Password protect specific files?
17 posts
• Page 1 of 1
Password protect specific files?
Hello!
I've tried to password protect specific files, but as soon as a put in the FilesMatch the site shows an error message due to an "internal server error" or something like that.
This is my .htaccess-files
# Helicon Ape version 3.1.0.233
<FilesMatch "\.(gif|jpe?g|png)$">
# Authentication type
AuthType Basic
# Name of area authentication will be used for (aka realm)
AuthName "secret area"
# Authentication provider. Here - mod_authn_file
AuthBasicProvider file
# Info for mod_authn_file - path to password file
AuthUserFile c:\inetpub\.htpasswds
# Access will be granted to all authenticated users
Require valid-user
</FilesMatch>
Is this not how you do it?
I would like to password protect a subfolder and all files of a specific type so if you try to access it you will get a login-dialog.
Best regards
Fredrik
I've tried to password protect specific files, but as soon as a put in the FilesMatch the site shows an error message due to an "internal server error" or something like that.
This is my .htaccess-files
# Helicon Ape version 3.1.0.233
<FilesMatch "\.(gif|jpe?g|png)$">
# Authentication type
AuthType Basic
# Name of area authentication will be used for (aka realm)
AuthName "secret area"
# Authentication provider. Here - mod_authn_file
AuthBasicProvider file
# Info for mod_authn_file - path to password file
AuthUserFile c:\inetpub\.htpasswds
# Access will be granted to all authenticated users
Require valid-user
</FilesMatch>
Is this not how you do it?
I would like to password protect a subfolder and all files of a specific type so if you try to access it you will get a login-dialog.
Best regards
Fredrik
Re: Password protect specific files?
Hello Fredrik,
Please try fixing the opening statement like this:
<FilesMatch "^.*\.(gif|jpe?g|png)$>
If it doesn't work, please enable logging in httpd.conf by putting
LogLevel debug
and provide error.log records for the test request.
Please try fixing the opening statement like this:
<FilesMatch "^.*\.(gif|jpe?g|png)$>
If it doesn't work, please enable logging in httpd.conf by putting
LogLevel debug
and provide error.log records for the test request.
Re: Password protect specific files?
I think that I found what was wrong in the first place when I looked at the log file. The password-file could not be found.
Now that I have corrected that, it still seems that the web page is generating the same error.
And the log is not "extended". Tried to delete the log-file and the log-file is not recreated.
##----------------------------------------------------------------------
##
## The following code enables most detailed logging for Ape
##
Loglevel debug
ErrorLog error.log
Now that I have corrected that, it still seems that the web page is generating the same error.
And the log is not "extended". Tried to delete the log-file and the log-file is not recreated.
##----------------------------------------------------------------------
##
## The following code enables most detailed logging for Ape
##
Loglevel debug
ErrorLog error.log
Re: Password protect specific files?
>Tried to delete the log-file and the log-file is not recreated.
It may happen due to insufficient permissions. Please create the empty error.log manually and see if it gets populated after that.
It is important to understand if the FileMatch gets matched and if the rule gets applied or not.
It may happen due to insufficient permissions. Please create the empty error.log manually and see if it gets populated after that.
It is important to understand if the FileMatch gets matched and if the rule gets applied or not.
Re: Password protect specific files?
I've recreated the file in:
C:\Program Files (x86)\Helicon\Ape\logs
And given it full permissions for everybody. Nothing seems to be written to the file when I run debug on the folder that gives me the error =/
In Helicon Ape Manager I go to the folder where I have the .htaccess-file and wish to use the "filesmatch" on.. and go to tools - start Ape debugger.
Then it displays the "error-page" in Ape manager but nothing has been written to the logfile. I then stop the Ape debugger. Tried this 3 times but nothing seems to write to the log-file.
It worked the first time though when I got the error that the passwd-file was missing.
C:\Program Files (x86)\Helicon\Ape\logs
And given it full permissions for everybody. Nothing seems to be written to the file when I run debug on the folder that gives me the error =/
In Helicon Ape Manager I go to the folder where I have the .htaccess-file and wish to use the "filesmatch" on.. and go to tools - start Ape debugger.
Then it displays the "error-page" in Ape manager but nothing has been written to the logfile. I then stop the Ape debugger. Tried this 3 times but nothing seems to write to the log-file.
It worked the first time though when I got the error that the passwd-file was missing.
Re: Password protect specific files?
Hello,
Instead of creating a folder for log files simply create two empty files here:
C:\Program Files (x86)\Helicon\Ape\error.log
C:\Program Files (x86)\Helicon\Ape\rewrite.log
Also please show what IIS log records for your test request.
Instead of creating a folder for log files simply create two empty files here:
C:\Program Files (x86)\Helicon\Ape\error.log
C:\Program Files (x86)\Helicon\Ape\rewrite.log
Also please show what IIS log records for your test request.
Re: Password protect specific files?
I was perhaps a little unclear in what I wrote but I've created the error.log in that folder, not just created the folder
"C:\Program Files (x86)\Helicon\Ape\logs" contains error.log and rewrite.log
Now I've created the files in C:\Program Files (x86)\Helicon\Ape\ aswell. Why should I create the files there and not in the "logs"-folder?
The IIS creates a log-file for today now that I started the file, but the log file is empty.
"C:\Program Files (x86)\Helicon\Ape\logs" contains error.log and rewrite.log
Now I've created the files in C:\Program Files (x86)\Helicon\Ape\ aswell. Why should I create the files there and not in the "logs"-folder?
The IIS creates a log-file for today now that I started the file, but the log file is empty.
Re: Password protect specific files?
