How to access htpasswd-protected page automatically

.htaccess iframe .htpasswd
11,468

You can src the frame with the username and password in the link itself:

http://myusername:[email protected]/mystuff

But this sort of defeats the purpose of password protecting the directory since anyone can look at the page source and know the username/password, and not all browsers support this type of URL.

You could make it so the referer is checked when attempting to access the /mystuff directory, and if it's from where the iframe is embedded, allow access without prompting for a password. But the referer can be spoofed very easily.

Share:
11,468

Related videos on Youtube

Demilio
Author by

Demilio

Updated on September 15, 2022

Comments

  • Demilio
    Demilio over 1 year

    I have a passwordprotected directory with htaccess and htpasswd.

    The htaccess looks like this

    AuthUserFile /usr/local/you/safedir/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic

require user myusername

    The htpasswd looks like this

    myusername:password887

    This password protected directory is named www.mydomainname.com/mystuff

    Now, I want to access this page fram a iframe (with www.mydomain.com/mustuff/index.html as src) in index.php in my root, but I dont want to make the users fill in the username and password all the time, just keep them from entering the folder the src is in.

    Is there a script that can fill out the username and password automatically without letting the "users" write the username and password all the time?

  • Demilio
    Demilio over 11 years
    not really man. This could be good if it works, because I really need to keep people from accessing the directory directly. The iframe is allready in a passwordprotected area with diabled right click, so I´ve got it as secured as I need :) thansk, I´ll try this
  • Syntax Error
    Syntax Error over 10 years
    Just got this to work, it's exactly what I needed. In my case it doesn't matter if the password is exposed in source because the page in question won't display unless you're already logged in with appropriate privileges - those people are all allowed to have this password - the workaround is just for their convenience. Do you know which browsers this will fail in?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

htaccess gives 500 - Internal Server Error
How to use .htaccess to allow page access in my iframe but not directly?
Password protect directory with Apache: "couldn't check user. Check your authn provider!"
How to create and edit .htaccess and .htpasswd locally on my computer and then upload to my site via ftp?
Permission denied: Could not open password file.
Invalid command 'AuthType', perhaps misspelled or defined by a module not included in the server configuration
Apache .htaccess error: 'not allowed here' on Debian Wheezy
How do I figure out what user & group Apache is running as?
Apache 2.4 "..authentication failure..:Password Mismatch"
How to logout when using .htaccess (and .htpasswd) authentication?