autherization denied

Forum Moderators: phranque

Message Too Old, No Replies

autherization denied

password via .htaccess

knighty

9:25 am on May 18, 2001 (gmt 0)

I have been setting passwords on dirs using the .htaccess method for a while but if you enter the wrong pass you just get a blank page with something like 'autherisation denied' or the like.

Anyway I recently discovered how you can create custom 404 pages and thought can i do something simailr for failed password attempts?

Well can I? oh yeah and how secure is this method of protecting directories?

Gorufu

12:47 pm on May 18, 2001 (gmt 0)

You should be able to create custom 401 error pages for failed password attemps if the errorpage is not in a protected directory.

Add to .htaccess

ErrorDocument 401 /pathto/errorpages/401.html

andytt

12:48 pm on May 18, 2001 (gmt 0)

You need to add a line like this to your htaccess file

ErrorDocument 401 /access_denied.htm

pointing to the document to serve up if the password is wrong

andytt

12:48 pm on May 18, 2001 (gmt 0)

You need to add a line like this to your htaccess file

ErrorDocument 401 /access_denied.htm

pointing to the document to serve up if the password is wrong

knighty

12:56 pm on May 18, 2001 (gmt 0)

Cool, Thanks guys!

how secure is this method i.e. how easy for someone to hack etc?

Froggyman

8:32 pm on May 20, 2001 (gmt 0)

I use password protected directories and custom error redirects but for some reason it won't work with a 401. Instead of asking for a password it sends you to the 401 page regardless. May be the way the server is set up (beyond my control) or something else but I have noticed the same on other sites.

Password protected directories are about as safe as the directory the password is kept in. The actual .htpasswd file can easily be cracked if found so give the directory it is kept in a good cryptic name. Dont place it among your common files.