Comments on: Apache Authentication in htaccess http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html Advanced Web Development Thu, 18 Mar 2010 14:15:10 +0000 hourly 1 By: AK http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html#comment-124887 AK Wed, 10 Mar 2010 21:11:48 +0000 http://www.askapache.com.com/htaccess/apache-authentication-in-htaccess.html#comment-124887 Your "Allow from IP without password prompt, and also allow from any address with password prompt" example is exactly what I was looking for. Thank you! Your “Allow from IP without password prompt, and also allow from any address with password prompt” example is exactly what I was looking for. Thank you!

]]> By: Apache Development http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html#comment-121288 Apache Development Sun, 28 Feb 2010 12:37:48 +0000 http://www.askapache.com.com/htaccess/apache-authentication-in-htaccess.html#comment-121288 I am encountering a problem where I get a 404 page every time I put Require valid-user into the .htaccess of a folder. Any ideas why this might be happening? I am encountering a problem where I get a 404 page every time I put Require valid-user into the .htaccess of a folder. Any ideas why this might be happening?

]]> By: martin http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html#comment-111341 martin Tue, 24 Nov 2009 12:32:00 +0000 http://www.askapache.com.com/htaccess/apache-authentication-in-htaccess.html#comment-111341 Great article, thank you! Great article, thank you!

]]> By: Fred http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html#comment-110956 Fred Sun, 22 Nov 2009 19:52:20 +0000 http://www.askapache.com.com/htaccess/apache-authentication-in-htaccess.html#comment-110956 Bobby, create an .htaccess file in your wp-admin directory following the contents listed in "Allow from IP without password prompt, and also allow from any address with password prompt". The "Allow from 172.17.10.1" should contain your static IP address if you have one, or that of your client if you are building this site for someone else to access. Of course, you can add more than one line in that format. It will allow anyone arriving from an IP in the Allow statement(s) to access the WPAdmin login screen without having the enter the Apache Username/Password combination. Everyone else will be stopped at the Apache login screen, and if they authenticate there they will then receive the WP login screen. I do this on over 100 WP sites. Bobby, create an .htaccess file in your wp-admin directory following the contents listed in “Allow from IP without password prompt, and also allow from any address with password prompt”.

The “Allow from 172.17.10.1″ should contain your static IP address if you have one, or that of your client if you are building this site for someone else to access. Of course, you can add more than one line in that format. It will allow anyone arriving from an IP in the Allow statement(s) to access the WPAdmin login screen without having the enter the Apache Username/Password combination. Everyone else will be stopped at the Apache login screen, and if they authenticate there they will then receive the WP login screen. I do this on over 100 WP sites.

]]> By: Bobby Kozora http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html#comment-110135 Bobby Kozora Wed, 18 Nov 2009 15:32:01 +0000 http://www.askapache.com.com/htaccess/apache-authentication-in-htaccess.html#comment-110135 I'm trying to use apache authentication as added protection to the password protected admin section of one of my sites. The site's using Wordpress. What's happening is when I access the admin section the .htaccess file in that directory isn't executing. Well, it will throw errors but if all's fine it passes back to my root .htaccess which then displays the 404 page. If I remove the .htaccess from my admin directory I can once again access my login page. Any ideas? I'm stumped. I’m trying to use apache authentication as added protection to the password protected admin section of one of my sites. The site’s using Wordpress. What’s happening is when I access the admin section the .htaccess file in that directory isn’t executing. Well, it will throw errors but if all’s fine it passes back to my root .htaccess which then displays the 404 page. If I remove the .htaccess from my admin directory I can once again access my login page. Any ideas? I’m stumped.

]]> By: chris jar http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html#comment-72822 chris jar Tue, 05 May 2009 10:22:35 +0000 http://www.askapache.com.com/htaccess/apache-authentication-in-htaccess.html#comment-72822 Hi, I encountered this problem. I have <code>.htaccess</code> file: <pre>AuthType Basic AuthName "RestrictedFilesmain" AuthUserFile "d:\Program Files\Apache Group\Apache2\htdocs\main\conf\c.htpasswd" ErrorDocument 401 "ERROR_ 441 Authorization Required" ErrorDocument 403 "ERROR_ 403 Forbidden" ErrorDocument 404 "ERROR_ 404 Not Found" Require user loggeduser Require user chris</pre> and <code>c.htpasswd</code> file <pre>loggeduser:10144831511059024327 chris:a2wssd</pre> When I log in into the protected page for the first time I enter chris:a2wssd and I am allowed to enter the page. Next I change password in the <code>c.httpasswd</code> file into <code>a2ws4ss</code>. And I still have access to the page just using refresh button in my Firefox browser. It looks like the Apache server didn't notice that I have change the password value in the mean time. What's wrong? I need to stop immediately the access to the protected page by changing the password in the file. Regards chris Hi,

I encountered this problem.

