LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 09-16-2003, 11:10 AM   #1
WorldBuilder
Member
 
Registered: Mar 2003
Location: Massachusetts, USA
Distribution: RH 8, Solaris, Windoze eXPunged
Posts: 520

Rep: Reputation: 30
.htaccess driving me crazy! Help!


Hi all,

I recently started into the world of making my own websites. I am new to it, but enjoy it so far. On my site, there is an area which I would like to password protect, that is I want people to have to enter a username and password to enter. After some questions and some research, I figured that .htaccess was the way to go. I have apache running on an RH 8 box. Everything runs fine with apache, but I cannot get this .htaccess thing to work to save my life. I turn to you, the Gods of Linux!

Here's what I have done:

My DocumentRoot directory is /home/www. There is a subdirectopry called "jonathan". That is the site I want password protected. I created the .htaccess file inside the jonathan directory, and it looks like this:

AuthUserFile /home/www/passwd/.htpasswd
AuthGroupFile /dev/null
AuthName You_need_a_Password
AuthType Basic
<Limit GET>
require user doowadiddy
</Limit>

Then, I created my .htpasswd file in the /home/www/passwd directory by:
/usr/local/apache2/bin/htpasswd -c /home/www/passwd/.htpasswd doowadiddy

I then input what I wanted the password would be at the cute little prompt. Tried to go to the site, and it let me right in without prompting me for a password or username. Hmmmmmmmmm... I researched a bit farther.

I then vi'ed the httpd.conf file and looked around in there for a while. AllowOverride is set to all and AccessFileName is set to .htaccess. Looks ok to me (in my limited knowledge)!

Permissions are as follows:
jonathan directory = rwxr-xr-x
passwd directory = rwxr-xr-x
.htaccess file = rwxrwxrwx
.passwd file = rwxrwxrwx

I am at a loss as to what's wrong. Any thought would be greatly appreciated! Thanks a million.

Chris
 
Old 09-16-2003, 11:22 AM   #2
ocularbob
Member
 
Registered: Nov 2002
Location: brooklyn NYC
Distribution: gentoo
Posts: 212

Rep: Reputation: 30
I'm using basic auth although it is fairly insecure.
if you add the following httpd.conf

<Directory /home/www/jonathan/>
AuthType Basic
AuthName "jonathan"
AuthUserFile /home/www/access/jonathan
Require valid-user
</Directory>

then create the pass file "jonathan"in /home/www/access/
that should work unless i've left something out.
I just did exactly what i was told by
apache basic auth doc
hope that helps
 
Old 09-16-2003, 12:25 PM   #3
uthlekan
LQ Newbie
 
Registered: Jul 2003
Location: minna
Posts: 8

Rep: Reputation: 0
Adding password protection to a web site.
1. Change to and/or specify directory to protect:
Code:
--------------------------------------------------------------------------------

vi /etc/httpd/conf/httpd.conf

<Directory /home/www/jonathan/>
AllowOverride All
</Directory>



--------------------------------------------------------------------------------

2.) Create the directory you want to password protect (example: hb)

Create a file
home/www/jonathan/.htaccess
in that director that looks something like this:
Code:
--------------------------------------------------------------------------------

vi /home/www/jonathan/.htaccess

AuthName "Add your login message here."
AuthType Basic
AuthUserFile /var/www/html/hb/.htpasswd
AuthGroupFile /dev/null
require user name-of-user


--------------------------------------------------------------------------------


In this case the "name-of-user" is the login name you wish to use for accessing the web site.

3.) Create the password file /home/www/jonathan/.htpasswd using the program htpasswd:

Code:
--------------------------------------------------------------------------------

htpasswd -c /home/www/jonathan/.htpasswd name-of-user
service httpd restart

--------------------------------------------------------------------------------
 
Old 09-16-2003, 02:07 PM   #4
WorldBuilder
Member
 
Registered: Mar 2003
Location: Massachusetts, USA
Distribution: RH 8, Solaris, Windoze eXPunged
Posts: 520

Original Poster
Rep: Reputation: 30
Thanks for the ideas so far, fellas, but this is still not working! This is really annoying! Here's part of my httpd.conf file:


# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/home/www">

#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI Multiviews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs-2.0/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks

#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All

#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all

</Directory>

#
# Disable autoindex for the root directory, and present a
# default Welcome page if no other index page is present.
#
<LocationMatch "^/$>
Options -Indexes
ErrorDocument 403 /error/noindex.html
</LocationMatch>

#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid. This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
#
<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
UserDir disable

#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disable" line above, and uncomment
# the following line instead:
#
#UserDir public_html

</IfModule>

#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
#<Directory /home/*/public_html>
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# <Limit GET POST OPTIONS>
# Order allow,deny
# Allow from all
# </Limit>
# <LimitExcept GET POST OPTIONS>
# Order deny,allow
# Deny from all
# </LimitExcept>
#</Directory>

#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
# The index.html.var file (a type-map) is used to deliver content-
# negotiated documents. The MultiViews Option can be used for the
# same purpose, but it is much slower.
#
DirectoryIndex index.html index.html.var

#
# AccessFileName: The name of the file to look for in each directory
# for access control information. See also the AllowOverride directive.
#
AccessFileName .htaccess

One thing I noticed... I do NOT have a "public_html" directory. Is that important? Thanks!

Chris
 
Old 09-16-2003, 03:46 PM   #5
bruce1271
Member
 
Registered: Apr 2003
Location: Dallas, TX
Posts: 122

Rep: Reputation: 15
I have a Dir called /max2/www which houses all my subdirectories and users for the web.

in httpd.conf:

<Directory /max2/www/>
AllowOverride All
Order allow,deny
Allow from all
AllowOverride AuthConfig
</Directory>

Make sure this is in there for your main directory not the directory of individual web page areas, but the root directory instead.
 
Old 09-16-2003, 04:31 PM   #6
ocularbob
Member
 
Registered: Nov 2002
Location: brooklyn NYC
Distribution: gentoo
Posts: 212

Rep: Reputation: 30
the config file you posted does not have an auth section.
so it's not even going to try to work. you need a section setting up basic auth for your directory like bruce and i have mentioned. go through the doc and it will work.
 
Old 09-16-2003, 05:16 PM   #7
WorldBuilder
Member
 
Registered: Mar 2003
Location: Massachusetts, USA
Distribution: RH 8, Solaris, Windoze eXPunged
Posts: 520

Original Poster
Rep: Reputation: 30
Quote:
the config file you posted does not have an auth section.
I have tried several different methods of adding that to the httpd.conf file with no results. However, I have to ask this. Looking at my original conf file, aren't those elements already there? Look at what is highlighted in red (from my httpd.conf file):

# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/home/www">

#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI Multiviews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs-2.0/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks

#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All

#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all

</Directory>

All the things you mention are within the <Directory> and </Directory>. Isn't that what you are talking about? The only thing missing is the AllowOverride AuthConfig which I added as one of my attempts. I'm sorry, I know this must be irritating (dealing with me, that is), but I simply don't understand what you are telling me. Further help, please? Thanks for your patience, guys!

Chris

PS. I am using Apache 2.0, by the way.

Last edited by WorldBuilder; 09-16-2003 at 05:49 PM.
 
Old 09-16-2003, 08:31 PM   #8
WorldBuilder
Member
 
Registered: Mar 2003
Location: Massachusetts, USA
Distribution: RH 8, Solaris, Windoze eXPunged
Posts: 520

Original Poster
Rep: Reputation: 30
I know what's wrong! You guys will kill me when you read my next post (provided I can get it working, which I think I can now!). I will post later.

Chris
 
Old 09-17-2003, 08:46 AM   #9
WorldBuilder
Member
 
Registered: Mar 2003
Location: Massachusetts, USA
Distribution: RH 8, Solaris, Windoze eXPunged
Posts: 520

Original Poster
Rep: Reputation: 30
My post that is two above this is correct, as opposed to what I was being told by you guys. However, I was editing the WRONG FILE! I know, I'm a tool... I used to have apache 1.3 which was installed from RPM. Months ago, I uninstalled that RPM and installed apache 2 from source. That installs in a completely different directory structure, not to /etc like the RPM install does. I was editing the old /etc/httpd/conf/httpd.conf file when I should have been editing the /usr/local/apache2/conf/httpd.conf file! Oops! Thanks for all the infu though, guys. I appreciate it. It's working fine now, no worries.

Chris
 
Old 09-18-2003, 08:20 AM   #10
ocularbob
Member
 
Registered: Nov 2002
Location: brooklyn NYC
Distribution: gentoo
Posts: 212

Rep: Reputation: 30
right on.
yeah i guess i forgot to ask what version of apache you were using. alls well that ends well.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
JACK driving me crazy... pujolasdf Linux - Software 6 05-18-2005 02:50 PM
[ ] @ are driving me crazy FireInTheDark Linux - Software 1 11-28-2004 09:42 AM
Help this is driving me crazy!!!!!! Wolfy Linux - Hardware 1 07-07-2004 01:32 AM
Install driving me crazy lmanwarren *BSD 8 04-19-2004 10:16 PM
rhythmbox driving me crazy... Camasii Linux - Software 4 01-22-2004 09:08 AM


All times are GMT -5. The time now is 04:37 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration