Questions tagged [http-basic-authentication]

250 questions
231
votes
5 answers

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

I believe this is not possible, but someone I know insisted that it works. I don't even know what parameters to try, and I haven't found this documented anywhere. I tried http://myserver.com/~user=username&password=mypassword but it doesn't…
ripper234
  • 5,710
  • 9
  • 40
  • 49
40
votes
4 answers

Enable basic auth sitewide and disabling it for subpages?

I have a relatively straight forward config: upstream appserver-1 { server unix:/var/www/example.com/app/tmp/gunicorn.sock fail_timeout=0; } server { listen 80; server_name example.com; location / { proxy_pass…
Benjamin Wohlwend
  • 729
  • 2
  • 7
  • 14
33
votes
1 answer

How to disable http basic auth in nginx for a specific ip range?

I'm developing an application with facebook login. So far it's not public and is protected by http basic auth in nginx. Is it possible to disable http auth for facebook's ip range so that we can have our tester test the facebook capabilities as…
VoY
  • 1,265
  • 2
  • 11
  • 9
22
votes
2 answers

Nginx - Forward HTTP AUTH - User

I have some trouble with Nginx and Jenkins (Hudson). I am trying to use Nginx as Reverse Proxy for the Jenkins instance with HTTP Basic Authentication. It works so far, but i have no idea how to pass the Header with the Authentication…
opHASnoNAME
  • 625
  • 2
  • 7
  • 18
19
votes
1 answer

"server certificate verification OK" but "ALPN, server did not agree to a protocol"

I am making a curl call curl -v ... https://... and the verbose output contains .... * ALPN, offering http/1.1 * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256 * server certificate verification OK .... * ALPN, server did not agree…
Craig Hicks
  • 657
  • 1
  • 5
  • 13
8
votes
1 answer

Exclusion of a protected sub-url does not work on Apache 2.4?

I try to exclude a sub-url "/shop/api" from my protected website. It worked fine on different server on Apache/2.2.15 but now not with Apache/2.4.7? It always asks for the basic authentication. Any Idea what I did wrong? AuthType Basic AuthName…
megloff
  • 373
  • 3
  • 10
8
votes
2 answers

NGINX basic auth timeout?

I've protected a directory with satisfy and basic_auth, but seems that the validation is not stored in a cookie which after some time it's deleted, seems it's ip or something based. So i login once and eve if i keep the website open for half an…
Gabriel
  • 416
  • 2
  • 7
  • 19
8
votes
1 answer

NGINX basic auth only for POST

I'm settings up nginx to serve Mercurial repositories. It works when not using basic authentication at all, or when I use basic authentication all over. What I want to do is to just use basic auth on POST requests, so anyone have pull access, but…
hokkaido
7
votes
3 answers

Configure Basic Authentication on Azure's App Service

For different reasons I'm using Azure's App Service to serve static files. I would like to secure this access by Http Basic Authentication which is enough for my purposes. How can I do that? I tried uploading .htpasswd but it does not seem to…
Tomasz Madeyski
  • 173
  • 1
  • 1
  • 6
7
votes
2 answers

IIS Basic Authorization ala .htaccess/.htpasswd in apache

How do I implement the protection of the pages (asp.net mvc app), so when I hit the home page or any other pages within the application I get a login dialog popup in the browser I'm looking for something similar to what Apache .htaccess and…
6
votes
1 answer

Using nginx: require authentication when request from public IP, not needed when local

I wrote a simple file browser app which is served using node on port 3000. I use nginx as a front-end which proxies this service. This is on my home server. I would like to be able to require basic HTTP authentication when I'm accessing it over my…
NMS
  • 191
  • 7
6
votes
1 answer

How can I enable http auth in lighttpd for all directories except one?

I am trying to authenticate access to everything in webroot (/) except anything that resides in a particular directory (/directory/) and I've tried both of these options to no avail: $HTTP["url"] =~ "^(?!(/directory))" { auth.require = ( "" => …
Nuri Hodges
  • 381
  • 3
  • 12
5
votes
1 answer

Apache up in flames (AH00025). How to fix?

I was trying to get Apache 2.4.10 to do basic authentication (under HTTPS) as specified in a .htaccess file. I changed one directory's settings to AllowOverride all, and it started serving up nothing but plain vanilla 500 pages. Reverting that…
Christos Hayward
  • 1,152
  • 3
  • 15
  • 35
5
votes
2 answers

service static files under nginx & HTTP-Authentication

I have an app deployed in testing mode on a server. Access to it has been restricted to a select group of users via HTTP-Authentication. That works fine. The problem is that if I serve static files via different 'location' directive, nginx gives me…
5
votes
1 answer

How can I protect a Tomcat webapp that's reverse proxied in an Apache2 virtual host using basic authentication?

I'm having trouble figuring out how to adding basic HTTP authentication to password-protect a development testing environment running on a production web server. Both the main site and the testing environment are virtual hosts that use AJP proxying…
1
2 3
16 17