LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   .htaccess and .htpasswd Not Working (http://www.linuxquestions.org/questions/linux-server-73/htaccess-and-htpasswd-not-working-865318/)

kitek 02-27-2011 11:43 AM

.htaccess and .htpasswd Not Working
 
I have created a sub directory on my box on a website for my company. It is a page that has links to my tools I want to use when I do service calls. Links that connect to my servers webmin etc. Of course I don't want them found by webcrawling bots. I have created a .htpasswd file using htpasswd -c /location/to/file/.htpasswd.

This file is located outside the web. Just under the public_html folder. Then I went to the sub directory I want to protect and added a text file named .htaccess. It contains:

/home/sites/www.domain.net/tech/

AuthType Basic
AuthName "Some long name"
AuthUserFile /home/sites/www.domain.net/.htpasswd
Require valid-user

ErrorDocument errornumber /home/sites/errorpages/403.html

I also opened the httpd.conf and changed AllowedOverride to All

The error document doesn't work either.

I then restarted the httpd service. I try to access the site and it lets me right in without asking for a password. It is apache 2xxx on Centos 4.5. Webmin under Apache confifirms all this.

What am I missing?

bathory 02-27-2011 03:17 PM

Hi,

Looks like apache does not read the .htaccess. To see if that's the case, put some gibberish in .htaccess and see if you get a 500 error.
Alos, to make sure your directory (e.g. /home/sites/www.domain.net/tech/) will be protected by .htaccess, add in httpd.conf
Code:

<Directory /home/sites/www.domain.net/tech>
 AllowedOverride All
 Allow from all
</Directory>

Regards

kitek 02-27-2011 03:25 PM

Quote:

Originally Posted by bathory (Post 4273121)
Hi,

Looks like apache does not read the .htaccess. To see if that's the case, put some gibberish in .htaccess and see if you get a 500 error.
Alos, to make sure your directory (e.g. /home/sites/www.domain.net/tech/) will be protected by .htaccess, add in httpd.conf
Code:

<Directory /home/sites/www.domain.net/tech>
 AllowedOverride All
 Allow from all
</Directory>

Regards

That seems to be the case. I did put garbage in it and nothing changed. So any idea's why it isn't reading the .htaccess file?

kitek 02-27-2011 03:47 PM

Quote:

Originally Posted by kitek (Post 4273130)
That seems to be the case. I did put garbage in it and nothing changed. So any idea's why it isn't reading the .htaccess file?


btw I did add
<Directory /home/sites/www.domaint/public_html/tech
AllowOverride All
Allow from all
</Directory>

to the httpd.conf and still no changes.

bathory 02-27-2011 05:03 PM

Doh, check if you have defined a AccessFileName other than .htaccess in httpd.conf
Code:

AccessFileName  .htaccess

kitek 02-27-2011 05:10 PM

Quote:

Originally Posted by bathory (Post 4273218)
Doh, check if you have defined a AccessFileName other than .htaccess in httpd.conf
Code:

AccessFileName  .htaccess

looks good

this is whats there:

AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess

bathory 02-27-2011 05:30 PM

You can try to remove .htaccess and put its contents in httpd.conf directly and see what happens:
Code:

<Directory /home/sites/www.domain.net/tech>
# AllowedOverride All
 Allow from all
 AuthType Basic
 AuthName "Some long name"
 AuthUserFile /home/sites/www.domain.net/.htpasswd
 Require valid-user
</Directory>

Of course you need to restart apache since you change httpd.conf

Also make sure it's not a Selinux problem since you're running apache on Centos and your site's DocumentRoot is not under the default /var/www/html

kitek 02-28-2011 12:29 AM

Quote:

Originally Posted by bathory (Post 4273245)
You can try to remove .htaccess and put its contents in httpd.conf directly and see what happens:
Code:

<Directory /home/sites/www.domain.net/tech>
# AllowedOverride All
 Allow from all
 AuthType Basic
 AuthName "Some long name"
 AuthUserFile /home/sites/www.domain.net/.htpasswd
 Require valid-user
</Directory>

Of course you need to restart apache since you change httpd.conf

Also make sure it's not a Selinux problem since you're running apache on Centos and your site's DocumentRoot is not under the default /var/www/html

Now that worked. Any Idea why I have to do it that way? I mean I won't be locking many area's however, just wondering what I might run into later. What about error pages? I guess I just do the same thing?

chrism01 02-28-2011 12:50 AM

Are you really using Centos 4.5; that's pretty old. 5.5 is out and 5.6 is (very) close. (RHEL 5.6 was out last yr)
I do know that putting htaccess directives inside the httpd.conf is recommended, as it's more secure than putting the .htaccess file in the target dir, where it's effectively publically avail, even if it is a 'hidden' file.

kitek 02-28-2011 12:54 AM

Quote:

Originally Posted by chrism01 (Post 4273527)
Are you really using Centos 4.5; that's pretty old. 5.5 is out and 5.6 is (very) close. (RHEL 5.6 was out last yr)
I do know that putting htaccess directives inside the httpd.conf is recommended, as it's more secure than putting the .htaccess file in the target dir, where it's effectively publically avail, even if it is a 'hidden' file.


My bad. It's Centos 5.2 Just checked the one I was talking about to make sure. My DNS servers are running the older ones. I got several linux servers. Yeah I agree about putting that info in the httpd.conf file. But the custom error pages are a problem too. I would like to get Apache to read the .htaccess files. I just can't understand why it isn't.

chrism01 02-28-2011 01:23 AM

Stick with those directives in httpd.conf, forget using a .htaccess file. Of course you'll still need the .htpasswd file :)
The ErrorDocument directive requires either a string or a URL relative to DocumentRoot (specified in httpd.conf) or a complete URL ie http://...
http://httpd.apache.org/docs/current...#errordocument

HTH

bathory 02-28-2011 05:08 AM

I agree with chrism01, that is better avoid .htaccess if possible. You can read more on this here
About the .htaccess problem, are you sure you have put .htaccess in the correct directory (/home/sites/www.domain.net/tech). Did you check the logs for errors?
Just for testing, you can edit httpd.conf, find the <Directory /> stanza and add/edit "AllowOverride All" to it and see if apache reads .htaccess files

Regarding the ErrorDocument, chrism01 is right. The path to the file you specify is relative to the DocumentRoot of the server

Regards


All times are GMT -5. The time now is 10:16 PM.