Stack Overflow
Stack Overflow

Questions tagged [.htpasswd]

.htpasswd is a flat-file used to store usernames and password for basic authentication of Apache HTTP Server.

.htpasswd is a flat-file used to store usernames and passwords for basic authentication on Apache HTTP Servers. The name of the file is given in the .htaccess configuration, and can be anything, but ".htpasswd" is the canonical name. The file name starts with a dot, because most Unix-like operating systems consider any file that begins with dot to be hidden.

This file is often maintained with the shell command htpasswd which can add, delete, and update users, and will properly encode the passwords for use (so they are easily checked, but cannot be reversed back to the original password).

The file consists of rows. Each row corresponds to a username and hashed password pair, separated with the colon. For example:

user:password

The hashed password is typically "UNIX crypt" style, encrypted in either MD5 or SHA1 as common alternatives.

Additional users can be added by using the htpasswd shell command or by appending new lines to the file. For example:

user1:password1
user2:password2

Resources available on the Apache HTTP server can be restricted to users listed in the files created by htpasswd.

See also

526 questions
7
votes
5 answers

htaccess conditionals

I have setup htpasswd authentication on my live site and it works great, but I don't want to be asked for a password when I am working on the development environment. In my httpd.conf file I have: SetEnv APP_ENV "development" In my .htaccess file I…
Lizard
  • 43,732
  • 39
  • 106
  • 167
7
votes
1 answer

download files with spaces in their name - restriction through htaccess

I stumbled upon strange way to protect files. Basicly there is empty download.php file in protected folder and two files that cause file to be downloaded (from the same folder): .htpwd where password is stored and .htaccess: RewriteEngine…
Greg Viv
  • 817
  • 1
  • 8
  • 22
6
votes
2 answers

How do I figure out what user & group Apache is running as?

On DreamHost shared hosting, I'm setting up htpasswd, but Apache does not have permission to read the file. How do I give it permission? I want to either change the owner or group of the .htpasswd file instead of giving it insecure permissions. I…
ma11hew28
  • 121,420
  • 116
  • 450
  • 651
6
votes
1 answer

.htaccess password protected folder goes to 404 page

I've stumbled upon a strange issue. Lets say I have folder in main domain directory: /myfolder When I try to access index of files in this folder I go to: myurl.com/myfolder And it works without any problems. Now when I put .htaccess with password…
Greg Viv
  • 817
  • 1
  • 8
  • 22
6
votes
1 answer

password protect multiple directories via htaccess

I am able to password protect directories via the htaccess file at the root of my site (I have to use one htaccess file in my site root because of my CMS). The issue I'm having is assigning users to each directory I want to protect. I can create…
Doug
  • 539
  • 3
  • 12
5
votes
2 answers

Docker private registry login using htpasswd file doesn't work

I am adding authentication to my docker private registry in windows 10. I have initially not implemented basic authentication but later, I implemented it using a htpasswd file which is in my auth folder. I have been following up on the instructions…
Muskan Paliwal
  • 53
  • 1
  • 7
5
votes
3 answers

How to use htpasswd protection in Tomcat?

I have already created a user database file using Apache's htpasswd command. This file is now used by several other application like apache and subversion. Users in are created like this: htpasswd /path/to/users.htpasswd peter This user file is…
Juha Syrjälä
  • 33,425
  • 31
  • 131
  • 183
5
votes
2 answers

Securing devel grails application with single htpasswd like password

I am showing a grails app to some colleagues on a public domain. So far I am working in devel mode and have not deployed via war. I need to secure the application in order to keep onybody from checking it out / playing with it. I have a user mgmt in…
fluxon
  • 538
  • 7
  • 19
5
votes
2 answers

Adding a salt to .htpasswd?

Is it possible to add a salt to passwords in .hpasswd files? I assume not since the server would need the salt for each user in order to verify the password and I can't think of how it would get them, but otherwise if the list was to be obtained it…
Ben
  • 159
  • 1
  • 3
  • 6
5
votes
1 answer

Password protect GitLab pages with htpasswd

Is there a way to password protect a website published using GitLab pages? I tried adding an .htpasswd file to the root of the /pages directory, but that just makes the file available to everyone who goes to…
ostrokach
  • 17,993
  • 11
  • 78
  • 90
5
votes
1 answer

Domain specific htpasswd conditions

I am using a wildcard dns system that routes all subdomains through a single web app and sets a userid based on the first part of the URL (X.domain.com where X is the username). I now want to edit my htaccess file to enable conditional httpauth…
Dan Tudor
  • 61
  • 1
  • 4
5
votes
1 answer

Password protect a virtual directory? - .htpasswd/.htaccess

Is it possible to password protect a virtual directory (such as a wordpress category): /c/sofas/ It looks like would work in httpd_config, but not .htaccess Is it possible? Possibly with a mod_rewrite somewhere?
Kerry Jones
  • 21,806
  • 12
  • 62
  • 89
5
votes
2 answers

htaccess password protect files with different users

I have a files server and I use mod_autoindex to server the files. I have a username and password in htaccess so only certain people can access the files. I have added another user to htpasswd but I would only like that user to access some of the…
Tony Brix
  • 4,085
  • 7
  • 41
  • 53
5
votes
1 answer

Nginx password protect root, and separate password for subdirectory

I'm trying to set up basic HTTP authentication with Nginx that's multi-layered. I'd like to have one username & password for the entire site except for a certain subdirectory (URL), and a separate username & password for that subdirectory. If…
Christiaan
  • 1,051
  • 2
  • 11
  • 20
5
votes
1 answer

Convert passwords from htpasswd to htdigest

On a Server I like to switch from Apache auth_basic to auth_digest for security reasons. Is there a way to convert the old .htpasswd file to the htdigest format?
pixelsucht
  • 228
  • 2
  • 8
1 2
3
35 36