Skip to main content

Questions tagged [http-basic-authentication]

Filter by
Sorted by
Tagged with
262 votes
5 answers
1.4m views

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

I believe this is not possible, but someone I know insisted that it works. I don't even know what parameters to try, and I haven't found this documented anywhere. I tried http://myserver.com/~user=...
ripper234's user avatar
  • 6,092
40 votes
4 answers
87k views

Enable basic auth sitewide and disabling it for subpages?

I have a relatively straight forward config: upstream appserver-1 { server unix:/var/www/example.com/app/tmp/gunicorn.sock fail_timeout=0; } server { listen 80; server_name example.com; ...
Benjamin Wohlwend's user avatar
35 votes
1 answer
46k views

How to disable http basic auth in nginx for a specific ip range?

I'm developing an application with facebook login. So far it's not public and is protected by http basic auth in nginx. Is it possible to disable http auth for facebook's ip range so that we can have ...
VoY's user avatar
  • 1,285
23 votes
2 answers
79k views

Nginx - Forward HTTP AUTH - User

I have some trouble with Nginx and Jenkins (Hudson). I am trying to use Nginx as Reverse Proxy for the Jenkins instance with HTTP Basic Authentication. It works so far, but i have no idea how to pass ...
opHASnoNAME's user avatar
19 votes
1 answer
78k views

"server certificate verification OK" but "ALPN, server did not agree to a protocol"

I am making a curl call curl -v ... https://... and the verbose output contains .... * ALPN, offering http/1.1 * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256 * server certificate ...
Craig  Hicks's user avatar
11 votes
1 answer
8k views

Exclusion of a protected sub-url does not work on Apache 2.4?

I try to exclude a sub-url "/shop/api" from my protected website. It worked fine on different server on Apache/2.2.15 but now not with Apache/2.4.7? It always asks for the basic authentication. Any ...
megloff's user avatar
  • 433
9 votes
2 answers
24k views

NGINX basic auth timeout?

I've protected a directory with satisfy and basic_auth, but seems that the validation is not stored in a cookie which after some time it's deleted, seems it's ip or something based. So i login once ...
Gabriel's user avatar
  • 446
8 votes
1 answer
7k views

NGINX basic auth only for POST

I'm settings up nginx to serve Mercurial repositories. It works when not using basic authentication at all, or when I use basic authentication all over. What I want to do is to just use basic auth on ...
user avatar
8 votes
3 answers
16k views

Configure Basic Authentication on Azure's App Service

For different reasons I'm using Azure's App Service to serve static files. I would like to secure this access by Http Basic Authentication which is enough for my purposes. How can I do that? I tried ...
Tomasz Madeyski's user avatar
7 votes
2 answers
16k views

IIS Basic Authorization ala .htaccess/.htpasswd in apache

How do I implement the protection of the pages (asp.net mvc app), so when I hit the home page or any other pages within the application I get a login dialog popup in the browser I'm looking for ...
Dmitry's user avatar
  • 201
6 votes
2 answers
7k views

.htaccess - Exclude folder from basic auth protection

I have a website where no one is allowed to enter without entering the basic auth credentials. However, I need the media folder to be accessible by everyone, because we are using a third party ...
Black's user avatar
  • 491
6 votes
1 answer
3k views

How can I enable http auth in lighttpd for all directories except one?

I am trying to authenticate access to everything in webroot (/) except anything that resides in a particular directory (/directory/) and I've tried both of these options to no avail: $HTTP["url"] =~ "...
Nuri Hodges's user avatar
6 votes
1 answer
2k views

Using nginx: require authentication when request from public IP, not needed when local

I wrote a simple file browser app which is served using node on port 3000. I use nginx as a front-end which proxies this service. This is on my home server. I would like to be able to require basic ...
NMS's user avatar
  • 191
5 votes
2 answers
6k views

Apache up in flames (AH00025). How to fix?

I was trying to get Apache 2.4.10 to do basic authentication (under HTTPS) as specified in a .htaccess file. I changed one directory's settings to AllowOverride all, and it started serving up nothing ...
Christos Hayward's user avatar
5 votes
2 answers
4k views

Basic auth Apache with Tomcat

I have the following server setup: Apache Tomcat 7 running Atlassian's Jira (http:// <server-ip>:8081/tickets) Apache 2.4 web server as reverse proxy serving only the jira application at the ...
twenty7's user avatar
  • 71
5 votes
1 answer
4k views

How can I protect a Tomcat webapp that's reverse proxied in an Apache2 virtual host using basic authentication?

I'm having trouble figuring out how to adding basic HTTP authentication to password-protect a development testing environment running on a production web server. Both the main site and the testing ...
Joe Carroll's user avatar
5 votes
1 answer
9k views

Where to set username/password for BASIC authentication in IIS7

I have a .net web app running on iis7 (windows 2008) and want to add some simple protection to it. I've managed to set up BASIC authentication, but cant work out where I set the username/passwords ...
Anthony Main's user avatar
5 votes
4 answers
6k views

Respond to HTTP OPTIONS with basic auth

We have a web site hosting Office documents behind IIS6 Basic authentication. IE has an authentication token for basic auth, which it presents to download the file. The user clicks "Open", and then ...
crb's user avatar
  • 8,008
5 votes
2 answers
720 views

How do I secure a .NET (MVC) website prior to launch?

I have a .NET (MVC2) website that is in development. I have deployed it to some production infrastructure, and tested it over the internet with anonymous access (as it will be once it is live) and it ...
Hugo Rodger-Brown's user avatar
5 votes
2 answers
14k views

service static files under nginx & HTTP-Authentication

I have an app deployed in testing mode on a server. Access to it has been restricted to a select group of users via HTTP-Authentication. That works fine. The problem is that if I serve static files ...
Ahsan's user avatar
  • 103
4 votes
1 answer
9k views

Protecting a location by IP while applying basic auth everywhere else

I want to achieve the following results: Apply basic authentication to ANY location, file, path Remove basic authentication for an IP/CIDR range whitelist Prevent ALL access to a specific directory, ...
scrowler's user avatar
  • 145
4 votes
4 answers
29k views

IIS 7.5 basic authentication and Active Directory validation

I'm not an IIS or Active Directory expert by any means so I want to present a scenario here and see if what we want to accomplish is feasible. We have an application hosted on Windows Server 2008 R2 ...
jturinetti's user avatar
4 votes
1 answer
3k views

Nginx location blocks don't apply to .php files inside them?

So to help prevent brute force attacks against my phpmyadmin install I've configured nginx to require HTTP Basic Auth (extra username and password) and then the requests need to come from a ...
user avatar
4 votes
1 answer
1k views

Excluding the nagios directory from Basic Auth that is set for the root directory

I have basic auth from the root directory for Apache. I am setting it like so. /etc/httpd/conf.d/xxxx.conf <Location /> AuthType Basic AuthUserFile xxxxxxxx AuthName "Restricted ...
Saifis's user avatar
  • 209
4 votes
1 answer
2k views

IIS Basic Authentication only protects directories, not individual files?

I really hope this isn't a duplicate, but I wasn't able to find anything like this on here. My issue is: I have a subdirectory on a Windows (not sure if 2008 R2 or 2012) server with IIS 8.5 that I ...
Christian's user avatar
  • 209
4 votes
1 answer
802 views

How can I stop brute force with IIS6 basic http authentication?

Is there a way to restrict incorrect login attempts and add some sort of timeout to stop basic auth being brute forced, using IIS?
Andrew's user avatar
  • 53
4 votes
2 answers
4k views

Disabling (Apache) Basic Authentication for OPTIONS requests

I have Apache basic authentication enabled on a test server and it works great: AuthType Basic AuthName "testing" AuthUserFile /home/www/.htpasswd Require user MyUser deny from all But it is also ...
GIS-Jonathan's user avatar
4 votes
1 answer
10k views

Yum repo basic auth not working

So we've got this yum repo that is protected via basic auth. My yum.repo definition looks like this [custom-repo] name=Releases Repository baseurl=http://user:[email protected]....
maverick's user avatar
  • 161
4 votes
1 answer
5k views

Disable Apache basic auth in virtual subdirectory

I have a webserver that is completely locked down with Basic Auth <Location /> AuthType Basic # [...] rest of basic auth stuff require valid-user order deny,allow deny from ...
Gerald Schneider's user avatar
4 votes
1 answer
2k views

Slow Performance With IIS Basic Authentication

I'm using SSAS through HTTP with MSMDPUMP.dll. I have setup the MSMDPUMP.dll web to use only Basic Authentication and then I provide the User Id and Password in the ConnectionString. Everything works ...
Antti Simonen's user avatar
4 votes
0 answers
1k views

Apache 2.4 Redundant LDAP Authentication

I'm trying to provide a redundant LDAP authentication to my webserver. ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin" <AuthnProviderAlias ldap ldap-one> AuthLDAPBindDN "search@domain" ...
Oliver Webb's user avatar
3 votes
2 answers
18k views

Apache2 with basic auth: exclude one location from auth (weird behaviour)

I have basic auth set for Directory / and want to exclude Location /assets/upload, but it just won't work, I have tried several options and tutorials. This Location directive clears the Directory ...
mplattner's user avatar
  • 131
3 votes
1 answer
17k views

Nginx auth only for given location

I'm using Nginx as a reverse proxy for a python WSGI web-app. It looks something like that: location / { #auth_basic "Administrator Login"; #auth_basic_user_file /var/www/static/....
YardenST's user avatar
  • 275
3 votes
2 answers
2k views

Combine apache auth providers of different types with basic auth only if proactively provided by client

I'd like to be able to have a path on an apache server (2.4.18+ on ub16) that primarily authenticates using SAML (using the mod_auth_mellon plugin) for interactive use, but also supports having the ...
Nathan Neulinger's user avatar
3 votes
1 answer
4k views

Nginx PHP-FPM Basic Auth

I have nginx with php-fpm installed on Debian Squeeze. Directory tree is: /var/www/mysite index.php secret_folder_1 admin.php static.html secret_folder_2 admin.php static.html pictures img01....
Lari13's user avatar
  • 285
3 votes
1 answer
4k views

Rewriting a query-string part as a path part using nginx?

How do I rewrite URIs of the form /one/two?path=three&foo=bar to /one/two/three?foo=bar using nginx?
user70549's user avatar
  • 133
3 votes
4 answers
2k views

Basic Auth on DirectoryIndex Only

I am trying to configure basic auth for my index file, and only my index file. I have configured it like so: <Files index.htm> Order allow,deny Allow from all AuthType Basic ...
Brad's user avatar
  • 1,427
3 votes
1 answer
832 views

How is using client certificates more secure than TLS plus basic authentication?

I've read that securing services with client certificates is more secure than using the combination of TLS with basic authentication. Client certificates have substantial drawbacks in terms of ...
Dan's user avatar
  • 630
3 votes
1 answer
1k views

Can I use rate-limiting with HTTP basic authentication in Apache?

So I'm running a few popular web applications on my server. I want these to be reachable from any computer without creating too many vulnerabilities. I am using Apache 2.4.29 as my HTTP server. My ...
CodeFlo's user avatar
  • 33
3 votes
1 answer
4k views

Apache 2.4, reverse proxy, forward credentials (basic auth)

I want to pass the basic authentication credentials to the reverse proxy server. Example of how it works now: User accesses the website, Apache is configured to ask for basic auth, user enters ...
Tomari's user avatar
  • 31
3 votes
1 answer
6k views

Apache Proxy & Basic Auth

Im trying to set up an Apache Proxy which also does LDAP Basic Auth: <IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin webmaster@localhost ...
embedded's user avatar
  • 476
3 votes
1 answer
4k views

nginx authentication and custom error page

I'm trying to set up my server so that it requires authentication before browsing any file on the domain. However, I want to display a custom error page (placeholder.html) when someone fails to ...
Joost's user avatar
  • 177
3 votes
1 answer
18k views

How to disable nginx basic_auth for one location but enable it for the rest of the site

I'm trying to get basic_auth disabled for a specific directory (/api/), but still have basic auth for the rest of the site I'm working with. The following is my nginx.conf: server { # base ...
user219872's user avatar
3 votes
2 answers
439 views

Authentication request to change http to https

On my server that works with nginx, access is protected by a basic http authentication. I am currently developing a piece of code that requires HTTPS redirection, and when this redirection occurs, I ...
Flug's user avatar
  • 131
3 votes
3 answers
13k views

CUPS basic auth error through web interface

I'm trying to configure CUPS to allow remote administration through the web interface. There's enough documentation out there that I can figure out what to change in my cupsd.conf (changing Listen ...
Inaimathi's user avatar
  • 131
3 votes
2 answers
4k views

Apache basic HTTP authentication not working

Trying to setup basic HTTP authentication with Apache, but it's not working. I get the directory listing and files regularly, no authentication required. I tried restarting httpd and the browsers ...
johndir's user avatar
  • 315
3 votes
3 answers
3k views

Apache redirect to https for basic auth

I have a tricky variation on an old problem. I have an apache based site that should generally be accessed via http/port 80. However for certain areas protected areas that require authentication (...
shreddd's user avatar
  • 193
3 votes
1 answer
2k views

Apache SSL Certificate and Basic Auth combination - password if no certificate

Is it possible, to force apache to ask for password only if user don't have client-certificate installed? I'm almost sure, that this is possible, but I'm not able to find any confirmation anywhere. ...
Lisek's user avatar
  • 329
3 votes
2 answers
5k views

git refuses to send credentials over HTTP

curl seems to work fine, but git does not. git asks for a password, but then doesn't send any credentials. Works: curl --netrc http://test.git.unsw.edu.au/ and curl -u username:password http://test....
Jayen's user avatar
  • 1,887
3 votes
0 answers
652 views

Nginx as a proxy doesn't allow to access backend (Apache) content which is password protected

I have apache as a backend and nginx as a frontend. Some content is password-protected by Apache (HTTP Auth). When I access it directly - everything works fine, bur when I try it through nginx - ...
Andrey Zentavr's user avatar

1
2 3 4 5 6