LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 02-27-2011, 10:43 AM   #1
kitek
Member
 
Registered: Apr 2005
Posts: 252

Rep: Reputation: 15
.htaccess and .htpasswd Not Working


I have created a sub directory on my box on a website for my company. It is a page that has links to my tools I want to use when I do service calls. Links that connect to my servers webmin etc. Of course I don't want them found by webcrawling bots. I have created a .htpasswd file using htpasswd -c /location/to/file/.htpasswd.

This file is located outside the web. Just under the public_html folder. Then I went to the sub directory I want to protect and added a text file named .htaccess. It contains:

/home/sites/www.domain.net/tech/

AuthType Basic
AuthName "Some long name"
AuthUserFile /home/sites/www.domain.net/.htpasswd
Require valid-user

ErrorDocument errornumber /home/sites/errorpages/403.html

I also opened the httpd.conf and changed AllowedOverride to All

The error document doesn't work either.

I then restarted the httpd service. I try to access the site and it lets me right in without asking for a password. It is apache 2xxx on Centos 4.5. Webmin under Apache confifirms all this.

What am I missing?
 
Old 02-27-2011, 02:17 PM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,897

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
Hi,

Looks like apache does not read the .htaccess. To see if that's the case, put some gibberish in .htaccess and see if you get a 500 error.
Alos, to make sure your directory (e.g. /home/sites/www.domain.net/tech/) will be protected by .htaccess, add in httpd.conf
Code:
<Directory /home/sites/www.domain.net/tech>
 AllowedOverride All
 Allow from all
</Directory>
Regards
 
Old 02-27-2011, 02:25 PM   #3
kitek
Member
 
Registered: Apr 2005
Posts: 252

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by bathory View Post
Hi,

Looks like apache does not read the .htaccess. To see if that's the case, put some gibberish in .htaccess and see if you get a 500 error.
Alos, to make sure your directory (e.g. /home/sites/www.domain.net/tech/) will be protected by .htaccess, add in httpd.conf
Code:
<Directory /home/sites/www.domain.net/tech>
 AllowedOverride All
 Allow from all
</Directory>
Regards
That seems to be the case. I did put garbage in it and nothing changed. So any idea's why it isn't reading the .htaccess file?
 
Old 02-27-2011, 02:47 PM   #4
kitek
Member
 
Registered: Apr 2005
Posts: 252

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by kitek View Post
That seems to be the case. I did put garbage in it and nothing changed. So any idea's why it isn't reading the .htaccess file?

btw I did add
<Directory /home/sites/www.domaint/public_html/tech
AllowOverride All
Allow from all
</Directory>

to the httpd.conf and still no changes.
 
Old 02-27-2011, 04:03 PM   #5
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,897

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
Doh, check if you have defined a AccessFileName other than .htaccess in httpd.conf
Code:
AccessFileName  .htaccess
 
Old 02-27-2011, 04:10 PM   #6
kitek
Member
 
Registered: Apr 2005
Posts: 252

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by bathory View Post
Doh, check if you have defined a AccessFileName other than .htaccess in httpd.conf
Code:
AccessFileName  .htaccess
looks good

this is whats there:

AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
 
Old 02-27-2011, 04:30 PM   #7
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,897

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
You can try to remove .htaccess and put its contents in httpd.conf directly and see what happens:
Code:
<Directory /home/sites/www.domain.net/tech>
# AllowedOverride All
 Allow from all
 AuthType Basic
 AuthName "Some long name"
 AuthUserFile /home/sites/www.domain.net/.htpasswd
 Require valid-user
</Directory>
Of course you need to restart apache since you change httpd.conf

Also make sure it's not a Selinux problem since you're running apache on Centos and your site's DocumentRoot is not under the default /var/www/html
 
Old 02-27-2011, 11:29 PM   #8
kitek
Member
 
Registered: Apr 2005
Posts: 252

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by bathory View Post
You can try to remove .htaccess and put its contents in httpd.conf directly and see what happens:
Code:
<Directory /home/sites/www.domain.net/tech>
# AllowedOverride All
 Allow from all
 AuthType Basic
 AuthName "Some long name"
 AuthUserFile /home/sites/www.domain.net/.htpasswd
 Require valid-user
</Directory>
Of course you need to restart apache since you change httpd.conf

Also make sure it's not a Selinux problem since you're running apache on Centos and your site's DocumentRoot is not under the default /var/www/html
Now that worked. Any Idea why I have to do it that way? I mean I won't be locking many area's however, just wondering what I might run into later. What about error pages? I guess I just do the same thing?
 
Old 02-27-2011, 11:50 PM   #9
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,242

Rep: Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024
Are you really using Centos 4.5; that's pretty old. 5.5 is out and 5.6 is (very) close. (RHEL 5.6 was out last yr)
I do know that putting htaccess directives inside the httpd.conf is recommended, as it's more secure than putting the .htaccess file in the target dir, where it's effectively publically avail, even if it is a 'hidden' file.
 
Old 02-27-2011, 11:54 PM   #10
kitek
Member
 
Registered: Apr 2005
Posts: 252

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by chrism01 View Post
Are you really using Centos 4.5; that's pretty old. 5.5 is out and 5.6 is (very) close. (RHEL 5.6 was out last yr)
I do know that putting htaccess directives inside the httpd.conf is recommended, as it's more secure than putting the .htaccess file in the target dir, where it's effectively publically avail, even if it is a 'hidden' file.

My bad. It's Centos 5.2 Just checked the one I was talking about to make sure. My DNS servers are running the older ones. I got several linux servers. Yeah I agree about putting that info in the httpd.conf file. But the custom error pages are a problem too. I would like to get Apache to read the .htaccess files. I just can't understand why it isn't.
 
Old 02-28-2011, 12:23 AM   #11
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,242

Rep: Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024
Stick with those directives in httpd.conf, forget using a .htaccess file. Of course you'll still need the .htpasswd file
The ErrorDocument directive requires either a string or a URL relative to DocumentRoot (specified in httpd.conf) or a complete URL ie http://...
http://httpd.apache.org/docs/current...#errordocument

HTH
 
Old 02-28-2011, 04:08 AM   #12
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,897

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
I agree with chrism01, that is better avoid .htaccess if possible. You can read more on this here
About the .htaccess problem, are you sure you have put .htaccess in the correct directory (/home/sites/www.domain.net/tech). Did you check the logs for errors?
Just for testing, you can edit httpd.conf, find the <Directory /> stanza and add/edit "AllowOverride All" to it and see if apache reads .htaccess files

Regarding the ErrorDocument, chrism01 is right. The path to the file you specify is relative to the DocumentRoot of the server

Regards
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
.htaccess .htpasswd plisken Linux - General 5 05-21-2006 01:44 PM
.htaccess + .htpasswd not working nazs Linux - Security 1 05-17-2006 09:28 PM
.htaccess .htpasswd issue Robin01 Linux - Newbie 4 12-24-2003 03:36 PM
About .htaccess & .htpasswd edhan Linux - Newbie 3 10-17-2003 12:16 AM
Help with .htpasswd and .htaccess MikeeX Linux - General 3 03-25-2003 10:41 AM


All times are GMT -5. The time now is 05:21 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration