Home » Php » php – Configure HTTPS Basic Authentication .htaccess on WD MyBookLive

php – Configure HTTPS Basic Authentication .htaccess on WD MyBookLive

Posted by: admin July 12, 2020 Leave a comment

Questions:

I have WD MyBookLive 2TB, and did the following:

  • saved my own .htaccess to /var/www/mysebserver that points to my own .htpasswd located at /etc/apache2/.
  • Gave 777 permission to .htaccess
  • All my webpages located on the same folder with .htaccess.

The .htaccess file is:

AuthType Basic 
AuthName "Restricted Content" 
AuthUserFile /etc/apache2/.htpasswd 
Require valid-user

The issue is that the basic authentication is not enabled, I still can access the HTML files without any authentication.

Moreover it seems .htaccess files are ignored even if I set in apache2.conf the followings:

<Directory /var/www/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
</Directory>

404 Internal Server Error is thrown when AllowOverride All

Apache version: 2.2.9

It seems WD MyBookLive is ignoring the .htaccess and .htpasswd files

How do I activate Basic Authentication?

How to&Answers:

So I just try your config in my .htaccess file and get base login form after that.

I found the article “How To Set Up Password Authentication with Apache on Ubuntu 14.04” (https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-14-04)

I think it can happens becouse you don’t installed apache2-utils.

Please, try next commands:

sudo apt-get install apache2-utils
sudo service apache2 restart

Answer:

Resolution 1 :

Step 1: Installing the Apache utility Package

  • We will use a utility called htpasswd, part of the apache2-utils package, to create the file and manage the username and passwords needed to access restricted content.

sudo apt-get update
sudo apt-get install apache2-utils

Step 2: Creating the Password File

  • Now have access to the htpasswd command. We can use this to create a password file that Apache can use to authenticate users.

sudo htpasswd -c /etc/apache2/.htpasswd user

Suggestion  : Leave out the -c argument for any additional users you wish to add:

sudo htpasswd /etc/apache2/.htpasswd another_user

NOTE : If we view the contents of the file, we can see the username and the encrypted password for each record:

cat /etc/apache2/.htpasswd

Step 3  Configuring Apache Password Authentication

Now that we have a file with users and passwords in a format that Apache can read, we need to configure Apache to check this file before serving our protected content. We can do this in one of two ways: either directly in a site’s virtual host file or by placing .htaccess files in the directories that need restriction.

Option 1: Configuring Access Control within the Virtual Host 

The first option is to edit the Apache configuration and add the password protection to the virtual host file. This option requires access to the configuration, which isn’t always available, but when you do have access.
Begin by opening up the virtual host file that you wish to add a restriction to.

sudo nano /etc/apache2/sites-enabled/example.conf

Authentication is done on a per-directory basis. To set up authentication, you will need to target the directory you wish to restrict with a  block. In our example, we’ll restrict the entire document root

   
Within this directory block, specify that we wish to set up Basic authentication. 
– For the AuthName, > choose a realm name that will be displayed to the user when prompting for credentials. 
– Use the AuthUserFile directive > to point Apache to the password file we created. 
– we will require a valid-user > to access this resource, which means anyone who can verify their identity with a password will be allowed in

  • Now you need to save and close the file when you are finished.

NOTE: Before restarting the web server, you can check the configuration with the following command:

sudo apache2ctl configtest

If everything checks out and you get Syntax OK, then restart the server to implement your password policy.

    
Option 2: Configuring Access Control with .htaccess Files
   
To enable password protection using .htaccess files, open the main Apache configuration file:

sudo nano /etc/apache2/apache2.conf

  • Find the  block for the /var/www directory that holds the document root. Turn on .htaccess processing by changing the AllowOverride directive within that block from “None” to “All”:

  • Save and close the file when you are finished.

  • Next, we need to add a .htaccess file to the directory we wish to restrict.  Also, we’ll restrict the entire document root (the entire website) which is based at /var/www/HTML, but you can place this file in any directory where you wish to restrict access

sudo nano /var/www/html/.htaccess

  • Within this file, specify that we wish to set up Basic authentication.
  •  For the Auth Name > choose a realm name that will be displayed to the user when prompting for credentials. 
  • Use the AuthUserFile directive > to point Apache to the password file we created. 
  •  we will require a valid-user >  to access this resource, which means anyone who can verify their identity with a password will be allowed in

Step 4 — Confirming Password Authentication

To confirm that your content is protected, try to access your restricted content in a web browser. You should be presented with a username and password prompt that looks like this:

  • Save and close the file. Restart the web server to password protect all content in or below the directory with the .htaccess file

Answer:

After some weeks of trying I succeeded with Digest Authentication with is better than Basic Authentication.
I Installed WebDav server on My Mook Live and after that I put PHP files inside webdav shared folder.
I configured PHP files t have only read Permission.

Here it is a tutorial of how to configure WebDav server on MyBookLive

Answer:

If you plan to use .htaccess file for basic authentication. you will need an AllowOverride directive like the following:

AllowOverride AuthConfig

Answer:

activate mod_rewrite: sudo a2enmod rewrite

edit /etc/apache2/sites-available/000-default.conf

<VirtualHost *:80>
    <Directory /var/www/mywebserver>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Require all granted
    </Directory>
. . .
</VirtualHost>

restart service: sudo systemctl restart apache2

create .htaccess file in /var/www/mywebserver/ and add following line in the top , and other lines bottom

RewriteEngine on