Questions tagged [http-basic-authentication]
The http-basic-authentication tag has no usage guidance.
257
questions
262
votes
5
answers
1.4m
views
Can you pass user/pass for HTTP Basic Authentication in URL parameters?
I believe this is not possible, but someone I know insisted that it works. I don't even know what parameters to try, and I haven't found this documented anywhere.
I tried http://myserver.com/~user=...
40
votes
4
answers
87k
views
Enable basic auth sitewide and disabling it for subpages?
I have a relatively straight forward config:
upstream appserver-1 {
server unix:/var/www/example.com/app/tmp/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name example.com;
...
35
votes
1
answer
46k
views
How to disable http basic auth in nginx for a specific ip range?
I'm developing an application with facebook login. So far it's not public and is protected by http basic auth in nginx. Is it possible to disable http auth for facebook's ip range so that we can have ...
23
votes
2
answers
79k
views
Nginx - Forward HTTP AUTH - User
I have some trouble with Nginx and Jenkins (Hudson). I am trying to use Nginx as Reverse Proxy for the Jenkins instance with HTTP Basic Authentication.
It works so far, but i have no idea how to pass ...
19
votes
1
answer
78k
views
"server certificate verification OK" but "ALPN, server did not agree to a protocol"
I am making a curl call
curl -v ... https://...
and the verbose output contains
....
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate ...
11
votes
1
answer
8k
views
Exclusion of a protected sub-url does not work on Apache 2.4?
I try to exclude a sub-url "/shop/api" from my protected website. It worked fine on different server on Apache/2.2.15 but now not with Apache/2.4.7? It always asks for the basic authentication. Any ...
9
votes
2
answers
24k
views
NGINX basic auth timeout?
I've protected a directory with satisfy and basic_auth, but seems that the validation is not stored in a cookie which after some time it's deleted, seems it's ip or something based. So i login once ...
8
votes
1
answer
7k
views
NGINX basic auth only for POST
I'm settings up nginx to serve Mercurial repositories. It works when not using basic authentication at all, or when I use basic authentication all over.
What I want to do is to just use basic auth on ...
8
votes
3
answers
16k
views
Configure Basic Authentication on Azure's App Service
For different reasons I'm using Azure's App Service to serve static files. I would like to secure this access by Http Basic Authentication which is enough for my purposes. How can I do that? I tried ...
7
votes
2
answers
16k
views
IIS Basic Authorization ala .htaccess/.htpasswd in apache
How do I implement the protection of the pages (asp.net mvc app), so when I hit the home page or any other pages within the application I get a login dialog popup in the browser
I'm looking for ...
6
votes
2
answers
7k
views
.htaccess - Exclude folder from basic auth protection
I have a website where no one is allowed to enter without entering the basic auth credentials.
However, I need the media folder to be accessible by everyone, because we are using a third party ...
6
votes
1
answer
3k
views
How can I enable http auth in lighttpd for all directories except one?
I am trying to authenticate access to everything in webroot (/) except anything that resides in a particular directory (/directory/) and I've tried both of these options to no avail:
$HTTP["url"] =~ "...
6
votes
1
answer
2k
views
Using nginx: require authentication when request from public IP, not needed when local
I wrote a simple file browser app which is served using node on port 3000. I use nginx as a front-end which proxies this service. This is on my home server.
I would like to be able to require basic ...
5
votes
2
answers
6k
views
Apache up in flames (AH00025). How to fix?
I was trying to get Apache 2.4.10 to do basic authentication (under HTTPS) as specified in a .htaccess file. I changed one directory's settings to AllowOverride all, and it started serving up nothing ...
5
votes
2
answers
4k
views
Basic auth Apache with Tomcat
I have the following server setup:
Apache Tomcat 7 running Atlassian's Jira (http:// <server-ip>:8081/tickets)
Apache 2.4 web server as reverse proxy serving only the jira application at the ...
5
votes
1
answer
4k
views
How can I protect a Tomcat webapp that's reverse proxied in an Apache2 virtual host using basic authentication?
I'm having trouble figuring out how to adding basic HTTP authentication to password-protect a development testing environment running on a production web server. Both the main site and the testing ...
5
votes
1
answer
9k
views
Where to set username/password for BASIC authentication in IIS7
I have a .net web app running on iis7 (windows 2008) and want to add some simple protection to it.
