How to use a RELATIVE path with AuthUserFile in htaccess?

后端 未结 9 1373
我在风中等你
我在风中等你 2021-01-31 12:51

I have a .htaccess that uses basic authentication. It seems the path to the .htpasswd file isn\'t relative to the htaccess file, but instead to the server config.

So eve

相关标签:
9条回答
  • 2021-01-31 13:25

    For just in case people are looking for solution for this:

    <If "req('Host') = 'www.example.com'">
        Authtype Basic
        AuthName "user and password"
        AuthUserFile /var/www/www.example.com/.htpasswd
        Require valid-user
    </If>
    
    0 讨论(0)
  • 2021-01-31 13:26

    It is not possible to use relative paths for AuthUserFile:

    File-path is the path to the user file. If it is not absolute (i.e., if it doesn't begin with a slash), it is treated as relative to the ServerRoot.

    You have to accept and work around that limitation.


    We're using IfDefine together with an apache2 command line parameter:

    .htaccess (suitable for both development and live systems):

    <IfDefine !development>
      AuthType Basic
      AuthName "Say the secret word"
      AuthUserFile /var/www/hostname/.htpasswd
      Require valid-user
    </IfDefine>
    

    Development server configuration (Debian)

    Append the following to /etc/apache2/envvars:

    export APACHE_ARGUMENTS=-Ddevelopment
    

    Restart your apache afterwards and you'll get a password prompt only when you're not on the development server.

    You can of course add another IfDefine for the development server, just copy the block and remove the !.

    0 讨论(0)
  • 2021-01-31 13:26

    If you are trying to use XAMPP with Windows and want to use an .htaccess file on a live server and also develop on a XAMPP development machine the following works great!


    1) After a fresh install of XAMPP make sure that Apache is installed as a service.

    • This is done by opening up the XAMPP Control Panel and clicking on the little red "X" to the left of the Apache module.
    • It will then ask you if you want to install Apache as a service.
    • Then it should turn to a green check mark.

    2) When Apache is installed as a service add a new environment variable as a flag.

    • First stop the Apache service from the XAMPP Control Panel.
    • Next open a command prompt. (You know the little black window the simulates DOS)
    • Type "C:\Program Files (x86)\xampp\apache\bin\httpd.exe" -D "DEV" -k config.
    • This will append a new DEV flag to the environment variables that you can use later.

    3) Start Apache

    • Open back up the XAMPP Control Panel and start the Apache service.

    4) Create your .htaccess file with the following information...

    <IfDefine DEV>
      AuthType Basic
      AuthName "Authorized access only!"
      AuthUserFile "/sandbox/web/scripts/.htpasswd"
      require valid-user
    </IfDefine>
    
    <IfDefine !DEV>
      AuthType Basic
      AuthName "Authorized access only!"
      AuthUserFile "/home/arvo/public_html/scripts/.htpasswd"
      require valid-user
    </IfDefine>
    

    To explain the above script here are a few notes...

    • My AuthUserFile is based on my setup and personal preferences.
    • I have a local test dev box that has my webpage located at c:\sandbox\web\. Inside that folder I have a folder called scripts that contains the password file .htpasswd.
    • The first entry IfDefine DEV is used for that instance. If DEV is set (which is what we did above, only on the dev machine of coarse) then it will use that entry.
    • And in turn if using the live server IfDefine !DEV will be used.

    5) Create your password file (in this case named .htpasswd) with the following information...

    user:$apr1$EPuSBcwO$/KtqDUttQMNUa5lGXSOzk.

    A few things to note...

    • Your password file can be any name you want.
    • You should use .htpasswd for security.
    • A great password generator found @ http://www.htaccesstools.com/htpasswd-generator/
    • A great explanation and reason why you should use that name for your file is located @ http://www.htaccesstools.com/articles/htpasswd/
    • MAKE SURE YOU PUT THE PASSWORD FILE IN THE CORRECT LOCATION!!! (See step 4 AuthUserFile area)
    0 讨论(0)
  • 2021-01-31 13:32

    Let's take an example.

    Your application is located in /var/www/myApp on some Linux server

    .htaccess : /var/www/myApp/.htaccess

    htpasswdApp : /var/www/myApp/htpasswdApp. (You're free to use any name for .htpasswd file)

    To use relative path in .htaccess:

    AuthType Digest
    AuthName myApp
    AuthUserFile "htpasswdApp"
    Require valid-user
    

    But it will search for file in server_root directory. Not in document_root.

    In out case, when application is located at /var/www/myApp :

    document_root is /var/www/myApp

    server_root is /etc/apache2 //(just in our example, because of we using the linux server)

    You can redefine it in your apache configuration file ( /etc/apache2/apache2.conf), but I guess it's a bad idea.

    So to use relative file path in your /var/www/myApp/.htaccess you should define the password's file in your server_root.

    I prefer to do it by follow command:

    sudo ln -s /var/www/myApp/htpasswdApp /etc/apache2/htpasswdApp
    

    You're free to copy my command, use a hard link instead of symbol,or copy a file to your server_root.

    0 讨论(0)
  • 2021-01-31 13:37

    .htpasswd requires full absolute path from the absolute root of the server.

    Please get full absolute path of the file by echo echo $_SERVER['DOCUMENT_ROOT'];.

    here is working basic auth .htaccess script.

    AuthType Basic
    AuthName "Access to the Hidden Files"
    AuthUserFile 'C:/xampp/htdocs/ht/.htpasswd'
    Require valid-user
    

    Before login

    enter image description here

    Afetr Login

    enter image description here

    0 讨论(0)
  • 2021-01-31 13:39

    or if you develop on localhost (only for apache 2.4+):

    <If "%{REMOTE_ADDR} != '127.0.0.1'">
    </If>
    
    0 讨论(0)
提交回复
热议问题