LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 01-26-2010, 08:16 PM   #1
razzera
Member
 
Registered: Dec 2009
Posts: 105

Rep: Reputation: 15
Apache http auth.


Hello.

I have a folder on my server i want to protect with http authentication but i have problem.

i created a password
htpasswd -c .htpasswd razzera

then i created a .htaccess file in the folder and added
AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile /.htpasswd
Require user razzera

but when i go tho the folder it wont request any login details. why ??
 
Old 01-26-2010, 10:59 PM   #2
Web31337
Member
 
Registered: Sep 2009
Location: Russia
Distribution: Gentoo, LFS
Posts: 399
Blog Entries: 71

Rep: Reputation: 65
did you try .htpasswd instead of /.htpasswd?
 
Old 01-27-2010, 12:07 AM   #3
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Right, that does not look like the correct FQ path to your .htpasswd file. (Unless you literally created it under / -- the filesystem root.)
 
Old 01-27-2010, 04:06 AM   #4
razzera
Member
 
Registered: Dec 2009
Posts: 105

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by anomie View Post
Right, that does not look like the correct FQ path to your .htpasswd file. (Unless you literally created it under / -- the filesystem root.)
that's what i did. i created it under root and it's currently in the root.
 
Old 01-27-2010, 04:27 AM   #5
zhjim
Senior Member
 
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,467
Blog Entries: 11

Rep: Reputation: 184Reputation: 184
Like suggested make sure to create the .htpasswd file in the right folder.
Another thing to check on is if the config of the apache allows usage of .htpasswd files.
Check your config for a line like
Code:
AllowOverride
If it reads like
Code:
AllowOverride None
.htpasswd files are not used.
Change it to
Code:
AllowOverride Auth
(from mind check out apache.org page for correctness)
 
Old 01-27-2010, 05:27 AM   #6
razzera
Member
 
Registered: Dec 2009
Posts: 105

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by zhjim View Post
Like suggested make sure to create the .htpasswd file in the right folder.
Another thing to check on is if the config of the apache allows usage of .htpasswd files.
Check your config for a line like
Code:
AllowOverride
If it reads like
Code:
AllowOverride None
.htpasswd files are not used.
Change it to
Code:
AllowOverride Auth
(from mind check out apache.org page for correctness)

Must the .htpasswd be in the folder i want to protect? cant it be in another place on the server ??

EDIT:

I changed it in the httpd.conf for apache so it's "AllowOverride Auth" now.

I now moved the .htpasswd to /etc/apache2/.htpasswd and my .htaccess looks like this

Quote:
AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile /etc/apache2/.htpasswd
Require user razzera
still when i go to the folder i get no login details :/

Last edited by razzera; 01-27-2010 at 05:42 AM.
 
Old 01-27-2010, 07:32 AM   #7
zhjim
Senior Member
 
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,467
Blog Entries: 11

Rep: Reputation: 184Reputation: 184
Sorry I mixed up .htaccess and .htpasswd.
The .htpasswd file which contains the user and passwords can be anywhere. (Just make sure the user under which apache is running can access it).
The .htaccess file needs to go into the directory you want to protect.

Did you restart the apache after changing the config file?
Code:
apache2ctl -k restart
or
Code:
/etc/init.d/apache2 restart
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
apache: http://localhost (work) http://ipaddress (not working) sarmad Linux - Newbie 7 02-05-2013 08:47 AM
Swaret through http proxy+auth securedigital Slackware 8 09-30-2008 11:30 AM
Apache 2 LDAP auth noir911 Linux - Server 1 02-24-2008 11:42 PM
apache auth deflin39 Linux - Software 5 01-09-2004 10:17 PM
apache auth with NT antken Linux - Software 0 07-09-2002 08:11 AM


All times are GMT -5. The time now is 11:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration