homepage Welcome to WebmasterWorld Guest from 54.205.122.62
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
autherization denied
password via .htaccess
knighty

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 427 posted 9:25 am on May 18, 2001 (gmt 0)

I have been setting passwords on dirs using the .htaccess method for a while but if you enter the wrong pass you just get a blank page with something like 'autherisation denied' or the like.

Anyway I recently discovered how you can create custom 404 pages and thought can i do something simailr for failed password attempts?

Well can I? oh yeah and how secure is this method of protecting directories?

 

Gorufu

10+ Year Member



 
Msg#: 427 posted 12:47 pm on May 18, 2001 (gmt 0)

You should be able to create custom 401 error pages for failed password attemps if the errorpage is not in a protected directory.

Add to .htaccess

ErrorDocument 401 /pathto/errorpages/401.html

andytt

10+ Year Member



 
Msg#: 427 posted 12:48 pm on May 18, 2001 (gmt 0)

You need to add a line like this to your htaccess file

ErrorDocument 401 /access_denied.htm

pointing to the document to serve up if the password is wrong

andytt

10+ Year Member



 
Msg#: 427 posted 12:48 pm on May 18, 2001 (gmt 0)

You need to add a line like this to your htaccess file

ErrorDocument 401 /access_denied.htm

pointing to the document to serve up if the password is wrong

knighty

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 427 posted 12:56 pm on May 18, 2001 (gmt 0)

Cool, Thanks guys!

how secure is this method i.e. how easy for someone to hack etc?

Froggyman



 
Msg#: 427 posted 8:32 pm on May 20, 2001 (gmt 0)

I use password protected directories and custom error redirects but for some reason it won't work with a 401. Instead of asking for a password it sends you to the 401 page regardless. May be the way the server is set up (beyond my control) or something else but I have noticed the same on other sites.

Password protected directories are about as safe as the directory the password is kept in. The actual .htpasswd file can easily be cracked if found so give the directory it is kept in a good cryptic name. Dont place it among your common files.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved