Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [http-basic-authentication]

256 questions
0
votes
0 answers

IIS Intranet Users Login

I have a web application deployed in IIS 7. I want to configure it so that others from all intranet Domains can login to the web application. Here are the things I've done: Enabled IIS Windows Authentication I go to "lusrmgr.msc" Local Users and…
Jemru
  • 101
0
votes
2 answers

How to set BasicAuth everywhere EXCEPT certain directories

When it comes to setting BasicAuth protection for specific directory, I use simple setup (in apache2.conf file): Deny from all AuthUserFile /var/pswd/somedir/.htpasswd AuthName authorization AuthType Basic Satisfy…
Gacek
  • 85
  • 1
  • 1
  • 13
0
votes
1 answer

Truncate Basic authentication username and password in Apache proxy

We need to proxy a request to a server. The sender has an autogenerated username and password, and will use basic authentication. We can't change these how these are generated by the sender. The server will accept only usernames and passwords that…
The Archetypal Paul
  • 783
  • 7
  • 20
0
votes
0 answers

Secure Port with Nginx Web Server Authentication auth_basic

I am trying to secure the login URL of my website (Ajenti control panel) with auth_basic authentication. I access the site like this: https://myajentiinstallation.com:8787 In the file /etc/nginx.custom.d/codes.conf, I have this code: server { …
Pamela
  • 187
  • 2
  • 13
0
votes
0 answers

Basic ncsa authentication is not workling in squid

I'm using squid-3.3.8-12.el7_0.x86_64 on CentOS 7 I've configured squid for basic authentication, md5 password works, but if fails when I try to use either blowfish or sha password. Below is the cache.log when it fails and squid.conf: 2015/03/18…
sebelk
  • 682
  • 4
  • 13
  • 32
0
votes
1 answer

Does the Apache Httpd basic auth functionality have a constant time password comparison?

When I use Apache Httpd's basic auth functionality, sometimes I notice that wrong passwords seem to take longer than right passwords to check. Does Apache Httpd have an option for constant time password comparisons?
MrSynAckSter
  • 157
  • 1
  • 5
0
votes
1 answer

mod_rewrite in .htaccess and basic auth in vhost - access to paths

I want to lock down a website (made on Drupal) with basic auth. Drupal is using mod_rewrite in its .htaccess file. The problem I'm facing is this - my virtual host looks like this: ServerName…
Łukasz Zaroda
  • 117
  • 2
  • 11
0
votes
1 answer

Protect /analytics on Nginx with basic authentication, but allow access to .php and .js files?

Hope this is the right place to ask. I have Piwik setup and running on a Nginx webserver that I protected with HTTP basic authentication, as seen below. location /analytics { alias /var/www/piwik/; auth_basic "Restricted"; …
Logan M.
  • 11
  • 3
0
votes
0 answers

setup SSL with CA for multiple local sites in Apache and authenticate in a specific location (Error code: ssl_error_handshake_failure_alert) Ubuntu

i'm trying to implement SSL (HTTPs) on my local web-server to protect specified directories on Apache's websites where a user log's-in, combining SSL and HTTP Authentication Basic. I have follow guides here and apache's mod_ssl mostly. I have setup…
ioaniatr
  • 131
  • 1
  • 4
0
votes
2 answers

Switching between multiple authentication types on same URL

I have a secure SSO site that uses Shibboleth authentication and SAML identity provider. I need to allow a Google Search Appliance crawler to come index the URL's. I have a requirement to change on HTTP request from SAML to Basic authentication…
chowmojo
  • 1
  • 3
0
votes
1 answer

Nginx how to use limit_req_zone on auth_basic to protect against brute force attack?

I have an Nginx server that works as an SSL proxy for a service running on a localhost that doesn't support SSL authentication. I would like to use Nginx's limit_req_zone function to protect the Basic_Auth against brute force attacks. There is a…
Joudicek Jouda
  • 101
  • 2
0
votes
1 answer

Can't get basic plain auth to work on lighttpd win 1.4.35-1-ipv6

I simply can't get Plain Basic auth to work on lighttpd for more than one user. I have this auth.user file formatted like…
Bonny1992
  • 11
  • 2
0
votes
1 answer

IIS 7.5: In the "Connect As" dialog, can't set "Specific user" to the application pool identity?

I have a bunch of websites and applications with their own app pools, all using AppPoolIdentity. App pool identities are nice because you can set file system permissions and add SQL Server users based on them without having to manage any…
Taudris
  • 101
  • 5
0
votes
1 answer

Does Basic User Authentication require 2-Phase communiation?

My Application connects to the Internet to HTTP Services using boost::asio. Recently we added support for HTTP Proxys and Basic User Authentication. We implemented Basic User Authentication by just sending Authentication parameters with every HTTP…
RED SOFT ADAIR-StefanWoe
  • 123
  • 5
0
votes
1 answer

In apache how do you validate that the logged in username matches the directory name?

Sometimes you want to setup a directory structure in apache such that logged in users can only see their own directory. (i.e. the directory name and the username match.) What do you put in the configuration so that apache will check this?
Ariel
  • 111
  • 2
1 2 3
17 18