test http downloading. This means when selecting a file (for example, contact.php) from a page, and then click download, it will be downloaded to my desktop.
Do we need to install any other softwares to do that?
View 10 Replies
View Related
May 6, 2013
I have an Xitami server and am migrating to apache httpd. I have the regular server working fine. I tried configuring ssl, but no requests are coming through. I know 443 is open on the router because it works fine under Xitami. I checked the logs and it si starting fine. I am attaching my httpd.conf and the startup log. If I try to access the website using https, it just times out and nothing goes in the log file. I replaced my domain with domain.com. I have tried many different examples, but cannot get it to work and am not sure what to do.
View 5 Replies
View Related
Jan 31, 2014
I'm running Apache 2.4.7 on a RHEL 6.4 server. I'm using the Oracle WebLogic Proxy Plugin ver 12.c to connect to a back end server.What's happening is that Apache answers URL.. and proxies the request via the WebLogic Proxy Plugin to internal.blah.com. Unfortunately, the downstream system encounters a problem and issues an http 302 redirect to internal.blah.com/whathappened. I would like to have Apache intercept this http 302 and redirect the client to URL...
View 1 Replies
View Related
Nov 22, 2013
I am tried to integrate Apache HTTP server and JBoss app server 7 with mod_jk module plugin in Apache.I have two instances of Jboss running and Apache server sends requests to them.I have added following code in "httpd.conf" of Apache:
Code:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
JkWorkersFile "D:/Program Files/Apache Group/Apache2/conf/workers.properties"
JkShmFile "D:/Program Files/Apache Group/Apache2/logs/mod_jk.shm"
JkLogFile "D:/Program Files/Apache Group/Apache2/logs/mod_jk.log"
[Code] ....
But, though I have configured this way, when my worker1 goes down,Apache is not sending requests to worker2 and I get "Service Temporarily Unavailable" message.
View 1 Replies
View Related
Jun 4, 2009
My Linux Server's Http Daemon (Apache) would stop serving websites ever so often, as soon as apache is restarted the error fixes iteself only to resurface within few hours.
The apache process would still be running i.e. apache does not die but no websites hosted on my server would be accessible from browser. And when this happens the apache logs do not log any http requests.
Instead when this happens all http requests to my server would be redirected to some weird Trojan website and my Norton Antivirus would show an Alert/Warning, for example;
"Browser exploit at www.xxx.xxx was blocked"
Risk Name: MSIE WebViewFolderIcon ActiveX Control BO
or another error like;
"Auto-Protect has detected Trojan.Fakeavalert".
At first i thought the problem could be with my Laptop/ISP so i logged on to the server via SSH and opened try to open a website using command line "lynx mywebsite.com" and it shows following error;
"Alert!: HTTP/1.0 503 Service Unavailable".
Now if i assume my laptop were to be infected, then as soon as i restart my apache and visit mywebsite.com eveything returns to normal with no such warnings. Why do i see those norton error messages only when apache is down with 503, and when apache is down with 503 how come the http requests always get redirected to some suspicious websites and nothing gets logged in apache error log?
I think my server is being attacked causing http to get unresponsive and thereafter http requests to my server are redirected to some malicious website, is this correct?
Also, i suspect this is a php script exploit as some customers have reported that google have blocked their website due to security reasons, i found <iframe> tage inserted in some php pages which i fixed.
Also, another thinh i noticed;
when apache responds with the 503 it is referencing PHP 5.1.4 in the header response:
[root@]# curl -I xxx.xxx.xxx.xxx (my server ip)
HTTP/1.0 503 Service Unavailable
Server: Apache
X-Powered-By: PHP/5.1.4
Retry-After: 20
I am running PHP 4.3.9m why does apache responds with PHP 5.1.4 when this 503 error surfaces?
Also, since my apache was dowan with 503 error a customer mailed in today saying;
"It seems that my site www.xxxx.com is regularly down, and the winlogon virus is involved."
I suspect this is again due to the fact that http requests start getting redirected?