I've managed to set up BASIC authentication, but cant work out where I set the username/passwords ...
5
votes
4
answers
6k
views
Respond to HTTP OPTIONS with basic auth
We have a web site hosting Office documents behind IIS6 Basic authentication.
IE has an authentication token for basic auth, which it presents to download the file. The user clicks "Open", and then ...
5
votes
2
answers
720
views
How do I secure a .NET (MVC) website prior to launch?
I have a .NET (MVC2) website that is in development. I have deployed it to some production infrastructure, and tested it over the internet with anonymous access (as it will be once it is live) and it ...
5
votes
2
answers
14k
views
service static files under nginx & HTTP-Authentication
I have an app deployed in testing mode on a server. Access to it has been restricted to a select group of users via HTTP-Authentication. That works fine. The problem is that if I serve static files ...
4
votes
1
answer
9k
views
Protecting a location by IP while applying basic auth everywhere else
I want to achieve the following results:
Apply basic authentication to ANY location, file, path
Remove basic authentication for an IP/CIDR range whitelist
Prevent ALL access to a specific directory, ...
4
votes
4
answers
29k
views
IIS 7.5 basic authentication and Active Directory validation
I'm not an IIS or Active Directory expert by any means so I want to present a scenario here and see if what we want to accomplish is feasible.
We have an application hosted on Windows Server 2008 R2 ...
4
votes
1
answer
3k
views
Nginx location blocks don't apply to .php files inside them?
So to help prevent brute force attacks against my phpmyadmin install I've configured nginx to require HTTP Basic Auth (extra username and password) and then the requests need to come from a ...
4
votes
1
answer
1k
views
Excluding the nagios directory from Basic Auth that is set for the root directory
I have basic auth from the root directory for Apache. I am setting it like so.
/etc/httpd/conf.d/xxxx.conf
<Location />
AuthType Basic
AuthUserFile xxxxxxxx
AuthName "Restricted ...
4
votes
1
answer
2k
views
IIS Basic Authentication only protects directories, not individual files?
I really hope this isn't a duplicate, but I wasn't able to find anything like this on here.
My issue is: I have a subdirectory on a Windows (not sure if 2008 R2 or 2012) server with IIS 8.5 that I ...
4
votes
1
answer
802
views
How can I stop brute force with IIS6 basic http authentication?
Is there a way to restrict incorrect login attempts and add some sort of timeout to stop basic auth being brute forced, using IIS?
4
votes
2
answers
4k
views
Disabling (Apache) Basic Authentication for OPTIONS requests
I have Apache basic authentication enabled on a test server and it works great:
AuthType Basic
AuthName "testing"
AuthUserFile /home/www/.htpasswd
Require user MyUser
deny from all
But it is also ...
4
votes
1
answer
10k
views
Yum repo basic auth not working
So we've got this yum repo that is protected via basic auth. My yum.repo definition looks like this
[custom-repo]
name=Releases Repository
baseurl=http://user:[email protected]....
4
votes
1
answer
5k
views
Disable Apache basic auth in virtual subdirectory
I have a webserver that is completely locked down with Basic Auth
<Location />
AuthType Basic
# [...] rest of basic auth stuff
require valid-user
order deny,allow
deny from ...
4
votes
1
answer
2k
views
Slow Performance With IIS Basic Authentication
I'm using SSAS through HTTP with MSMDPUMP.dll. I have setup the MSMDPUMP.dll web to use only Basic Authentication and then I provide the User Id and Password in the ConnectionString. Everything works ...
4
votes
0
answers
1k
views
Apache 2.4 Redundant LDAP Authentication
I'm trying to provide a redundant LDAP authentication to my webserver.
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<AuthnProviderAlias ldap ldap-one>
AuthLDAPBindDN "search@domain"
...
3
votes
2
answers
18k
views
Apache2 with basic auth: exclude one location from auth (weird behaviour)
I have basic auth set for Directory / and want to exclude Location /assets/upload, but it just won't work, I have tried several options and tutorials.
This Location directive clears the Directory ...
3
votes
1
answer
17k
views
Nginx auth only for given location
I'm using Nginx as a reverse proxy for a python WSGI web-app.
