Home / ubuntu / Questions / 1329297
Accepted
Daniel Kaplan
Asked: 2021-04-05 22:08:30 +0800 CST

Why can I not password protect specific URL paths?

  • 772

I have a directory that I would like only real users to access.

That directory is www.example.com/video

I have gone into /etc/apache2/apache2.conf and made sure that the following was set:

<Directory /var/www/>
        Options FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>

Then I entered into the path /var/www/example.com/public_html/video and created the following .htaccess file:

AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/passwd
Require valid-user

I realize the passwd file seems in a strange place, according to other posts I have looked at. But when I cat it, it has all passwords, including test users I created today.

I get the proper popup,

Yet it won't accept any users and their passwords. The web page I get, once I give up and click cancel is:

Unauthorized

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

Apache/2.4.29 (Ubuntu) Server at www.example.com Port 80

Any thoughts as to what I am doing incorrectly?

server

1 Answers

  1. Best Answer

    You can but you do need to follow the rules as described:

    The AuthUserFile directive sets the name of a textual file containing the list of users and passwords for user authentication. File-path is the path to the user file. If it is not absolute, it is treated as relative to the ServerRoot.

    Each line of the user file contains a username followed by a colon, followed by the encrypted password.

    For mod_auth_basic, use the utility htpasswd which is installed as part of the binary distribution, or which can be found in src/support. See the man page for more details. In short:

    • Create a password file Filename with username as the initial ID. It will prompt for the password:

      htpasswd -c Filename username

    • Add or modify username2 in the password file Filename:

      htpasswd Filename username2

    Security

    Make sure that the AuthUserFile is stored outside the document tree of the web-server. Do not put it in the directory that it protects. Otherwise, clients may be able to download the AuthUserFile.

    You need to create the password file using htpasswd.

    • 1