.htaccess configure Basic Authentication apache2.conf

#1

I saved my own .htaccess to /var/www/mysebserver that points to my own .htpasswd located at /etc/apache2/.
Gave 777 permission to .htaccess

AuthType Basic
AuthName “Restricted Content”
AuthUserFile /etc/apache2/.htpasswd
Require valid-user

All my webpages located on the same folder with .htaccess.
The issue is that the basic authentication is not enabled, I still can access the html files without any authentication.

Moreover it seems .htaccess files are ignored even if i set in apache2.conf the followings:

<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
.

How do I activate Basic Authentication?

#2

Did you have any luck resolving this? I’d like to do the same, yet running into the same issues.

#3

Not yet, but still interested

#4

■■■■, was hoping you’d solved.

I’ve come up with a rather messy behind the scenes solution, from a user point of view they notice nothing. Unfortunately looks as though on the WD it won’t read anything in the .htaccess file.

Previously I had my external server acting as a reverse proxy, so rather than having (example URL) server.domain.com:1111/cops, I had books.domain.com (no port, no subdirectory), done by having my external server with .htaccess file. I wanted to keep this reverse proxy AND add htpasswd protection, however as the reverse proxy is done via .htaccess and so is .htpasswd, they wouldn’t work together, as the reverse proxy would bypass the authentication and just show the COPS environment.

So the solution I’d had to come up with is;

  1. books.domain.com has .htaccess setup with htpasswd to protect, authorised network IP’s come through without need to authenticate, if accessing from outside one of my networks (ie on mobile connection), users must authenticate.

Once authenticated either by IP or username/password, user is directed to an index file which auto redirects to a subdirectory /books which has a second .htaccess file with the reverse proxy, which masks the full URL, so the user only sees the cleaner short URL.

They are now in COPS with the URL of books.domain.com/books.

So while this all works perfectly, next issue is the fact if someone just entered books.domain.com/books they’d bypass the root books.domain.com which is where it authenticates them, so if a user shared a direct link with someone, they’d skip the authentication.

To resolve this, have added a script to the index.php of the COPS environment that only accepts users with a valid referral from books.domain.com if they have a referral, they’ll continue, if they have no referral (ie they accessed the link directly), it’ll push them back to books.domain.com to complete the authentication.

So while this is all working, I really wish I could’ve just been able to use the .htaccess in the COPS directly on my WD PR2100, then could’ve avoided all the extra config.

#6

After some weeks of trying I succeeded with Digest Authentication with is better than Basic Authentication. I Installed WebDav server on My Mook Live and after that I put PHP files inside webdav shared folder. I configured PHP files t have only read Permission.

Here it is a tutorial of how to configure WebDav server on MyBookLive

#7

@ joshobrien Please check my upper answer

#8

Interesting, but unfortunately can’t solve my use case. I’m running a COPS environment, hosting an ebook library for my family. So I need to be able to use .htaccess authentication especially since I’m running it behind a reverse proxy as well.

COPS on GitHub

1 Like