Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [http-basic-authentication]

256 questions
1
vote
1 answer

nginx auth fail2ban current connection behind cloudflare

I've noticed that fail2bans iptables rules only works on *new connections meaning as long as someone continues to hammer a login (basic auth or wordpress etc. the existing connection continues to allow it. If I pause for a few seconds the cloudflare…
G.Martin
  • 129
  • 6
1
vote
0 answers

Is Apache Basic Auth w/ SSL "good enough" from a security standpoint?

Is using Apache Basic Auth with enforced SSL good enough to secure internal-only sites that must be publicly accessible? I know that there are more advanced Apache authentication protocols such as Digest, but I'm not sure if it's really necessary to…
Felix Jen
  • 403
  • 5
  • 18
1
vote
0 answers

Apache HTTPD basic auth creates multiple login dialogs

So i have an Apache HTTPD server (v2.4.6) with mod_ssl. I setup basic auth in /etc/httpd/conf.d/ssl.conf with the code at the end: AuthType Basic AuthName "Restricted" AuthUserFile /usr/local/apache/passwd/password Require…
GodAtum
  • 317
  • 1
  • 3
  • 11
1
vote
0 answers

iis 8 basic authentication 404 error

I deployed a .Net application on Windows Server 2012. The application works fine when no authentication is enabled(with anonymous authentication). When I enable Basic authentication, the site redirects to some Accounts/login*** page(having set…
user53864
  • 1,723
  • 11
  • 37
  • 66
1
vote
2 answers

How to do basic auth with HAProxy while doing other ACL?

I am running HAProxy in front of apache servers and I want to implement basic authentication for some domains. The manual states that this should do the trick: userlist admins user myusername insecure-password mypassword frontend…
merlin
  • 2,093
  • 11
  • 39
  • 78
1
vote
1 answer

How to get the remote user from httpd basic authentication in my tomcat servlet?

I've successfully configured mod_proxy_ajp from my httpd to Tomcat, with httpd performing the SSL and basic authentication. I need the remote user in my tomcat application, so I thought using AJP would population the headers so…
dacracot
  • 469
  • 2
  • 13
  • 28
1
vote
1 answer

HTTP Basic Auth unless connecting from the office with Apache 2.4?

We wish to set up a website for demo purpose only that we can: Access from anywhere from the internet by entering a username and password via HTTP Basic Auth. For ease of use we wish to not having to go through HTTP Basic Auth from the office,…
Machoke
  • 115
  • 8
1
vote
1 answer

Nginx: Selective On/Off of Auth Basic Based on Realm

I run SugarCRM on a LEMP stack and have it closed down with auth_basic. That works fine, headers show: WWW-Authenticate: Basic realm="Username and Password are required" Some files within SugarCRM have their own built in http auth through PHP, for…
JayMcTee
  • 3,923
  • 1
  • 13
  • 22
1
vote
1 answer

.htaccess file is not working on Apache 2.4.12 and Windows Server 2008 R2

I am trying to add Authentication window to a section of the site using .htaccess file. But It is not working "the site is acting that the ".htaccess" files does not exists. here is that content of my .htaccess file AuthType Basic AuthName "PHP…
Mike
  • 265
  • 6
  • 13
1
vote
0 answers

IIS 7.5 Basic Authentication does not seem to work with virtual directories

IIS 7.5 is running in this server. I have configured IIS Manager User "someuser". On virtual directory "virtdir", which is also an IIS7.5 "app" I have set user "someuser" to allowed (in IIS Manager Permissions" (and yes, I selected the "virtdir"…
Woody
  • 11
  • 2
1
vote
0 answers

why basic auth loops when using nginx and monit

I was trying to configure nginx so that http://example.com/monit will access http://127.0.0.1:2812, which is the url monit is listening. Two authentication was set, via nginx(nginx.conf file) and monit(monitrc file). Now, accessing…
user261134
  • 19
  • 2
1
vote
1 answer

Apache as authentication proxy

We are trying to implement authentication proxy from Apache httpd. This should secure application that uses Basic Authentication but user should authenticate with httpd's authentication (mod_auth_cas in our case). I can add RequestHeader with proper…
Lukas
  • 13
  • 3
1
vote
0 answers

Disable authentication for certain files

I am trying to disable Apache authentication for certain files, but I don't seem to get it right. This is what I have on .htaccess: AuthType Basic AuthName "Authentication Required" AuthUserFile "/home/site/.htpasswd" Require valid-user
Raisen
  • 141
  • 10
1
vote
0 answers

HAproxy ACL based on backend application session cookie to replace HTTP Basic Auth

I would need some help on HAproxy configuration to bypass HTTP basic auth and let the user use a specific backend in case there is a valid session cookie present from another backend application. I got it working in general using the following…
Julian Pawlowski
  • 65
  • 2
  • 6
1
vote
1 answer

How to inhibit repeated checks to mod_auth_basic by mod_autoindex?

In Apache 2.4, When using both mod_autoindex and mod_auth_basic on a directory, the indexing of that directory causes mod_auth_basic to perform a password hash and lookup from scratch once for every single file/subdirectory in the directory. If…
Pi Marillion
  • 131
  • 2
1 2 3
17 18