Questions tagged [http-basic-authentication]
264 questions
272
votes
5 answers
Can you pass user/pass for HTTP Basic Authentication in URL parameters?
I believe this is not possible, but someone I know insisted that it works. I don't even know what parameters to try, and I haven't found this documented anywhere.
I tried http://myserver.com/~user=username&password=mypassword but it doesn't…
ripper234
- 6,232
40
votes
4 answers
Enable basic auth sitewide and disabling it for subpages?
I have a relatively straight forward config:
upstream appserver-1 {
server unix:/var/www/example.com/app/tmp/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name example.com;
location / {
proxy_pass…
36
votes
1 answer
How to disable http basic auth in nginx for a specific ip range?
I'm developing an application with facebook login. So far it's not public and is protected by http basic auth in nginx. Is it possible to disable http auth for facebook's ip range so that we can have our tester test the facebook capabilities as…
VoY
- 1,295
- 2
- 11
- 9
23
votes
2 answers
Nginx - Forward HTTP AUTH - User
I have some trouble with Nginx and Jenkins (Hudson). I am trying to use Nginx as Reverse Proxy for the Jenkins instance with HTTP Basic Authentication.
It works so far, but i have no idea how to pass the Header with the Authentication…
opHasNoName
- 755
20
votes
1 answer
"server certificate verification OK" but "ALPN, server did not agree to a protocol"
I am making a curl call
curl -v ... https://...
and the verbose output contains
....
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
....
* ALPN, server did not agree…
Craig Hicks
- 757
11
votes
1 answer
Exclusion of a protected sub-url does not work on Apache 2.4?
I try to exclude a sub-url "/shop/api" from my protected website. It worked fine on different server on Apache/2.2.15 but now not with Apache/2.4.7? It always asks for the basic authentication. Any Idea what I did wrong?
AuthType Basic
AuthName…
megloff
- 433
9
votes
2 answers
NGINX basic auth timeout?
I've protected a directory with satisfy and basic_auth, but seems that the validation is not stored in a cookie which after some time it's deleted, seems it's ip or something based. So i login once and eve if i keep the website open for half an…
Gabriel
- 456
9
votes
1 answer
NGINX basic auth only for POST
I'm settings up nginx to serve Mercurial repositories. It works when not using basic authentication at all, or when I use basic authentication all over.
What I want to do is to just use basic auth on POST requests, so anyone have pull access, but…
hokkaido
8
votes
3 answers
Configure Basic Authentication on Azure's App Service
For different reasons I'm using Azure's App Service to serve static files. I would like to secure this access by Http Basic Authentication which is enough for my purposes. How can I do that? I tried uploading .htpasswd but it does not seem to…
Tomasz Madeyski
- 183
7
votes
2 answers
IIS Basic Authorization ala .htaccess/.htpasswd in apache
How do I implement the protection of the pages (asp.net mvc app), so when I hit the home page or any other pages within the application I get a login dialog popup in the browser
I'm looking for something similar to what Apache .htaccess and…
Dmitry
- 201
- 1
- 2
- 4
6
votes
1 answer
Using nginx: require authentication when request from public IP, not needed when local
I wrote a simple file browser app which is served using node on port 3000. I use nginx as a front-end which proxies this service. This is on my home server.
I would like to be able to require basic HTTP authentication when I'm accessing it over my…
NMS
- 191
- 1
- 7
6
votes
1 answer
How can I enable http auth in lighttpd for all directories except one?
I am trying to authenticate access to everything in webroot (/) except anything that resides in a particular directory (/directory/) and I've tried both of these options to no avail:
$HTTP["url"] =~ "^(?!(/directory))" {
auth.require = ( "" =>
…
Nuri Hodges
- 381
- 3
- 12
6
votes
2 answers
.htaccess - Exclude folder from basic auth protection
I have a website where no one is allowed to enter without entering the basic auth credentials.
However, I need the media folder to be accessible by everyone, because we are using a third party extension which creates PDF's and we can only fully test…
Black
- 501
5
votes
2 answers
Apache up in flames (AH00025). How to fix?
I was trying to get Apache 2.4.10 to do basic authentication (under HTTPS) as specified in a .htaccess file. I changed one directory's settings to AllowOverride all, and it started serving up nothing but plain vanilla 500 pages. Reverting that…
Christos Hayward
- 1,180
- 3
- 16
- 39
5
votes
2 answers
Basic auth Apache with Tomcat
I have the following server setup:
Apache Tomcat 7 running Atlassian's Jira (http:// :8081/tickets)
Apache 2.4 web server as reverse proxy serving only the jira application at the moment, but there are more to come…
twenty7
- 71