Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Can you paste full "httpd.conf" file? What happen if you made a some mistake in this .htaccess file, for example enter at beginning random characters. Server report error or display your index.html without errors?
I get the index.html page without any errors. It's like there's nothing happening.
I'm not so sure that you want me to post the entire httpd.conf file... it's rather large. Is there a portion of it that would be useful to see? The only changes I've made are to that particular 'AllowOverride all' line as well as changing my server name.
So, .htaccess is not readed at all. Check permissions, if user or group on which webserver is running has read access to it. Check all "AllowOverride" entries, maybe there are more specific which has "None" option set. Look also into files in "Include" directives if you have any.
well, I think I figured it out. You were correct about the httpd.conf file. There were two entries for <Directory>. The first was for the root directory and the sequential ones were for directories within the /var/www/html. So I added an entry:
<Directory "/var/www/html/testaccess">
AllowOverride All
</Directory>
Adding this below the other directories (I would assume) would load that command last and therefore would not be overridden by those other entries.
BTW, I changed the root directory back to AllowOverride None : ) ...that's the one that I had change originally.
In general, you should only use .htaccess files when you don't have access to the main server configuration file. There is, for example, a common misconception that user authentication should always be done in .htaccess files, and, in more recent years, another misconception that mod_rewrite directives must go in .htaccess files. This is simply not the case. You can put user authentication configurations in the main server configuration, and this is, in fact, the preferred way to do things. Likewise, mod_rewrite directives work better, in many respects, in the main server configuration.
I went ahead and tested this out with another directory that I created and it worked great. However, the authentication window said that the password is not being sent encrypted. out of curiosity, will the password be in plain text for sniffing programs to see?
I guess the only way to remedy that is to make the site secure and put the protected directory behind it. Is there a way to make the password inputs more secure?
Yes, in basic authentication passwords are sent in plain text and easily readable by sniffing. Some more secure method is a digest authentication Credentials data is somehow mangled and even readed by sniffer is probably not possible to guess password, but this method is not safe againts man in the middle attacks, as browser cannot authenticate server. Also any method of authentication you choose does not crypt data you transfer between browser and server. You need to use ssl certificates to crypt communication.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.