Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [http-authentication]

70 questions
3
votes
1 answer

HTTP 'auth_basic' Error on NGINX

My code to secure the wp-login page is throwing an error: nginx: [emerg] invalid number of arguments in "auth_basic" directive in /etc/nginx/conf.d/wordpress.conf:41 I am not sure what is wrong within the auth_basic directive. The following is the…
Pramathesh Saha
  • 31
  • 1
  • 3
2
votes
2 answers

Apache, mod_auth and AuthGroupFile: how to allow access for all the users in an AD domain?

I have a working Kerberos authentication on my Apache. My AuthGroupFile directive points to a file where there is one group called rnd (rnd: user@my.domain.com). This works just fine, but I don't know how to grant access to all the users in the…
Lauri Lehmijoki
  • 283
  • 1
  • 2
  • 7
2
votes
2 answers

HTTP Authentication being ignored, both in .htaccess AND in httpd.conf

I have recently discovered that some of the development websites on my local computer (Windows 10/Apache 2.4) are visible from the web when they should not be. the problem is similar to this question, but as no solutions were provided there (all of…
Dave Morton
  • 211
  • 2
  • 4
2
votes
2 answers

Nginx, auth and forcing HTTPS - as an include snippet?

Got a bit stuck here. I'd like a nice simple Nginx "include"able snippet that requires HTTP AUTH for the location it is include-ed in, AND forces a redirect to HTTPS if not already. I came up with this: #…
Tim Watts
  • 21
  • 1
2
votes
0 answers

How do I enable digest auth for Jetty fronting Elastic Search

We've gotten Jetty running the HTTP front end of Elastic Search with BASIC authentication. We would like to use DIGEST authentication instead, but the Jetty documentation is hard to reconcile with the Jetty Elastic Search documentation; in…
Brad Wilson
  • 441
  • 4
  • 7
2
votes
0 answers

Apache SSHA password support

Is there any way for Apache to support SSHA passwords? I have a couple of dozens of user passwords in an OpenLDAP server which are encrypted with SSHA (i.e. salted SHA1). No more users are to be added in the future, so I would like to move all…
m000
  • 430
  • 1
  • 4
  • 11
2
votes
1 answer

Nginx auth only for given location

I'm using Nginx as a reverse proxy for a python WSGI web-app. It looks something like that: location / { #auth_basic "Administrator Login"; #auth_basic_user_file /var/www/static/.htpasswd; proxy_pass …
YardenST
  • 255
  • 2
  • 3
  • 7
2
votes
1 answer

static big files and a way to serve them securely (central authentication CDN)

I need to serve few static big files(about 4GB each) to several users, using 5 servers that are in different geographical regions. The idea is that nobody else gets the content as there's information in those files that is not meant for general…
Emil C
  • 64
  • 3
2
votes
1 answer

Does IIS support HTTP basic auth and form auth at the same time?

preface: I am a web dev who knows apache servers quite well, but I have little to no knowledge of IIS or .NET I work with a developer who has been avoiding a request to add a Basic Auth to a staging server running IIS for a while now. Today he…
user128996
  • 23
  • 3
2
votes
1 answer

IIS 401.3 - Unauthorized on only 1 server out of 3 set up for network load balancing

Over the weekend our Server Admin set up two virtual Windows 2008 machines with IIS installed and set them up under NLB. I came in and changed the application pool the website was running under to our domain account that has proper access to the…
Tony
  • 31
  • 4
2
votes
2 answers

How does one configure squid3 proxy to support http auth - quick and dirty

I am interested in the the easiest solution, authentication doesn't actually have to even test user/pass pairs... it just has to do the http auth challenge. I am trying to test http auth on a proxy for a library that I am working on. I have…
Grady Player
  • 279
  • 2
  • 8
2
votes
1 answer

Many HTTP 401's with Kerberos authentication via mod_auth_kerb

I've got an Apache2 httpd running in front of a Tomcat, doing authentication via mod_auth_kerb. When I open the console in Firebug, I see lots of 401's See screenshot: Is there a way to avoid this? I guess its causing an additional roundtrip which…
Michael Böckling
  • 301
  • 3
  • 15
2
votes
2 answers

Apache whitelist a single location, but require basic auth for everything else

I'm sure this is simple, but Google is not my friend this morning. The goal is: /public... is openly accessible everything else (including /) requires basic auth. This is a WSGI app, with a single WSGI script (it's a django site, if that…
Chris Lawlor
  • 181
  • 1
  • 6
2
votes
1 answer

IIS 6 - Integrated Authentication - requires a daily restart to recognise extra domain users

We have sub webpage (classic ASP) set up with Windows Authentication and no anonymous access. Permissions to the target directory are set as Read/Execute for a domain local group. This group comprises of members of another domain to which we have a…
NotNowJohn
  • 23
  • 3
2
votes
3 answers

How does "password protection" works in apache?

I have a website (http://mywebsite.com.) for a client, and I would like to create some subdomains like (http://trac.mywebsite.com). I would like to create a password protection for this subdomain, that would be called only for the first time someone…
Somebody still uses you MS-DOS
  • 285
  • 4
  • 13
1
2
3 4 5