How to use a RELATIVE path with AuthUserFile in htaccess

Question

I have a  htaccess that uses basic authentication  It seems the path to the  htpasswd file isn t relative to the htaccess file  but instead to the server config   So even though I have the  htaccess and  htpasswd files in the same directory  this doesn t work   AuthType Basic AuthName  Private Login  AuthUserFile  htpasswd Require valid-user   However  it does work if I change the AuthUserFile to use the absolute path   AuthType Basic AuthName  Private Login  AuthUserFile   home user public html mydir  htpasswd  Require valid-user   But I would prefer something more mobile as I use this on multiple sites in different areas  I ve searched the web but haven t had any resolution  Is it possible to use relative path or variables like   DOCUMENT ROOT

User · Answer

Let s take an example   Your application is located in  var www myApp on some Linux server   htaccess    var www myApp  htaccess  htpasswdApp    var www myApp htpasswdApp   You re free to use any name for  htpasswd file   To use relative path in  htaccess   AuthType Digest AuthName myApp AuthUserFile  htpasswdApp  Require valid-user   But it will search for file in server root directory  Not in document root    In out case  when application is located at  var www myApp    document root is  var www myApp  server root is  etc apache2    just in our example  because of we using the linux server   You can redefine it in your apache configuration file    etc apache2 apache2 conf   but I guess it s a bad idea   So to use relative file path in your  var www myApp  htaccess  you should define the password s file in your server root   I prefer to do it by follow command   sudo ln -s  var www myApp htpasswdApp  etc apache2 htpasswdApp   You re free to copy my command  use a hard link instead of symbol or copy a file to your server root

User · Answer

If you are trying to use XAMPP with Windows and want to use an  htaccess file on a live server and also develop on a XAMPP development machine the following works great     1  After a fresh install of XAMPP make sure that Apache is installed as a service         This is done by opening up the XAMPP Control Panel and clicking on the little red  X  to the left of the Apache module    It will then ask you if you want to install Apache as a service    Then it should turn to a green check mark       2  When Apache is installed as a service add a new environment variable as a flag         First stop the Apache service from the XAMPP Control Panel    Next open a command prompt    You know the little black window the simulates DOS    Type  C  Program Files  x86  xampp apache bin httpd exe  -D  DEV  -k config    This will append a new DEV flag to the environment variables that you can use later       3  Start Apache        Open back up the XAMPP Control Panel and start the Apache service       4  Create your  htaccess file with the following information      lt IfDefine DEV gt    AuthType Basic   AuthName  Authorized access only     AuthUserFile   sandbox web scripts  htpasswd    require valid-user  lt  IfDefine gt    lt IfDefine  DEV gt    AuthType Basic   AuthName  Authorized access only     AuthUserFile   home arvo public html scripts  htpasswd    require valid-user  lt  IfDefine gt    To explain the above script here are a few notes           My AuthUserFile is based on my setup and personal preferences    I have a local test dev box that has my webpage located at c  sandbox web    Inside that folder I have a folder called scripts that contains the password file  htpasswd    The first entry IfDefine DEV is used for that instance   If DEV is set  which is what we did above  only on the dev machine of coarse  then it will use that entry    And in turn if using the live server IfDefine  DEV will be used       5  Create your password file  in this case named  htpasswd  with the following information        user  apr1 EPuSBcwO  KtqDUttQMNUa5lGXSOzk    A few things to note           Your password file can be any name you want    You should use  htpasswd for security    A great password generator found   http   www htaccesstools com htpasswd-generator    A great explanation and reason why you should use that name for your file is located   http   www htaccesstools com articles htpasswd    MAKE SURE YOU PUT THE PASSWORD FILE IN THE CORRECT LOCATION      See step 4 AuthUserFile area

User · Answer

htpasswd requires full absolute path from the absolute root of the server    Please get full absolute path of the file by echo echo   SERVER  DOCUMENT ROOT      here is working basic auth  htaccess script   AuthType Basic AuthName  Access to the Hidden Files  AuthUserFile  C  xampp htdocs ht  htpasswd  Require valid-user   Before login    Afetr Login

User · Answer

you may put your Auth settings into a Environment  Like   SetEnvIf HTTP HOST testsite local APPLICATION ENV development  lt IfDefine  APPLICATION ENV gt    Allow from all   AuthType Basic   AuthName  My Testseite - Login     AuthUserFile  Users tho htdocs wgh staging  htpasswd   Require user username  lt  IfDefine gt    The Auth is working  but I couldn t get my environment really running

User · Answer

or if you develop on localhost  only for apache 2 4      lt If    REMOTE ADDR      127 0 0 1   gt   lt  If gt

User · Answer

For just in case people are looking for solution for this    lt If  req  Host      www example com   gt      Authtype Basic     AuthName  user and password      AuthUserFile  var www www example com  htpasswd     Require valid-user  lt  If gt

User · Answer

I know this is an old question  but I just searched for the same thing and probably there are many others searching for a quick  mobile solution  Here is what I finally come up with     We set production environment by default SetEnv PROD ENV 1   lt IfDefine DEV ENV gt      If  DEV ENV  has been defined  then unset the PROD ENV   UnsetEnv PROD ENV    AuthType Basic   AuthName  Protected Area    AuthUserFile  var www foo local  htpasswd   Require valid-user  lt  IfDefine gt    lt IfDefine PROD ENV gt    AuthType Basic   AuthName  Protected Area    AuthUserFile  home foo public html  htpasswd   Require valid-user  lt  IfDefine gt

User · Answer

It is not possible to use relative paths for AuthUserFile      File-path is the path to the user file  If it is not absolute  i e   if it doesn t begin with a slash   it is treated as relative to the ServerRoot    You have to accept and work around that limitation     We re using IfDefine together with an apache2 command line parameter    htaccess  suitable for both development and live systems     lt IfDefine  development gt    AuthType Basic   AuthName  Say the secret word    AuthUserFile  var www hostname  htpasswd   Require valid-user  lt  IfDefine gt    Development server configuration  Debian   Append the following to  etc apache2 envvars   export APACHE ARGUMENTS -Ddevelopment   Restart your apache afterwards and you ll get a password prompt only when you re not on the development server   You can of course add another IfDefine for the development server  just copy the block and remove the

User · Answer

1  Note that it is considered insecure to have the  htpasswd file below the server root   2  The docs say this about relative paths  so it looks you re out of luck      File-path is the path to the user file  If it is not absolute  i e   if it doesn t begin with a slash   it is treated as relative to the ServerRoot    3  While the answers recommending the use of environment variables work perfectly fine  I would prefer to put a placeholder in the  htaccess file  or have different versions in my codebase  and have the deployment process set it all up  i  e  replace placeholders or rename   move the appropriate file    On Java projects  I use Maven to do this type of work  on  say  PHP projects  I like to have a build sh and   or install sh shell script that tunes the deployed files to their environment  This decouples your codebase from the specifics of its target environment  i  e  its environment variables and configuration parameters   In general  the application should adapt to the environment  if you do it the other way around  you might run into problems once the environment also has to cater for different applications  or for completely unrelated  system-specific requirements

[.htaccess] How to use a RELATIVE path with AuthUserFile in htaccess?

Examples related to .htaccess

Examples related to .htpasswd