View 3 Replies
View Related
Jan 24, 2014
I am 3 days new to figuring out how to get Perl scripts to run on my Windows XP box. I downloaded and installed the Apache installation file "httpd-2.0.65-win32-x86-openssl-0.9.8y.msi" and the "strawberry-perl-5.18.2.1-32bit.msi" from the perl.org site in hopes that I could get a feedback form to work for a web site that I am working on.
Out of the many pages that I have viewed online of how to configure the Apache Server, nothing has given any favorable results with their explanations.
My last attempt was [URL] ..... where I could not get the example to work. I did the changes to the Apache file "Edit the Apache httpd.conf Configuration File" fairly easily but I must be having problems with the test.pl because I can't get it to work.
I used a different version of Perl (Strawbery from perl.org because it installed without giving me an error pop up after installation) and after copy pasting the script, in an attempt to get it working, I ended up changing it in hopes that I could get it working, shown below.
#!/strawberry/bin/perl.exe
print "Content-type: text/html; charset=iso-8859-1
";
print "<phtml>";
print "<body>";
print "Test Page";
print "</body>";
print "</html>";
This is what the site says to create the program with:
#!/perl/bin/perl
print "Content-type: text/html; charset=iso-8859-1
";
print "<phtml>";
print "<body>";
print "Test Page";
print "</body>";
print "</html>";
where I assumed that "#!" meant the "C:" drive and substituted the first "/perl" with the folder the Strawbery Perl had installed itself to and left the second "/perl" in the first line thinking that it was referring to the executable in the "C:strawberryperlbin" folder.
This is the error I get when trying to get the script to run when typing "localhost/test.pl" in the address bar.
"Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
........"
Know how I can change the title of this post to read "Configuring Apache HTTP Server 2.0 to run Perl in Windows"?
View 1 Replies
View Related
Jun 16, 2013
I get an error when i try to access my webmail(horde) over the i-net i get error Unable to get webmail password every time. The error appeared when i upgraded from 11.09 to 11.5. I also followed this tutorial but it didn't worked too. --> [URL] ....
View 8 Replies
View Related
Aug 15, 2014
after I install my apache 2.4 on my notebook, I install it using PHP and it's successful, but when I use .htaccess
View 2 Replies
View Related
Feb 2, 2015
In Plesk (V. 12.0.18) there is no possibility to create mail accounts for subdomains via web interface. The KB article [URL] ..... describes this problem. The article suggests two possible ways.
I donĀ“t want to use option 1 (create subdomain as additional domain) because a subdomain as domain wastes a domain in the license model.
Instead of that I tried the second way (command line interface). I can execute the first command without problems. When I try to execute the second command, I get the following error: "An error occured during mailname creation: Unable to set password: Domain of type subdomain selected".
View 3 Replies
View Related
Nov 15, 2013
Server Version: Apache/2.2.22 (Unix)
On our production service, we've been getting numerous malformed POST requests to some of our CGI scripts that are showing up as 500 errors in our logs. They are malformed in the sense that the actual content length doesn't match the Content-Length specified in the request.
Here's the most trivial example I can come up with that reproduces the problem for us:
POST /some_valid_alias HTTP/1.1
Host: example.org
User-Agent: Arbitrary/1.0
Content-Type: multipart/form-data; boundary=---------------------------41184676334
Content-Length: 769
-----------------------------41184676334
In addition to the 500 error in the access log, we see the corresponding error in the error log:
(70014)End of file found: Error reading request entity data
Based on the nature of the POST request and the error response, it does appear that Apache is doing the right thing here.
The POST never actually makes it as far as the script being targeted (/some_valid_alias in the above example); in other words, Apache returns 500 to the client, writes the error to the error log and never executes the script.
Is there a way to capture/avoid internal Apache errors like 70014, and return some other HTTP status besides 500 (like 403)? It's particularly annoying in our case, because our server sends us an email for all 500 errors.
So far, our best "defense" against these 500 errors is to disallow POST for these aliases, which normally just ignore the POST data anyway (when the request is not malformed):
RewriteCond %{REQUEST_METHOD} ^POST$
RewriteRule ^/(some_valid_alias)(.*)$ $1$2 [R]
But this won't work for all our scripts, because in some cases we do want to permit POST.
View 2 Replies
View Related
Jun 13, 2008
Anybody have good experiences with some software based Apache 2.2 ddos protection. Im trying to find something similar then mod_evasive.
It's just that evasive won't work with Apache 2.2. It actually works, but it does not do what it is supposed to do.
Have tryed many different configuration, but it just won't do it.
After Googling i found out that many have suffered same kind of experiences with mod_Evasive and Apache2.2
I guess it is not working cos we got Peruser there. http://www.telana.com/peruser.php
Means that there is many differend child processes and evasive don't share data between childs.
So suggest me something. This is coming on prodution server with hundreds of domains so it has to be stable, fast and rock solid.
View 3 Replies
View Related
Dec 2, 2013
I was wondering if there's a simple way to implement some kind of authencation bruteforce protection in apache for windows? Right now my authentication never stops asking if user inputs the wrong credentials, this makes me think i'm vounrable for bruteforce attacks which could eventually get through if given the time.
View 4 Replies
View Related
Jul 18, 2008
Anytime I've gotten these before, they were stored in:
/var/log/messages
Today (according to logwatch), I got a protection fault in "top".
But when I view /var/log/messages... nothing is there relating to a fault.
The only kernel message that appears is a martian source.
I also hadn't logged into ssh today, isn't "top" an ssh command.
View 9 Replies
View Related
Aug 15, 2007
Someone seems to be flooding our HTTP server somehow. We use the latest version of Apache on Windows.
Is there any Windows modules that can filter the total amount of IP connections, or something built into Windows that could filter this?
View 2 Replies
View Related
Jan 6, 2015
I'm in the process of trying to pin down a couple errors I've been running into, and after installing and configuring SSL I have occasionally been receiving the following error:
View 2 Replies
View Related
Oct 9, 2012
Suddenly on a particular website (possibly following an easyapache php minor version update) if I specify a folder rather than a specific file I get a 503 response.
If I do the same on https it's ok. But http always gets a 503.
If I specify a file it's fine, but the folder always hits a 503.
I have removed the htaccess file and php.ini to rule that out and indeed they weren't factors - it seems like it goes wrong before reading the htaccess file.
View 3 Replies
View Related
Aug 7, 2008
I have two domains that are sharing one IP address. One site is meissenation.com and the other is mifbody.com.
My httpd.conf file looks like this: ...
View 2 Replies
View Related
Mar 3, 2007
Does anyone know if there is an Apache directive where you can have Apache call a script on HTTP PUTs to a specific location and also for HTTP GETs?
View 0 Replies
View Related
May 4, 2015
I keep hearing that redirecting from http to https is not very secure [non-SSL to SSL]. Among other reasons, one reason is that the browser may continue to think it is communicating with non secure server and may not encrypt the data. Is it true? I hope not, I am using the following -
<VirtualHost 12.34.567.89:80>
ServerName www.mysite1234.com:80
Redirect / https://www.mysite1234.com/
</VirtualHost>
View 1 Replies
View Related
Sep 30, 2014
I made the idiotic move of not making a backup of the default configs and now I can't access my http website externally. ssl works fine, but I need http to work too.
View 3 Replies
View Related
Aug 30, 2013
I was trying to set up a JBoss cluster with apache httpd mod cluster in windows.I was able to start the apache using the command 'httpd. exe'. But when I tried to access it using localhost:6666/mod_cluster_manager , the page was not accessible.I have the entry 127.0.0.1 localhost in my hosts file.
The http.conf contains lines as given below:
# MOD_CLUSTER_ADDS
# Adjust to you hostname and subnet.
<IfModule manager_module>
Listen 127.0.0.1:6666
ManagerBalancerName mycluster
<VirtualHost 127.0.0.1:6666>
[code]....
View 2 Replies
View Related
Mar 3, 2015
I'm using a turnkey image for smallmachineforum system, installed on amazon aws instance.
In the default configuration I can't use the http version of the site, only the https.
It does not seem to be a network issue, a telnet on port 80 opens.
The server is apache version 2.2.22, on a Debian 3.2.57-3+deb7u2 x86_64
View 2 Replies
View Related
