Apache basic authentication – how to disable on dev computer

apache-2.2http-basic-authentication

I'm disabling access to some folders to unauthorized users this way:

AuthUserFile /var/www/passwords/.htpasswd_private
AuthType Basic
AuthName "Access to private admin section"
Require valid-user

It works fine on the production (Ubuntu) server.
The problem is I want the same code to allow access (or at least ask for password) on a windows dev computer.

Tried adding

Allow from 127.0.0.1

But the logs show error because it cannot find the password file on the dev computer.
The system cannot find the path specified. : Could not open password file: C:/var/www/passwords/.htpasswd_private

Whats the elegant way to tell apache to either allow access or ask for password on the dev computer?

Best Answer

Create the directory C:/var/www/passwords/.htpasswd_private and then use the htpasswd.exe program that comes with your apache installation to create the .htpasswd_private file

htpasswd -c C:/var/www/passwords/.htpasswd_private username
Automatically using MD5 Format
New password: *********
Re-type password: *********
Adding password for user username

Now you should have a system works like your production server.

Related Solutions

Centos – WebDAV on CentOS – getting 403 error when attempt to upload

I recently struggled with the same problem on my Fedora 10 system. In my case the culprit was some odd redirection that I was doing in Apache. Specifically, I use a content management system (Drupal, to be exact) that within it's .htaccess includes the following redirection logic to redirect missing files to a PHP script:

# Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

It makes sense that the above only affects the PUT method since in that case REQUEST_FILENAME does not exist.

Not having the WebDAV area inside of the Drupal area, which seems like a reasonable constraint, fixes the problem.

Also, I think it is likely that SELinux would result in a different error, but it's not mentioned in the discussion above. Did you try disabling SELinux?

Ssl – Django running on Apache+WSGI and apache SSL proxying

My solution thanks to Graham:



<Location /dirname>
    SSLVerifyClient      none
    SSLOptions           +FakeBasicAuth
    SSLRequireSSL
    AuthName             "name Authentication"
    AuthType             Basic
    AuthUserFile         /etc/httpd/stuff.passwd
    require              valid-user

    RequestHeader set X-Url-Scheme https


</Location>

ProxyPass /dirname http://django.test/dirname
ProxyPassReverse /dirname http://django.test/dirname

On django.test I added this :

 SetEnvIf X-Url-Scheme https HTTPS=1

after

  WSGIScriptAlias /dirname /path_to_wsgi_script/django.wsgi

Best Answer

Related Solutions

Centos – WebDAV on CentOS – getting 403 error when attempt to upload

Ssl – Django running on Apache+WSGI and apache SSL proxying

Related Topic