Apache :: Unable To Set Up Password Protection On HTTP Server
Apr 24, 2014
I'm trying to set up password protection on an Apache HTTP server, and it's not working.
First, the environment: Apache 2.4.4 installed with XAMPP Control Panel 3.2.1 under Windows 7 Professional.
http.config says "AllowOverride All."
The .htaccess file in the protected directory says:
Code:
htpasswd -c .htpasswd samples
htpasswd prompted me for the password twice, and I entered it twice. When it quit I had a file named .htpasswd in the subsidy directory. I typed it and its contents looked correct according to the examples I've seen.
Then I restarted Apache and tried to load a page from the directory. The browser simply prompted me for the username and password over and over.
The Apache error log says, "AH01617: user samples: authentication failure for "/subsidy/filename.html": Password Mismatch."
I deleted the .htpasswd file and ran htpasswd again, specifying a different (very simple) password. I also confirmed that caps lock was not on both before and after. I restarted the server, tried to load a page, and got the same problem.
Apache seems to think I'm entering the wrong password, but that seems impossible when I've just defined it myself -- and I've tried twice, intentionally choosing a very simple password the second time. If the message means what it says, the cause must be something very different from the obvious one.
I have installed Apache 2.2.22 in Windows Server 2008 R2 Operating System. I want to upload a file using HTTP put command to "uploadtest" folder of the server
1. I have configured "uploattest" folder to accept file without any authentication (Anonymous_NoUserID On)
<IfModule alias_module> Alias uploadtest G:DataImportSvcUploadTest </IfModule> <Directory "G:DataImportSvcUploadTest"> <FilesMatch ".(enc|xml|zip)$">
[Code] ....
We are using .enc files so I allowed that file type
2. "uploadtest" folder has right permission to everybody.
3. We are using WindowsCE client to send file using HTTP put command . Use HttpOpenRequest to send files with lpszVerb = PUT
When I use password protection using cPanel I have the following issue which is illustrated using the following example:
Main folder: X Sub folders inside X: A, B
All three folders are password protected.
If a user has access to X, I would like that user to have access to A and B as well automatically. But this does not happen. I need to manually add this user to both A and B as well.
If a user has access to A, I would not like that user to have access to X. This is possible to do.
After the upgrade of our Plesk installation from 9.5x to 11.5.30Everything works ok (sites,sites with databases, Plesk etc)but when I go to Home>Tools & Settings> Backup Manager.I see errors on every daily backup I have on schedule:
The backup Plesk_Daily_Full_Backup_1407060112.tar has completed with warnings. (View the details) Close this message
Error:mysql "myuser_drupal" Unable to define superuser password for mysql server on localhost
Error:mysql "myuser_drupal" Unable to get list of db servers (ErrorCode: 1, STDOUT.
Error:mysql "myuser_wp_eng" Unable to define superuser password for mysql server on localhost
This is the first time I try a password protection with htaccess. For that tas k I have mainly copied exapmles from the documentation pages
The problem is however, that apache seem to ignore the .htaccess File completely. I am not asked for a password, nor is anything related to that in the logfiles
.htaccess:
Code: AuthType Basic AuthName "Password Required" AuthUserFile /home/matthias/www/matthias/pwd/users AuthGroupFile /dev/null Require user photos with the file users, created with htpasswd. It exisits and the path is correct photos:EdlmuAi1RSkTM
Anyone know a good program to let me put passwords from opening the hard drives via My Computer or especific folders, shortcuts, programs etc?
Lets per say someone got a hold of my Administrator password to have those important confidential files not to be seen a program like this would help. I am also going to set up that the server is only accessed from 2 secure locations just in case.
After I've upgraded Plesk 1.0.18 to latest version, I'm unable to set protection on directories. Plesk say it is set, but it is not. I can access protected directory without pop-up of login-details. Old protected directories work, but for new one added not working anymore. I also tried by conventional way adding .htaccess and .htpasswd files to the directory, but it does not apply either.
its possible to do a P2V migration of a Apache http server 2.2
Present environment:
Windows 2003 Apache http server 2.0.63
There are 2 webservers (running Apache) for load balancing. The backend server runs an application which uses an oracle database. Is a P2V migration of the web servers possible?
I installed apache, mysql, php on my windows vista laptop, and want to test http downloading. This means when selecting a file (for example, contact.php) from a page, and then click download, it will be downloaded to my desktop.
Do we need to install any other softwares to do that?
I have an Xitami server and am migrating to apache httpd. I have the regular server working fine. I tried configuring ssl, but no requests are coming through. I know 443 is open on the router because it works fine under Xitami. I checked the logs and it si starting fine. I am attaching my httpd.conf and the startup log. If I try to access the website using https, it just times out and nothing goes in the log file. I replaced my domain with domain.com. I have tried many different examples, but cannot get it to work and am not sure what to do.
I'm running Apache 2.4.7 on a RHEL 6.4 server. I'm using the Oracle WebLogic Proxy Plugin ver 12.c to connect to a back end server.What's happening is that Apache answers URL.. and proxies the request via the WebLogic Proxy Plugin to internal.blah.com. Unfortunately, the downstream system encounters a problem and issues an http 302 redirect to internal.blah.com/whathappened. I would like to have Apache intercept this http 302 and redirect the client to URL...
I am tried to integrate Apache HTTP server and JBoss app server 7 with mod_jk module plugin in Apache.I have two instances of Jboss running and Apache server sends requests to them.I have added following code in "httpd.conf" of Apache:
But, though I have configured this way, when my worker1 goes down,Apache is not sending requests to worker2 and I get "Service Temporarily Unavailable" message.
My Linux Server's Http Daemon (Apache) would stop serving websites ever so often, as soon as apache is restarted the error fixes iteself only to resurface within few hours.
The apache process would still be running i.e. apache does not die but no websites hosted on my server would be accessible from browser. And when this happens the apache logs do not log any http requests.
Instead when this happens all http requests to my server would be redirected to some weird Trojan website and my Norton Antivirus would show an Alert/Warning, for example; "Browser exploit at www.xxx.xxx was blocked" Risk Name: MSIE WebViewFolderIcon ActiveX Control BO
or another error like; "Auto-Protect has detected Trojan.Fakeavalert".
At first i thought the problem could be with my Laptop/ISP so i logged on to the server via SSH and opened try to open a website using command line "lynx mywebsite.com" and it shows following error; "Alert!: HTTP/1.0 503 Service Unavailable".
Now if i assume my laptop were to be infected, then as soon as i restart my apache and visit mywebsite.com eveything returns to normal with no such warnings. Why do i see those norton error messages only when apache is down with 503, and when apache is down with 503 how come the http requests always get redirected to some suspicious websites and nothing gets logged in apache error log?
I think my server is being attacked causing http to get unresponsive and thereafter http requests to my server are redirected to some malicious website, is this correct?
Also, i suspect this is a php script exploit as some customers have reported that google have blocked their website due to security reasons, i found <iframe> tage inserted in some php pages which i fixed.
Also, another thinh i noticed; when apache responds with the 503 it is referencing PHP 5.1.4 in the header response:
[root@]# curl -I xxx.xxx.xxx.xxx (my server ip) HTTP/1.0 503 Service Unavailable Server: Apache X-Powered-By: PHP/5.1.4 Retry-After: 20
I am running PHP 4.3.9m why does apache responds with PHP 5.1.4 when this 503 error surfaces?
Also, since my apache was dowan with 503 error a customer mailed in today saying; "It seems that my site www.xxxx.com is regularly down, and the winlogon virus is involved."
I suspect this is again due to the fact that http requests start getting redirected?
I am 3 days new to figuring out how to get Perl scripts to run on my Windows XP box. I downloaded and installed the Apache installation file "httpd-2.0.65-win32-x86-openssl-0.9.8y.msi" and the "strawberry-perl-5.18.2.1-32bit.msi" from the perl.org site in hopes that I could get a feedback form to work for a web site that I am working on.
Out of the many pages that I have viewed online of how to configure the Apache Server, nothing has given any favorable results with their explanations.
My last attempt was [URL] ..... where I could not get the example to work. I did the changes to the Apache file "Edit the Apache httpd.conf Configuration File" fairly easily but I must be having problems with the test.pl because I can't get it to work.
I used a different version of Perl (Strawbery from perl.org because it installed without giving me an error pop up after installation) and after copy pasting the script, in an attempt to get it working, I ended up changing it in hopes that I could get it working, shown below.
where I assumed that "#!" meant the "C:" drive and substituted the first "/perl" with the folder the Strawbery Perl had installed itself to and left the second "/perl" in the first line thinking that it was referring to the executable in the "C:strawberryperlbin" folder.
This is the error I get when trying to get the script to run when typing "localhost/test.pl" in the address bar.
"Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. ........"
Know how I can change the title of this post to read "Configuring Apache HTTP Server 2.0 to run Perl in Windows"?
I get an error when i try to access my webmail(horde) over the i-net i get error Unable to get webmail password every time. The error appeared when i upgraded from 11.09 to 11.5. I also followed this tutorial but it didn't worked too. --> [URL] ....
In Plesk (V. 12.0.18) there is no possibility to create mail accounts for subdomains via web interface. The KB article [URL] ..... describes this problem. The article suggests two possible ways.
I donĀ“t want to use option 1 (create subdomain as additional domain) because a subdomain as domain wastes a domain in the license model.
Instead of that I tried the second way (command line interface). I can execute the first command without problems. When I try to execute the second command, I get the following error: "An error occured during mailname creation: Unable to set password: Domain of type subdomain selected".
On our production service, we've been getting numerous malformed POST requests to some of our CGI scripts that are showing up as 500 errors in our logs. They are malformed in the sense that the actual content length doesn't match the Content-Length specified in the request.
Here's the most trivial example I can come up with that reproduces the problem for us:
In addition to the 500 error in the access log, we see the corresponding error in the error log:
(70014)End of file found: Error reading request entity data
Based on the nature of the POST request and the error response, it does appear that Apache is doing the right thing here.
The POST never actually makes it as far as the script being targeted (/some_valid_alias in the above example); in other words, Apache returns 500 to the client, writes the error to the error log and never executes the script.
Is there a way to capture/avoid internal Apache errors like 70014, and return some other HTTP status besides 500 (like 403)? It's particularly annoying in our case, because our server sends us an email for all 500 errors.
So far, our best "defense" against these 500 errors is to disallow POST for these aliases, which normally just ignore the POST data anyway (when the request is not malformed):
Anybody have good experiences with some software based Apache 2.2 ddos protection. Im trying to find something similar then mod_evasive.
It's just that evasive won't work with Apache 2.2. It actually works, but it does not do what it is supposed to do.
Have tryed many different configuration, but it just won't do it.
After Googling i found out that many have suffered same kind of experiences with mod_Evasive and Apache2.2
I guess it is not working cos we got Peruser there. http://www.telana.com/peruser.php Means that there is many differend child processes and evasive don't share data between childs.
So suggest me something. This is coming on prodution server with hundreds of domains so it has to be stable, fast and rock solid.
I was wondering if there's a simple way to implement some kind of authencation bruteforce protection in apache for windows? Right now my authentication never stops asking if user inputs the wrong credentials, this makes me think i'm vounrable for bruteforce attacks which could eventually get through if given the time.
I'm in the process of trying to pin down a couple errors I've been running into, and after installing and configuring SSL I have occasionally been receiving the following error:
Suddenly on a particular website (possibly following an easyapache php minor version update) if I specify a folder rather than a specific file I get a 503 response.
If I do the same on https it's ok. But http always gets a 503.
If I specify a file it's fine, but the folder always hits a 503.
I have removed the htaccess file and php.ini to rule that out and indeed they weren't factors - it seems like it goes wrong before reading the htaccess file.
I keep hearing that redirecting from http to https is not very secure [non-SSL to SSL]. Among other reasons, one reason is that the browser may continue to think it is communicating with non secure server and may not encrypt the data. Is it true? I hope not, I am using the following -
I made the idiotic move of not making a backup of the default configs and now I can't access my http website externally. ssl works fine, but I need http to work too.
I was trying to set up a JBoss cluster with apache httpd mod cluster in windows.I was able to start the apache using the command 'httpd. exe'. But when I tried to access it using localhost:6666/mod_cluster_manager , the page was not accessible.I have the entry 127.0.0.1 localhost in my hosts file.
The http.conf contains lines as given below:
# MOD_CLUSTER_ADDS # Adjust to you hostname and subnet. <IfModule manager_module> Listen 127.0.0.1:6666 ManagerBalancerName mycluster <VirtualHost 127.0.0.1:6666>
