LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-27-2005, 12:55 AM   #1
jamluv
LQ Newbie
 
Registered: May 2004
Distribution: RH 9
Posts: 19

Rep: Reputation: 0
Apache and .htaccess


Can someone help. i want to password protect a webpage. i created the password file with .htpasswd and also the .htaccess file. i enabled the allowOverride to AuthConfig option in httpd.conf for the directory but still i cant get the password prompt when i visit the page. any ideas. is there any other option i have to enable?
 
Old 05-27-2005, 03:59 AM   #2
iceman47
Senior Member
 
Registered: Oct 2002
Location: Belgium
Distribution: Debian, Free/OpenBSD
Posts: 1,123

Rep: Reputation: 47
Read this: http://httpd.apache.org/docs/howto/htaccess.html
If it still doesn't work post again, showing a stripped down apache/httpd.conf (without all the quotes, just the config) and the .htaccess file.
 
Old 05-27-2005, 04:49 AM   #3
overlord73
Member
 
Registered: Apr 2004
Location: ..where no life dwells..
Distribution: RH,FC/SuSE/Debian/HPUX/OSX
Posts: 511

Rep: Reputation: 30
is the AuthUserFile-Dir correct?
 
Old 05-29-2005, 01:16 PM   #4
jzimmerlin
LQ Newbie
 
Registered: May 2005
Location: Grover Beach, California
Posts: 4

Rep: Reputation: 0
Password Protecting Directories using .htpasswd
March 20, 2005

The Objective: To password protect directories on an Apache web server using .htaccess and .htpasswd configuration files.

What does a .htaccess file do?
.htaccess configuration files provide for configuration changes on a per-directory basis. For example, a .htaccess configuration file placed in your "Download" directory makes configuration changes only to the "Download" directory and it's sub-directories.

.htaccess configuration files can be used to password protect directories, create custom error pages, and much more.

Enabling .htaccess
By default, the Apache configuration file (httpd.conf) disables .htaccess.

To enable .htaccess, change "AllowOverride" from "None" to "All" in the htaccess section of the Apache configuration file (httpd.conf). The Apache configuration file is lengthy and thus finding the .htaccess section is difficult unless you use Notepad or Wordpad's search function.

Restart the Apache web server application.

Creating the .htaccess File
Create a text document and type the following:

AuthName "This directory is password protected. Please enter a valid username and password."
AuthType Basic
AuthUserFile /path_to_your_htpasswd_file/.htpasswd
Require valid-user

"This directory is password protected. Please enter a valid username and password" is the message displayed during the user login.

The "/path_to_your_htpasswd_file/.htpasswd" is the relatvie path to your .htpasswd file. Depending on your Apache server configuration, you may need to use an absolute path such as "C:/Program Files/Apache Group/Apache/conf/.htpasswd" (including the quotation marks).

The .htpasswd file contains the username and passwords for accounts on your Apahce web server. By default, the Apache web server disables access to files beginning with .ht so that the contents of your .htpasswd file cannot be viewed. However, it is recommended that you place your .htpasswd file in a private directory, such as the Apache "conf" directory.

Upload the text document into the directory you want to password protect and rename it ".htaccess" using a File Transfer Protocol (FTP) client.

Creating the .htpasswd file
The .htpasswd file contains the username and password for accounts on your web server in the following format:

Username:encrypted password
Example: Jeff:eb1gNE7F3VRRY

KxS, a virtual web hosting company, has a great .htpasswd password encryptor. Copy and paste the username and password combination into a text document. Upload the text document you created earlier and rename it ".htpasswd" using a File Transfer Protocol (FTP) client.

Note: Windows XP Home servers do NOT support password encryption in the .htpasswd file. The .htpasswd file must contain the username and password (not encrypted) on Windows XP Home servers.

Congratulations! The directory your .htaccess configuration file is placed in is now password protected

Last edited by jzimmerlin; 07-25-2006 at 05:09 PM.
 
Old 06-01-2005, 01:49 PM   #5
Atrocity
Member
 
Registered: Nov 2002
Location: Hell
Distribution: FreeBSD, Slackware
Posts: 308

Rep: Reputation: 30
make sure your htaccess file is correctly pointing at your htpasswd file and make sure you htaccess file is in the directory with the pages you are looking to protect, it will only protect that directory and sub directories I belive too
 
Old 06-03-2005, 12:23 AM   #6
sigsegv
Senior Member
 
Registered: Nov 2004
Location: Third rock from the Sun
Distribution: NetBSD-2, FreeBSD-5.4, OpenBSD-3.[67], RHEL[34], OSX 10.4.1
Posts: 1,197

Rep: Reputation: 46
You'll also have to AllowOverrides appropriately in your VirtualHost configuration
 
Old 06-03-2005, 02:33 AM   #7
jamluv
LQ Newbie
 
Registered: May 2004
Distribution: RH 9
Posts: 19

Original Poster
Rep: Reputation: 0
I finally got a prompt to enter the password but the credintials cant authonticate aginst the password file. am quite sure the path is correct in .htaccess.
 
Old 06-03-2005, 07:31 AM   #8
sigsegv
Senior Member
 
Registered: Nov 2004
Location: Third rock from the Sun
Distribution: NetBSD-2, FreeBSD-5.4, OpenBSD-3.[67], RHEL[34], OSX 10.4.1
Posts: 1,197

Rep: Reputation: 46
look in the error.log. Apache's pretty good about useful errors.
 
Old 06-03-2005, 11:27 AM   #9
Atrocity
Member
 
Registered: Nov 2002
Location: Hell
Distribution: FreeBSD, Slackware
Posts: 308

Rep: Reputation: 30
Did you correctly hash the passwords and add usernames to the htpassword file? There are programs and internet sites that will give you the hash for the file
 
Old 06-03-2005, 02:53 PM   #10
sigsegv
Senior Member
 
Registered: Nov 2004
Location: Third rock from the Sun
Distribution: NetBSD-2, FreeBSD-5.4, OpenBSD-3.[67], RHEL[34], OSX 10.4.1
Posts: 1,197

Rep: Reputation: 46
There's also htpasswd. It comes with Apache and everything.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with Apache and .htaccess spud Programming 1 03-17-2005 11:52 AM
Apache/2.0.51 .htaccess 2782d4 Linux - Software 2 02-08-2005 12:12 PM
apache .htaccess linuxanswer Linux - General 1 05-01-2004 04:20 PM
apache .htaccess emetib Linux - Software 4 09-22-2003 06:50 AM
is htaccess on apache 2.0 not the same as in 1.3 abd_bela Linux - General 3 07-23-2003 05:17 AM


All times are GMT -5. The time now is 03:06 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration