.htpasswd

I'm trying to use .htpasswd to protect an /admin/ section on my domain. I'm able to successfully protect the root index.php file using this config: location /admin/ { try_files $uri $uri/ =404; auth_basic "Restricted"; auth_basic_user_file /etc/nginx/.htpasswd; } But the associated files within that folder are still viewable. For instance, on http://domain.com/admin/whatever.php -- the page loads, then the Nginx password auth comes up, but you can simply cancel out of it and still view the page. After doing some research, I've tried to use regex wildcards unsuccessfully. Doesn't work: location

I am using a wildcard dns system that routes all subdomains through a single web app and sets a userid based on the first part of the URL (X.domain.com where X is the username). I now want to edit my htaccess file to enable conditional httpauth using htpasswd for specific domains. e.g. if url = password.domain.com the enable httpauth. I'm sure this is possible but have limited knowledge of htaccess. Gnurou You can use SetEnvIf , here's a snippet from this post by Tom Schlick. #allows a single uri through the .htaccess password protection SetEnvIf Request_URI "/testing_uri$" test_uri #allows

I've stumbled upon a strange issue. Lets say I have folder in main domain directory: /myfolder When I try to access index of files in this folder I go to: myurl.com/myfolder And it works without any problems. Now when I put .htaccess with password protection in this folder like: AuthUserFile /home/mywebsite/.htpasssomerandomname AuthType Basic AuthName "Authentication Required" Require valid-user Suddenly instead of asking me for password when I try to access myurl.com/myfolder I get 404 wordpress template page. Below is my .htaccess in main WordPress folder. <IfModule mod_rewrite.c>

My question is simple. How to allow users to change their passwords stored in some htpasswd file in linux without revealing the files content or allow users to modify other passwords? I tried to write a script to do that job using ssh and specialy-designed user but it leads noway. Please help. I am using Debian server "Lenny". The Apache htpasswd file does not support any shadow functionality. Therefor you have to prevent the users accessing your web server in order to keep them away from the password file. So the only solution is your SSH based approach or any other remote solution. The