htaccess doesn't work - always wrong password

2019-02-05 15:48发布

站内问答 / 前端开发
1075 8 4

I am trying to password protect a directory, and have two files in the directory which should password protected it:

  • .htaccess
  • .htpasswd

HTACCESS:

###Contents of .htaccess:
AuthUserFile /var/www/html/path/to/my/directory/.htpasswd
AuthName "Protected Files"
AuthType Basic
Require user admin

HTPASSWD:

###Contents of .htpasswd
admin:oxRHPuqwKiANY

The password is also admin, but no matter what password I try, it is always wrong. It immediately asks for the password again!

What is wrong with this configuration?

8条回答
Bombasti
2楼-- · 2019-02-05 16:02

I had the same issue.

  • The password should have specified encryption:

CRYPT_STD_DES - Standard DES-based hash with a two character salt from the alphabet "./0-9A-Za-z".

function standard_salt(){
$a = array_merge(range(0,9),range('a','z'),range('A','Z'));
return (string) $a[rand(0,count($a)-1)].$a[rand(0,count($a)-1)];
}

echo(crypt("admin",standard_salt()));

example:

admin:dsbU.we73eauE

Onlione javascript encripter is also available.

If it still does not work, take care of these:

  • use unix linebreaks
  • use correct AuthUserFile path, You can get it using: echo $_SERVER['DOCUMENT_ROOT'];
  • set file readable: chmod(".htpasswd",0644);
查看更多
0人赞 添加讨论(0) 举报
Explosion°爆炸
3楼-- · 2019-02-05 16:07

I had a similar issue using MAMP and it was because i was creating .htpasswd by hand. Solution was to use htpasswd command in terminal:

htpasswd -bc .htpasswd someuser somepass

this created the .htpasswd file which worked fine with my .htaccess file which looked like so:

AuthType Basic
AuthName "This site is in alpha and requires a password."
AuthUserFile "/Applications/MAMP/htdocs/mywebsite/.htpasswd"
require valid-user
查看更多
0人赞 添加讨论(0) 举报
姐就是有狂的资本
4楼-- · 2019-02-05 16:08

My problem was that I did not give an absolute path for the AuthFile line.

查看更多
0人赞 添加讨论(0) 举报
Luminary・发光体
5楼-- · 2019-02-05 16:10

Also, make sure your password file is ANSI-encoded.

查看更多
0人赞 添加讨论(0) 举报
爷、活的狠高调
6楼-- · 2019-02-05 16:16

I spent about 2 hours to resolve the same issue. But problem was in nginx. I have nginx as front web server and there was a line for proxy configuration:

proxy_set_header Authorization "";

It overrides Authorization field and apache don't receive login and password typed in.

I just commented out this line and it worked.

查看更多
0人赞 添加讨论(0) 举报
放荡不羁爱自由
7楼-- · 2019-02-05 16:20

This problem is almost always because apache cannot read the .htpasswd file. There are four causes that come to mind:

  1. it isn't parsing the path correctly... how did you create the .htaccess file? Does it have unix line endings (versus say using Notepad in Windows?

  2. is the path correct? What does the following command (with the path update) show? ls -l /var/www/html/path/to/my/directory/.htpasswd

  3. does the web server have access to the file? chmod 644 and see if that solves the problem.

  4. it can't parse the .htpasswd file: in this case, you are using the crypt() encryption so it does seem you created the file on Linux and it is probably fine. Some types of encryption only work on certain platforms, if in doubt try switching to MD5.

You may find helpful messages in the Apache error log.

My money is on #3.

查看更多
0人赞 添加讨论(0) 举报
1 2 下一页
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)