I have .htaccess file:

AuthType Basic
AuthName &quot;RestrictedFilesmain&quot;
AuthUserFile &quot;d:\Program Files\Apache Group\Apache2\htdocs\main\conf\c.htpasswd&quot;
ErrorDocument 401 &quot;ERROR_ 441 Authorization Required&quot;
ErrorDocument 403 &quot;ERROR_ 403 Forbidden&quot;
ErrorDocument 404 &quot;ERROR_ 404 Not Found&quot;
Require user loggeduser
Require user chris

and c.htpasswd file

loggeduser:10144831511059024327
chris:a2wssd

When I log in into the protected page for the first time I enter chris:a2wssd and I am allowed to enter the page. Next I change password in the c.httpasswd file into a2ws4ss. And I still have access to the page just using refresh button in my Firefox browser.

It looks like the Apache server didn’t notice that I have change the password value in the mean time. What’s wrong? I need to stop immediately the access to the protected page by changing the password in the file.

Regards chris

]]> By: Motosauro http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html#comment-65043 Motosauro Tue, 17 Feb 2009 09:08:34 +0000 http://www.askapache.com.com/htaccess/apache-authentication-in-htaccess.html#comment-65043 Thanks for the snippets, I pasted them into my blog since I tend to forget them very easily :) Just one question: why do you think it's better to put ErrorDocument override in .htaccess files rather than vhost definitions? I place them in vhost definition files because they don't ever change (almost). I guess it's just a matter of personal taste though Thanks mate :) Thanks for the snippets, I pasted them into my blog since I tend to forget them very easily :)

Just one question: why do you think it’s better to put ErrorDocument override in .htaccess files rather than vhost definitions?
I place them in vhost definition files because they don’t ever change (almost). I guess it’s just a matter of personal taste though

Thanks mate :)

]]> By: AskApache http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html#comment-44065 AskApache Mon, 11 Aug 2008 17:15:51 +0000 http://www.askapache.com.com/htaccess/apache-authentication-in-htaccess.html#comment-44065 <p><strong>@ Fred</strong></p> <p>Absolutely right. Thanks for the heads, thats a pretty big foul up on my part.</p> @ Fred

Absolutely right. Thanks for the heads, thats a pretty big foul up on my part.

]]> By: Fred http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html#comment-44060 Fred Mon, 11 Aug 2008 14:34:00 +0000 http://www.askapache.com.com/htaccess/apache-authentication-in-htaccess.html#comment-44060 Regarding "Require password for 1 file only", shouldn't this: <pre>AuthName "htaccess password prompt" AuthType Basic AuthUserFile /home/askapache.com/.htpasswd Require valid-user</pre> be this: <pre>AuthName "htaccess password prompt" AuthType Basic AuthUserFile /home/askapache.com/.htpasswd Order deny,allow Deny from all Require valid-user</pre> Your example allowed anyone on in two of my systems because of lack of a deny clause. Adding the two lines solved it. Regarding “Require password for 1 file only”, shouldn’t this:

AuthName &quot;htaccess password prompt&quot;
AuthType Basic
AuthUserFile /home/askapache.com/.htpasswd
Require valid-user

be this:

AuthName &quot;htaccess password prompt&quot;
AuthType Basic
AuthUserFile /home/askapache.com/.htpasswd
Order deny,allow
Deny from all
Require valid-user

Your example allowed anyone on in two of my systems because of lack of a deny clause. Adding the two lines solved it.

]]> By: Lauren http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html#comment-37576 Lauren Tue, 25 Mar 2008 23:29:14 +0000 http://www.askapache.com.com/htaccess/apache-authentication-in-htaccess.html#comment-37576 I deactivated the plugin, tried to modify the .htaccess in wp-admin, but still cannot get into my admin panel. Help!!!!!! I deactivated the plugin, tried to modify the .htaccess in wp-admin, but still cannot get into my admin panel. Help!!!!!!

]]>