I'm close to tears - .htaccess problem - Apache Web Server forum at WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

I'm close to tears - .htaccess problem

wardy83

12:14 am on Jan 25, 2007 (gmt 0)

Hi, this is my last resort! I have spent the last few nights, following every tutorial on the net on how to do a simple password protect on a directory...
None of them are working!

Basically can anyone tell me what I need to put in my .htaccess, .htpasswd and httpd.conf files to get this working!

I'm running Suse 10.2, I did get this working on Windows, but for some reason it isn't on Linux.

I have changed the httpd.conf to AllowOveride All and AllowOveride AuthConfig, restarted the Apache server... and still not working!

jdMorgan

12:23 am on Jan 25, 2007 (gmt 0)

The most likely cause of trouble is that you must use the password-generation utility provided on your server to generate or update your password file.

I presume you've read this [httpd.apache.org]?

Jim

cmarshall

12:28 am on Jan 25, 2007 (gmt 0)

I've used this [tools.dynamicdrive.com] for the servers I have under my control.

My ISP actually has a control panel utility that password protects folders there.

The Apache server should have its httpd.conf file set to allow you to specify this (follow that link you were given).

Don't cry. It'll be OK. It's just A Patchy Server...

wardy83

12:32 am on Jan 25, 2007 (gmt 0)

Yes, looked through it... still not idea what I'm doing wrong...

I have no htpasswd program so was using the generator on the web.

httpd.conf:

<Directory /srv/www/htdocs/test>
Options None
AllowOverride All
Order allow,deny
</Directory>

.htaccess:

AuthUserFile /srv/www/htdocs/test/htpasswd/.htpasswd
AuthName For Testing Purposes Only!
AuthType Basic
<Limit GET>
require validuser
</Limit>

.htpasswd:

validuser:y4E7Ep8e7EYV

cmarshall

12:43 am on Jan 25, 2007 (gmt 0)

Just FYI. This is what I use (names changed to protect the guilty):

.htaccess:

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /Users/webadmin/.htpasswd
AuthGroupFile /dev/null
require valid-user
<IfModule mod_rewrite.c>
RewriteEngine off
</IfModule>

/Users/webadmin/.htpasswd:

webadmin:PASSWORD_JUNK

I use a Mac, so this is no secret (httpd.conf):

<Directory "/Library/WebServer/Documents">
Options All MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>

Make sure that httpd has read access to all files.

jdMorgan

12:48 am on Jan 25, 2007 (gmt 0)

Correct form:


Require valid-user

In Apache config, there is no latitude whatsoever for typos, misspelling, etc. You may wish to use different variations, but for initial testing, do it "by the book."

Also, attempting to use "validuser" as a username is a very bad idea security-wise...

I strongly suggest you also add:


<LimitExcept GET>
Deny from all
</LimitExcept>

below your <Limit> container. Otherwise, only GETs will require a login, while POSTs, DELETEs, etc. will not....

Jim

wardy83

12:55 am on Jan 25, 2007 (gmt 0)

ok guys! it's done... working good and proper!

thank you ever so much.

my main problem was that i was editing the httpd.conf whilst the default_server.conf was overwriting with the AllowOveride None..

The .htaccess and .htpasswd generator worked a treat...

thanks again..!

I can now sleep better at night. :)