Forum Moderators: phranque
.htaccess
.htpasswd
server-default.hmtl
favicon.ico
public_html
.htaccess file look like this;
# Prevent .htacces from beeing listed
<Files .htaccess>
order allow,deny
deny from all
</Files>
# Prevent site from beeing indexed
IndexIgnore *
# Redirect visitor to sub_folder
Redirect /index.html http://example.com/public_html/index.html
# User authentification
AuthName "Restricted Area - Members Only !"
AuthType Basic
AuthUserFile /.htpasswd
AuthGroupFile /dev/null
require valid-user
Redirect to {index.html} in [public_html] works OK, authentification starts OK, BUT despite entering ANY correct User/PW pair, Apache keeps nagging for User/PW. I interpret that behaviour such as .htpasswd is not found or not in correct position. What am I missing?
[edited by: jdMorgan at 12:38 am (utc) on May 17, 2008]
[edit reason] example.com [/edit]
You might try PHPINFO() to discover what it is.
AuthUserFile /vhost/vhost4/e/x/a/example.com/www/.htpasswd
.
Your redirect scares the heck out of me. Why would you expose public_html as a part of the URL? I would have used a rewrite to keep it hidden.
Additionally, I would never redirect to a URL that includes the index file filename. The canonical form is usually that ending with a slash directly after the domain or folder name.
I have never put up a site containing "sensitive material", and have been given advise to put the site _below_ [root] in order to keep .htaccess _above_ what is exposed to the public. I am gaining knowledge on a "trial and error" basis, but have great difficulties in understanding how to do it, prtly because I don't have the basic skills, partly because there is nothing ( afaik ) written on the subject in my native language.
Tasks to deal with ASAP;
• Find correct local path to .htaccess
• Substitute redirect with rewrite
Anything else?
I take a different route: deny access to all sensitive files (anything that starts with a "dot" or "underscore", ends with ".log" or ".inc", and so on).
There's many ways to get the job done.