Hello,
>Why should I create the files there and not in the "logs"-folder?
This is the default location, otherwise you will have to explicitly specify the path to the log files using RewriteLog and ErrorLog directives.
Please try using the Files section instead just for testing:
<Files ~ "\.(gif|jpe?g|png)$">
...
</Files>
And if you still get Internal server error, could you please show the screenshot of it.
>Why should I create the files there and not in the "logs"-folder?
This is the default location, otherwise you will have to explicitly specify the path to the log files using RewriteLog and ErrorLog directives.
Please try using the Files section instead just for testing:
<Files ~ "\.(gif|jpe?g|png)$">
...
</Files>
And if you still get Internal server error, could you please show the screenshot of it.
Re: Password protect specific files?
That seems to work!
When I use <files> I get a dialog when I try to access the "pdf.png"-file.
If I access a regular web-file like a .HTML-file it dont give a dialog to login.
Seems to work fine and no error.
Perhaps I cant use the filesmatch?
When I use <files> I get a dialog when I try to access the "pdf.png"-file.
If I access a regular web-file like a .HTML-file it dont give a dialog to login.
Seems to work fine and no error.
Perhaps I cant use the filesmatch?
Re: Password protect specific files?
If I want to exclude certain IP-adresses from this "rule", where do I write that?
Best regards
Fredrik
Best regards
Fredrik
Re: Password protect specific files?
Hello Fredrik,
>If I want to exclude certain IP-adresses from this "rule", where do I write that?
You may try specifying specific ip-addresses by putting <VirtualHost> tags around the <Files> tabs:
https://www.helicontech.com/ape/doc/mod ... irtualHost
>If I want to exclude certain IP-adresses from this "rule", where do I write that?
You may try specifying specific ip-addresses by putting <VirtualHost> tags around the <Files> tabs:
https://www.helicontech.com/ape/doc/mod ... irtualHost
Re: Password protect specific files?
Hmm, Im not sure that I understand, but won't VirtualHost make it that only specific IPadresses are affected by this "files"-rule?
I've googled a little and .htaccess have something that is like:
Allow from 127.0.0.1
Allow from localhost
I want to allow calls to specific file types from the localhost (for example) to be ignored and not use this rule and allow full access.
I've googled a little and .htaccess have something that is like:
Allow from 127.0.0.1
Allow from localhost
I want to allow calls to specific file types from the localhost (for example) to be ignored and not use this rule and allow full access.
Re: Password protect specific files?
Hello,
>I want to allow calls to specific file types from the localhost (for example) to be ignored and not use this rule and allow full access.
I believe you can use Deny directive to prohibit access from certain IPs:
https://www.helicontech.com/ape/doc/mod_authz_host.htm
And you can also put Allow and Deny directives inside <Files> tags.
>I want to allow calls to specific file types from the localhost (for example) to be ignored and not use this rule and allow full access.
I believe you can use Deny directive to prohibit access from certain IPs:
https://www.helicontech.com/ape/doc/mod_authz_host.htm
And you can also put Allow and Deny directives inside <Files> tags.
Re: Password protect specific files?
Anton wrote:Hello,
>I want to allow calls to specific file types from the localhost (for example) to be ignored and not use this rule and allow full access.
I believe you can use Deny directive to prohibit access from certain IPs:
https://www.helicontech.com/ape/doc/mod_authz_host.htm
And you can also put Allow and Deny directives inside <Files> tags.
I want it to deny everybody... except for IP 127.0.0.1
Then I put allow on 127.0.0.1 ?
Does not seem to work though?
Re: Password protect specific files?
Hello,
>I want it to deny everybody... except for IP 127.0.0.1 Then I put allow on 127.0.0.1 ?
Yes, I believe it should look like this:
Order Allow,Deny
Allow from 127.0.0.1
Please show error.log records after you make your test request.
>I want it to deny everybody... except for IP 127.0.0.1 Then I put allow on 127.0.0.1 ?
Yes, I believe it should look like this:
Order Allow,Deny
Allow from 127.0.0.1
Please show error.log records after you make your test request.
Re: Password protect specific files?
<Files ~ "\.(asp)$">
# Authentication type
AuthType Basic
# Name of area authentication will be used for (aka realm)
AuthName "3pl inloggning"
# Authentication provider. Here - mod_authn_file
AuthBasicProvider file
# Info for mod_authn_file - path to password file
AuthUserFile c:\inetpub\.htpasswds
# Access will be granted to all authenticated users
Require valid-user
Order deny, allow
Allow from 127.0.0.1
Allow from localhost
Satisfy any
</Files>
This does not seem to work. I want to exlude 127.0.0.1 (or localhost) from this rule. So if my local program makes a request to the page I don't want it to be affected by the "login".
Is this possible? The program just says"an error occurred: Remote server returned an error: (401) Unauthorized
# Authentication type
AuthType Basic
# Name of area authentication will be used for (aka realm)
AuthName "3pl inloggning"
# Authentication provider. Here - mod_authn_file
AuthBasicProvider file
# Info for mod_authn_file - path to password file
AuthUserFile c:\inetpub\.htpasswds
# Access will be granted to all authenticated users
Require valid-user
Order deny, allow
Allow from 127.0.0.1
Allow from localhost
Satisfy any
</Files>
This does not seem to work. I want to exlude 127.0.0.1 (or localhost) from this rule. So if my local program makes a request to the page I don't want it to be affected by the "login".
Is this possible? The program just says"an error occurred: Remote server returned an error: (401) Unauthorized
Re: Password protect specific files?
I found a solution.. I could send username and password with the request so then I can give correct credentials
17 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 43 guests