Protected Web Directory does not work

Forum Moderators: phranque

Message Too Old, No Replies

Protected Web Directory does not work

tntpower

9:18 am on Jan 12, 2009 (gmt 0)

It is on a fresh CentOS 5.2 system

My .htaccess

AuthUserFile /var/www/html/dbadmin/phpmyadmin/.htpasswd
AuthType Basic
AuthName "Dababase"
require valid-user

My .htpasswd

phpmyadmin:JNKxUx79RElo6

.htaccess and .htpasswd are both set to permission 644.

When visiting myIP/dbadmin/phpmyadmin, this protected Web Directory does not work at all. I landed on phpmyadnin homepage directly without input my username and password at all.

Why it happens?

Thanks,

jdMorgan

2:27 pm on Jan 12, 2009 (gmt 0)

Is myIP/dbadmin/phpmyadmin the actual path to the phptmyadmin script, or is it an "Alias"ed path?

The .htaccess code must located somewhere in the physical filepath from DocumentRoot down to the target phpmyadmin script file. If it is not located somewhere along this filepath, then it won't be invoked when that file is requested.

If phpmyadmin is a shared script used by multiple sites on your server, then it's likely that it is not actually located in your filespace, but rather that it is Aliased so that it 'appears' to be located in all of the accounts, but is actually stored separately in a centralized location, and shared among all users. Tis is done so that the host only has to maintain and secure a single copy of the script, and can do so in a single centralized location. (See Apache mod_alias, and look at the Alias and ScriptAlias directives if this is not clear.)

This is sort of an odd question, since phpymyadmin should have its own password-protection built-in. You might want to review the php installation options.

Jim

g1smd

8:41 pm on Jan 12, 2009 (gmt 0)

phpMyAdmin requires a password to log in. It's just the password used by the MySQL database.

Whenever I have used it, the files have been in my physical filespace, and easily protected with .htpasswd.

When the system is installed centrally, normal "users" often haven't got any access to it. I've not played with that option.

tntpower

11:04 pm on Jan 12, 2009 (gmt 0)

Thanks.

>Is myIP/dbadmin/phpmyadmin the actual path to the phptmyadmin script, or is it an "Alias"ed path?

Yes. It is the physical and actual path

Phpmyadmin does have its own authentication (using mysql's username and password). But I still feel scared to expose phpmyadmin default login page to the world. That's why I want to a password protected directory. It is so odd that it does not work.

g1smd

11:20 pm on Jan 12, 2009 (gmt 0)

Yes, you are wise to have a second level of authentication.

tntpower

6:24 am on Jan 13, 2009 (gmt 0)

Follow up:

I copies .htaccess (path to .htpasswd changed) and .htpasswd to a virtual host's default directory and it works.

But it does not work in /var/www/html.

tntpower

6:33 am on Jan 13, 2009 (gmt 0)

It is because of httpd.conf setting.

Default DocumentRoot set AllowOverride to None :)