LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 03-31-2009, 09:32 AM   #1
ThickGit
LQ Newbie
 
Registered: Oct 2008
Posts: 13

Rep: Reputation: 0
htaccess and userdir problem


Hi People.

I originally started this way back in October last year in http://www.linuxquestions.org/questi...umber.-678759/

I never did get to solve the problem but worked around it with a reasonably acceptable method. Now this has become a problem for another reason.

I will recap briefly:

On a server running virtual hosts and Apache 2.2

I found out that it is possible to get around the .htaccess file by using the IP number and user name like this "http://123.123.123.123/~username/protected_directory". .htaccess is simply ignored.

Using the domain name "www.domain.co.uk/protected_directory" is ok and htaccess performs normally.


I discovered that by changing the hppd.conf line "UserDir disable" to "UserDir public_html" prevented accessing the protected directories by IP/~username/protected_directory. I guess this is not really surprising. Of course, this has the byproduct of preventing valid access using the IP too. This has now become a problem and I need to solve it.

So, the question remains, "why does .htaccess not work when using "IP/~username/protected_directory" ?

Any clues where I can start looking would be most welcome.
 
Old 03-31-2009, 01:53 PM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,883

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
What happens if you visit htp://www.domain.co.uk/~username/protected_directory
Could you post the contents of .htaccess?
Try to use
Code:
NameVirtualHost *:80
and replace "<VirtualHost 123.123.123.123:80>" with "<VirtualHost *:80>
 
Old 04-01-2009, 09:38 AM   #3
ThickGit
LQ Newbie
 
Registered: Oct 2008
Posts: 13

Original Poster
Rep: Reputation: 0
Hmmm !

Bathory, many thanks for your reply.

If I visit visit htp://www.domain.co.uk/~username/protected_directory I get a 404 unavailable error.

I found "NameVirtualHost" in several places in the hppd.conf file as follows:

Code:
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash.  This fixes a 
# problem with Microsoft WebFolders which does not appropriately handle 
# redirects for folders with DAV methods.
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
NameVirtualHost 123.123.123.123:80
and

Code:
#
# Use name-based virtual hosting.
#
NameVirtualHost *:80
#
# NOTE: NameVirtualHost cannot be used without a port specifier 
# (e.g. :80) if mod_ssl is being used, due to the nature of the
# SSL protocol.
#


Also in the VH section as here

Code:
<VirtualHost 123.123.123.123:80>
ServerName domain.co.uk
ServerAlias www.domain.co.uk
DocumentRoot /home/domaing/public_html
ErrorLog /home/domain/logs/error_log
CustomLog /home/domain/logs/access_log combined
ScriptAlias /cgi-bin/ /home/domain/cgi-bin/
<Directory /home/domain/public_html>
Options Indexes IncludesNOEXEC FollowSymLinks
allow from all
AllowOverride All
</Directory>
<Directory /home/domain/cgi-bin>
allow from all
</Directory>
<Directory /home/domain/public_html/stats>
Options Indexes IncludesNOEXEC FollowSymLinks
allow from all
AllowOverride All
</Directory>
</VirtualHost>
If I change
Code:
<VirtualHost 123.123.123.123:80> 

to 


<VirtualHost *:80>
and visit the site I get a directory listing.


The .htaccess file contains this :
Code:
AuthName "domain.co.uk protected"
AuthType Basic
AuthUserFile /home/domain/.protected-htpasswd
require valid-user
<Files .htpasswd>
deny from all
</Files>

Again, many thanks for your help, I am at a total loss.
 
Old 04-01-2009, 11:28 AM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,883

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
Quote:
If I visit visit htp://www.domain.co.uk/~username/protected_directory I get a 404 unavailable error.
What's in error_log about that error.
What has the "username" above to do with the "domaing" in the DocumentRoot definition "DocumentRoot /home/domaing/public_html? You are using htp://www.domain.co.uk/~domaing/protected_directory to do your tests?
Unless it's a typo you need to change the DocumentRoot to "/home/domaing/public_html" to match the <Directory /home/domain/public_html>

About the rest:
Remove the line "NameVirtualHost 123.123.123.123:80" and change the vhost definition accordingly:
Code:
<VirtualHost *:80>
ServerName domain.co.uk
...
</VirtualHost>
 
Old 04-02-2009, 06:14 AM   #5
ThickGit
LQ Newbie
 
Registered: Oct 2008
Posts: 13

Original Poster
Rep: Reputation: 0
Thanks again Bathory.

I have to apologise because I made a mistake. If I visit visit htp://www.domain.co.uk/~username/protected_directory the .htaccess file works properly. I don't know how I made that mistake, I don't think I have done anything that could have affected that.

Another apology, the "domainG" is a typo.

I obviously had a bad day.


So here is the result for your suggestion in your post:

I deleted "NameVirtualHost 123.123.123.123:80" and changed the vhost line to "<VirtualHost *:80>"

This is the result :
"http://123.123.123.123/~username/protected_directory" the .htaccess is ignored
"http://www.domain/~username/protected_directory" the .htaccess is ignored
"http://www.domain/protected_directory" displays the protected directory for the servers default site.

Unsurprisingly all other VH on this server stop when this change is in place.


Should I point out that the domain name and the username are of course identical.

I am tearing my hair out (and I have very little) so thanks for your continued help and patience.
 
Old 04-02-2009, 06:24 AM   #6
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,225

Rep: Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021
Are you sure
Code:
AuthUserFile /home/domain/.protected-htpasswd
require valid-user
<Files .htpasswd>
is right. They don't match filenames; surely you only need AuthUserFile entry....?
Also, if this is in a user's public dir, maybe only that user needs access eg
Code:
require user <that_user>
 
Old 04-02-2009, 06:53 AM   #7
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,883

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
Now I'm also confused (I guess www.domain.co.uk is the same as www.domain). Could you please confirm the following:
http://www.domain.co.uk/~username/protected_directory works
http://123.123.123.123/~username/protected_directory not working
http://www.domain/protected_directory works?
http://123.123.123.123/protected_directory not working?
Quote:
Unsurprisingly all other VH on this server stop when this change is in place.
Since you've removed the extra "NameVirtualHost 123.123.123.123:80" you must change the other VHs starting tag accordingly (use <VirtualHost *:80>)
Now chrism01 gave me an idea. Move .protected-htpasswd somewhere outside of the homedir (e.g. /etc/.protected-htpasswd), change the "AuthUserFile ..." and see if it works.
 
Old 04-03-2009, 05:21 AM   #8
ThickGit
LQ Newbie
 
Registered: Oct 2008
Posts: 13

Original Poster
Rep: Reputation: 0
Thanks Chris and Bathory for your continued efforts. Working with a thick git like me must be frustrating.

The current state is as follows :

I have removed the line "NameVirtualHost 123.123.123.123:80"

And I have changed the VH entry like this
Code:
<VirtualHost *:80>
ServerName domain.co.uk
...
</VirtualHost>
After Chris's suggestion I have reduced all possibilities to the minimum by doing the following:

I have created a directory called "protected_directory"
In that directory I have "index.htm", .htaccess and .htpasswd

.htaccess contains
Code:
AuthUserFile /home/username/public_html/protected_directory/.htpasswd
AuthGroupFile /dev/null
AuthName "Protected Directory"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

# username is of course the same as domain
.htpasswd contains
Code:
user:a03cGgnLWcCzY
I have added the following to the VH section (just in case)
Code:
<Directory /home/username/public_html/protected_directory>
Options Indexes IncludesNOEXEC FollowSymLinks
allow from all
AllowOverride All
</Directory>

The results are :
http://www.domain.co.uk/protected_directory
404 error. No sign of entry in /etc/httpd/logs/error_log

http://123.123.123.123/~username/protected_directory/
.htaccess ignored

http://www.domain.co.uk/~username/protected_directory
.htaccess ignored

http://123.123.123.123/protected_directory/
404 error. No sign of entry in /etc/httpd/logs/error_log As there is no directory in the default called "protected_directory" this is expected ?


Again, I thank you for your patience.

Last edited by ThickGit; 04-07-2009 at 05:24 AM.
 
Old 04-03-2009, 06:03 AM   #9
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,883

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
If you have left the rest of the VH unchanged, the 404 error should be in /home/domain/logs/error_log
What is the output of
Code:
httpd -S
 
Old 04-03-2009, 06:52 AM   #10
ThickGit
LQ Newbie
 
Registered: Oct 2008
Posts: 13

Original Poster
Rep: Reputation: 0
The result of httpd -S is as follows :

Code:
[Fri Apr 03 12:14:46 2009] [warn] VirtualHost 123.123.123.123:80 overlaps with VirtualHost 123.123.123.123:80, the first has precedence, perhaps you need a NameVirtualHost directive

...

# Note that at this stage none of the other VH on this server have been changed to <VirtualHost *:80> which would explain this error

...

[Fri Apr 03 12:14:46 2009] [warn] VirtualHost 123.123.123.123:80 overlaps with VirtualHost 123.123.123.123:80, the first has precedence, perhaps you need a NameVirtualHost directive

VirtualHost configuration:
123.123.123.123:80     server-defailt-domain.co.uk (/etc/httpd/conf/httpd.conf:1004)
wildcard NameVirtualHosts and _default_ servers:
_default_:443          www.anotherdomain.com (/etc/httpd/conf.d/ssl.conf:81)
*:80                   is a NameVirtualHost
         default server domain.co.uk (/etc/httpd/conf/httpd.conf:1879)
         port 80 namevhost domain.co.uk (/etc/httpd/conf/httpd.conf:1879)
Syntax OK
Note:
In the above the last three lines "domain.co.uk" is the name of the VH I am using for testing.
"www.anotherdomain.com" refers to another VH which justy happens to be on this server.

Strangely, there is no error in /home/domain/logs/error_log either !

Last edited by ThickGit; 04-03-2009 at 06:56 AM.
 
Old 04-03-2009, 07:24 AM   #11
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,883

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
Here is a configuration that works at least for me:
1. In the part of httpd.conf defining UserDir:
Code:
UserDir public_html
...
<Directory /home/*/public_html>
    AllowOverride All
...
</Directory>
2. In the vhost definition:
Code:
<VirtualHost *:80>
        ServerName www.vhost.com
        DocumentRoot /home/username/public_html/vhost
<DIrectory /home/username/public_html/vhost>
AllowOverride All
</Directory>
...
</VirtualHost>
Tested with:
http://www.vhost.com/protected
http://xx.xx.xx.xx/~username/protected
http://servername/~username/protected


Of course you must use only one of "NameVirtualHost 123.123.123.123:80" or "NameVirtualHost *:80" and <VirtualHost 123.123.123.123:80> or <VirtualHost *:80> for apache to stop complaining about vhost overlapping.
I suggest you also to close completely your browser (not just the tab) when testing, because sometimes it keeps the password cached and does not ask again for authentication.
 
Old 04-07-2009, 07:01 AM   #12
ThickGit
LQ Newbie
 
Registered: Oct 2008
Posts: 13

Original Poster
Rep: Reputation: 0
Solved

Fianlly !

It seems to be sorted out.

As far as I can tell, it would seem that it is necessary to change ALL instances of "<VirtualHost 123.123.123.123:80>" to <VirtualHost *:80> in the VH section. Changing just one for the purpose of testing does not work. You probably knew that, but I'm thick.

That surprised me, but it does seem to be working as expected now.

I was at the stage of giving up so many thanks to you for your help.

Interestingly, the error logs are now working properly too.

I am one happy bunny

Last edited by ThickGit; 04-07-2009 at 07:07 AM.
 
  


Reply

Tags
based, htaccess, name


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache DocumentRoot UserDir problem rnturn Linux - Software 6 09-10-2007 08:30 PM
mod_speling Apache 2.2 in userdir problem avallach Linux - Networking 0 01-29-2007 03:58 AM
Apache UserDir Problem sbb Linux - Software 13 04-10-2006 06:29 PM
apache UserDir public_html problem aeshley Linux - Newbie 4 11-29-2004 01:58 AM
apache UserDir public_html problem aeshley Linux - Networking 4 01-17-2002 03:43 PM


All times are GMT -5. The time now is 02:28 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration