Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [http-basic-authentication]

256 questions
1
vote
0 answers

Apache2 Location directive and mod_rewrite

I have a website that is protected with basic authentication, except for one file, one folder, and one rewritten URL location. It looks like this: AuthType Basic AuthName "Authentication Required" …
Ben Holness
  • 944
  • 2
  • 10
  • 28
1
vote
1 answer

How to disable basic authentication when using kerberos on nginx?

My task is to configure Kerberos authentication on nginx. The backend is django. The idea is that when a request is made to api, nginx should perform kerberos authentication. But in case the user is not in the domain, then a redirect to the /auth…
user12844285
  • 11
  • 2
0
votes
1 answer

mod security blocking basic authentication

I have a vps with centos 7, apache with mod_security and mod_evasive. I have a form in php with basic authentication. When I try to authenticate through the application (before activating mod security worked) appears in the logs that entered the…
Mylon
  • 1
0
votes
1 answer

Require basic auth for specific IPs in nginx

I have a whitelist of IPs for nginx, but in addition to this I want to require basic authentication for specific IP. For example, allow access for these IPs: 198.51.100.1 198.51.100.2 require basic authentication for this IP: 198.51.100.3 and deny…
Oleg
  • 276
  • 4
  • 18
0
votes
2 answers

restrict access to subdirectory in apache, leaving parent open

I am setting a webdav on apache2.4 and I need for my top directory /webdav to be freely open and for a sub directory like /webdav/projects/secretproject to be protected with a password. My curremt dav.conf looks like this Alias /webdav…
Jorge Mendes
  • 316
  • 1
  • 2
  • 12
0
votes
0 answers

How to secure an insecure device on an untrusted network, via a web proxy?

Here's my situation: I've got a network-based device with a web-page interface, and the developers of this device, in their wisdom, did not include any kind of access-control or encryption for the web interface -- i.e. anyone on the same LAN can…
Jeremy Friesner
  • 1,323
  • 1
  • 14
  • 25
0
votes
1 answer

Root URL forces IE to "HTTP BASIC" authentication mode?

I have a RoR app that has worked fine for quite some time, but after a recent deployment, all of the IE users in the office have been presented with a IE username and password popup dialog when they navigate to the root URL. The dialog is titled…
Mark S.
  • 211
  • 3
  • 6
0
votes
1 answer

Apache queries mariadb database -> how to log queries?

I got a apache2 vhost-configuration with BasicAuth. With the AuthDBDUserPWQery directive I'm checking a mariadb in the background, if the user-pw-combination exists. For troubleshooting I want to see the exact query, the apache sends to the db. How…
Luca
  • 1
0
votes
1 answer

htaccess + htpasswd: how to prevent executing php scripts without specifying a password

My site is managed by Apache on Linux. In the base directory, there is the sub folder fill. In this subfolder, there is a php script: do.php Here is my .htaccess: AuthType Basic AuthName 'Welcome back' AuthUserFile…
user54614
  • 379
  • 2
  • 6
  • 18
0
votes
0 answers

Authenticate app on server

I did a website that is only allowed to people whose IP are whitelisted. Unfortunately for me, my client wants me to create an app. What I did, and it works since I've implemented a Basic Auth to allow my app to connect to the server. But every…
ferdi_
  • 3
  • 3
0
votes
3 answers

How to grant access to sublocations when root location is protected by htauth in Apache 2.4

I have the following site configuration AuthUserFile /path/.htpasswd AuthName "Restricted Area" AuthType Basic require valid-user which restricts access to all locations. Now I want to exclude say…
Aley
  • 209
  • 2
  • 4
  • 16
0
votes
1 answer

Multi-User Server ; Basic Authentication ; User 1 Can Access User 2s Folder After Logging In To His Own and Backtracking

I have an Apache 2.4 server running with PHP and MySQL included. I have pages that are restricted (or are supposed to be) to certain users only. Each user has their own restricted page and must supply a username and password to access it. Inside the…
Alex Schneider
  • 103
  • 1
0
votes
1 answer

Apache 2.4: Set user dependent environment variable

I just wondered if it's possible to set an environment variable depending on the basic authentication user. I tried the following versions, but none of them work (obviously none of them is documented either): SetEnvIf HTTP_USER "marco"…
themisterunknown
  • 113
  • 1
  • 5
0
votes
0 answers

Apache Basic authentication using .htaccess file doesnt work on files in directory

I need to protect files within a directory, I used .htaccess file as below and put it in the directory : AuthType Basic AuthName "Authentication Required" AuthUserFile "c:\passwords\.htpasswd" Require valid-user It works fine when I browse the…
siavash
  • 3
  • 3
0
votes
0 answers

Is there a way to detect server ip in nginx configuration file?

I'm using nginx/1.12.0 and tried $server_addr directive but it gives me an error: nginx: [emerg] invalid parameter "$server_addr" in /etc/nginx/sites-enabled/conf Here is my code nginx conf block: location /login { deny all; …
mirza
  • 101
  • 2
1 2 3
17 18