Password protect specific files?

[fiend Profile]

Hello!

I've tried to password protect specific files, but as soon as a put in the FilesMatch the site shows an error message due to an "internal server error" or something like that.

This is my .htaccess-files

# Helicon Ape version 3.1.0.233

<FilesMatch "\.(gif|jpe?g|png)$">
# Authentication type
AuthType Basic
# Name of area authentication will be used for (aka realm)
AuthName "secret area"

# Authentication provider. Here - mod_authn_file
AuthBasicProvider file
# Info for mod_authn_file - path to password file
AuthUserFile c:\inetpub\.htpasswds
# Access will be granted to all authenticated users
Require valid-user
</FilesMatch>

Is this not how you do it?
I would like to password protect a subfolder and all files of a specific type so if you try to access it you will get a login-dialog.

Best regards
Fredrik

[Anton]

Hello Fredrik,

Please try fixing the opening statement like this:

<FilesMatch "^.*\.(gif|jpe?g|png)$>

If it doesn't work, please enable logging in httpd.conf by putting

LogLevel debug

and provide error.log records for the test request.

[fiend Profile]

I think that I found what was wrong in the first place when I looked at the log file. The password-file could not be found.
Now that I have corrected that, it still seems that the web page is generating the same error.
And the log is not "extended". Tried to delete the log-file and the log-file is not recreated.

##----------------------------------------------------------------------
##
## The following code enables most detailed logging for Ape
##

Loglevel debug
ErrorLog error.log

[Anton]

>Tried to delete the log-file and the log-file is not recreated.

It may happen due to insufficient permissions. Please create the empty error.log manually and see if it gets populated after that.

It is important to understand if the FileMatch gets matched and if the rule gets applied or not.

[fiend Profile]

I've recreated the file in:
C:\Program Files (x86)\Helicon\Ape\logs
And given it full permissions for everybody. Nothing seems to be written to the file when I run debug on the folder that gives me the error =/
In Helicon Ape Manager I go to the folder where I have the .htaccess-file and wish to use the "filesmatch" on.. and go to tools - start Ape debugger.
Then it displays the "error-page" in Ape manager but nothing has been written to the logfile. I then stop the Ape debugger. Tried this 3 times but nothing seems to write to the log-file.
It worked the first time though when I got the error that the passwd-file was missing.

[Anton]

Hello,

Instead of creating a folder for log files simply create two empty files here:

C:\Program Files (x86)\Helicon\Ape\error.log
C:\Program Files (x86)\Helicon\Ape\rewrite.log

Also please show what IIS log records for your test request.

[fiend Profile]

I was perhaps a little unclear in what I wrote but I've created the error.log in that folder, not just created the folder
"C:\Program Files (x86)\Helicon\Ape\logs" contains error.log and rewrite.log
Now I've created the files in C:\Program Files (x86)\Helicon\Ape\ aswell. Why should I create the files there and not in the "logs"-folder?

The IIS creates a log-file for today now that I started the file, but the log file is empty.

[Anton]

Hello,

>Why should I create the files there and not in the "logs"-folder?

This is the default location, otherwise you will have to explicitly specify the path to the log files using RewriteLog and ErrorLog directives.

Please try using the Files section instead just for testing:

<Files ~ "\.(gif|jpe?g|png)$">
...
</Files>

And if you still get Internal server error, could you please show the screenshot of it.

[fiend Profile]

That seems to work!
When I use <files> I get a dialog when I try to access the "pdf.png"-file.
If I access a regular web-file like a .HTML-file it dont give a dialog to login.
Seems to work fine and no error.
Perhaps I cant use the filesmatch?

[fiend Profile]

If I want to exclude certain IP-adresses from this "rule", where do I write that?

Best regards
Fredrik

[Anton]

Hello Fredrik,

>If I want to exclude certain IP-adresses from this "rule", where do I write that?

You may try specifying specific ip-addresses by putting <VirtualHost> tags around the <Files> tabs:

https://www.helicontech.com/ape/doc/mod ... irtualHost

[fiend Profile]

Hmm, Im not sure that I understand, but won't VirtualHost make it that only specific IPadresses are affected by this "files"-rule?

I've googled a little and .htaccess have something that is like:
Allow from 127.0.0.1
Allow from localhost

I want to allow calls to specific file types from the localhost (for example) to be ignored and not use this rule and allow full access.

[Anton]

Hello,

>I want to allow calls to specific file types from the localhost (for example) to be ignored and not use this rule and allow full access.

I believe you can use Deny directive to prohibit access from certain IPs:

https://www.helicontech.com/ape/doc/mod_authz_host.htm

And you can also put Allow and Deny directives inside <Files> tags.

[fiend Profile]

Hello,

>I want to allow calls to specific file types from the localhost (for example) to be ignored and not use this rule and allow full access.

I believe you can use Deny directive to prohibit access from certain IPs:

https://www.helicontech.com/ape/doc/mod_authz_host.htm

And you can also put Allow and Deny directives inside <Files> tags.

I want it to deny everybody... except for IP 127.0.0.1
Then I put allow on 127.0.0.1 ?
Does not seem to work though?

[Anton]

Hello,

>I want it to deny everybody... except for IP 127.0.0.1 Then I put allow on 127.0.0.1 ?

Yes, I believe it should look like this:

Order Allow,Deny
Allow from 127.0.0.1

Please show error.log records after you make your test request.

[fiend Profile]

<Files ~ "\.(asp)$">
# Authentication type
AuthType Basic
# Name of area authentication will be used for (aka realm)
AuthName "3pl inloggning"

# Authentication provider. Here - mod_authn_file
AuthBasicProvider file
# Info for mod_authn_file - path to password file
AuthUserFile c:\inetpub\.htpasswds
# Access will be granted to all authenticated users
Require valid-user

Order deny, allow
Allow from 127.0.0.1
Allow from localhost

Satisfy any

</Files>

This does not seem to work. I want to exlude 127.0.0.1 (or localhost) from this rule. So if my local program makes a request to the page I don't want it to be affected by the "login".
Is this possible? The program just says"an error occurred: Remote server returned an error: (401) Unauthorized

[fiend Profile]

I found a solution.. I could send username and password with the request so then I can give correct credentials