It looks something like that:
location / {
#auth_basic "Administrator Login";
#auth_basic_user_file /var/www/static/....
3
votes
2
answers
2k
views
Combine apache auth providers of different types with basic auth only if proactively provided by client
I'd like to be able to have a path on an apache server (2.4.18+ on ub16) that primarily authenticates using SAML (using the mod_auth_mellon plugin) for interactive use, but also supports having the ...
3
votes
1
answer
4k
views
Nginx PHP-FPM Basic Auth
I have nginx with php-fpm installed on Debian Squeeze.
Directory tree is:
/var/www/mysite
index.php
secret_folder_1
admin.php
static.html
secret_folder_2
admin.php
static.html
pictures
img01....
3
votes
1
answer
4k
views
Rewriting a query-string part as a path part using nginx?
How do I rewrite URIs of the form
/one/two?path=three&foo=bar
to
/one/two/three?foo=bar
using nginx?
3
votes
4
answers
2k
views
Basic Auth on DirectoryIndex Only
I am trying to configure basic auth for my index file, and only my index file. I have configured it like so:
<Files index.htm>
Order allow,deny
Allow from all
AuthType Basic
...
3
votes
1
answer
832
views
How is using client certificates more secure than TLS plus basic authentication?
I've read that securing services with client certificates is more secure than using the combination of TLS with basic authentication.
Client certificates have substantial drawbacks in terms of ...
3
votes
1
answer
1k
views
Can I use rate-limiting with HTTP basic authentication in Apache?
So I'm running a few popular web applications on my server. I want these to be reachable from any computer without creating too many vulnerabilities.
I am using Apache 2.4.29 as my HTTP server. My ...
3
votes
1
answer
4k
views
Apache 2.4, reverse proxy, forward credentials (basic auth)
I want to pass the basic authentication credentials to the reverse proxy server.
Example of how it works now:
User accesses the website, Apache is configured to ask for basic auth, user enters ...
3
votes
1
answer
6k
views
Apache Proxy & Basic Auth
Im trying to set up an Apache Proxy which also does LDAP Basic Auth:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
...
3
votes
1
answer
4k
views
nginx authentication and custom error page
I'm trying to set up my server so that it requires authentication before browsing any file on the domain. However, I want to display a custom error page (placeholder.html) when someone fails to ...
3
votes
1
answer
18k
views
How to disable nginx basic_auth for one location but enable it for the rest of the site
I'm trying to get basic_auth disabled for a specific directory (/api/), but still have basic auth for the rest of the site I'm working with. The following is my nginx.conf:
server {
# base ...
3
votes
2
answers
439
views
Authentication request to change http to https
On my server that works with nginx, access is protected by a basic http authentication. I am currently developing a piece of code that requires HTTPS redirection, and when this redirection occurs, I ...
3
votes
3
answers
13k
views
CUPS basic auth error through web interface
I'm trying to configure CUPS to allow remote administration through the web interface. There's enough documentation out there that I can figure out what to change in my cupsd.conf (changing Listen ...
3
votes
2
answers
4k
views
Apache basic HTTP authentication not working
Trying to setup basic HTTP authentication with Apache, but it's not working. I get the directory listing and files regularly, no authentication required. I tried restarting httpd and the browsers ...
3
votes
3
answers
3k
views
Apache redirect to https for basic auth
I have a tricky variation on an old problem.
I have an apache based site that should generally be accessed via http/port 80. However for certain areas protected areas that require authentication (...
3
votes
1
answer
2k
views
Apache SSL Certificate and Basic Auth combination - password if no certificate
Is it possible, to force apache to ask for password only if user don't have client-certificate installed?
I'm almost sure, that this is possible, but I'm not able to find any confirmation anywhere.
...
3
votes
2
answers
5k
views
git refuses to send credentials over HTTP
curl seems to work fine, but git does not. git asks for a password, but then doesn't send any credentials.
Works: curl --netrc http://test.git.unsw.edu.au/ and curl -u username:password http://test....
3
votes
0
answers
652
views
Nginx as a proxy doesn't allow to access backend (Apache) content which is password protected
I have apache as a backend and nginx as a frontend. Some content is password-protected by Apache (HTTP Auth).
When I access it directly - everything works fine, bur when I try it through nginx - ...