LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
LinkBack Search this Thread
Old 02-06-2005, 02:30 PM   #1
jordanthompson
Member
 
Registered: Oct 2004
Posts: 115

Rep: Reputation: 15
Exclamation apache .htaccess and htpasswd - can't lock directory


Hi there,
I am having trouble locking out a directory on my server (requiring username/password access)

I ran htpasswd -c .htpasswd username
and entered username's password

for now I have put .htpassword in the same directory I am trying to protect.

here are the access rights:
-rw-r--r-- 1 apache apache 79 Feb 5 23:32 .htaccess
-r--r--r-- 1 apache apache 23 Feb 5 23:30 .htpasswd
-rw-r--r-- 1 jordan thompsons 115 Feb 4 00:15 index.html

Here are the contents of .htaccess:
AuthName "Test"
AuthType Basic
AuthUserFile ".htpasswd"
require valid-user

Here are the contents of .htpasswd:
username:RnCYlrJTT7hwU

When I web to the directory, I get immediate access (no prompt for username/password.)

Any suggestions?

thanks for your help,
Jordan
 
Old 02-07-2005, 12:29 PM   #2
jordanthompson
Member
 
Registered: Oct 2004
Posts: 115

Original Poster
Rep: Reputation: 15
Any suggestions?
 
Old 02-07-2005, 12:55 PM   #3
Artanicus
Member
 
Registered: Jan 2005
Location: Finland
Distribution: Ubuntu, Debian, Gentoo, Slackware
Posts: 827

Rep: Reputation: 31
Well, for starters, is htaccess behaviour turned on in your apache? Uusally it is tho by default..

Heres one of my .htaccess:
Code:
AuthUserFile /absolute/www/root/path/.htpasswd
AuthGroupFile /dev/null
AuthName "Example auth"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>
This works fine with me, so the prob could be one or several of:
- you need to specify a group file
- you have to have a Limit section, especially the requiŕe valid user sounds pretty valuable.. (;
- And the full path might be required, Im not sure.. But hey, this one of mine works as it should..

Hope this helps in debugging
 
Old 02-07-2005, 02:59 PM   #4
KimVette
Senior Member
 
Registered: Dec 2004
Location: Lee, NH
Distribution: OpenSUSE, CentOS, RHEL
Posts: 1,794

Rep: Reputation: 46
You should make sure that your host/virtual host is configured to first deny, then allow.

Here is a sample (edited) .htaccess file I am using on one of my test machines:

Code:
Linux:/srv/www/htdocs/ # cat .htaccess

AuthType Basic
AuthName "Test_Login"
AuthUserFile /srv/www/AccessControl/passwords #This contains the name:password pairs

Deny from all #Note we are instructing Apache to deny everyone access

Allow from 192.168.1.0/255.255.255.0 #Now we are allowing only from specific IP ranges (e.g., if you want to allow only a certain company to access, or configure for an intranet, etc.) - you can omit IP restriction if you want

Require user foo  #You could require a user, list of users, or a group, etc.

Satisfy Any #Valid choices are "Any" or "All" which is equivalent to OR or AND logical operators, respectively.
 
Old 02-07-2005, 03:02 PM   #5
KimVette
Senior Member
 
Registered: Dec 2004
Location: Lee, NH
Distribution: OpenSUSE, CentOS, RHEL
Posts: 1,794

Rep: Reputation: 46
Now, why the HE-doublehockeysticks does this board apply emoticons to text between [ c0de] tags?!
 
Old 02-07-2005, 03:04 PM   #6
Artanicus
Member
 
Registered: Jan 2005
Location: Finland
Distribution: Ubuntu, Debian, Gentoo, Slackware
Posts: 827

Rep: Reputation: 31
Quote:
Originally posted by KimVette
Now, why the HE-doublehockeysticks does this board apply emoticons to text between [ c0de] tags?!
Indeed a fact I have wondered countless times.. d:
 
Old 02-07-2005, 03:26 PM   #7
KimVette
Senior Member
 
Registered: Dec 2004
Location: Lee, NH
Distribution: OpenSUSE, CentOS, RHEL
Posts: 1,794

Rep: Reputation: 46
Quote:
Originally posted by KimVette
You should make sure that your host/virtual host is configured to first deny, then allow.

Here is a sample (edited) .htaccess file I am using on one of my test machines:

Code:
Linux:/srv/www/htdocs/ # cat .htaccess

AuthType Basic
AuthName "Test_Login"
AuthUserFile /srv/www/AccessControl/passwords #This contains the name:password pairs

Deny from all #Note we are instructing Apache to deny everyone access

Allow from 192.168.1.0/255.255.255.0 #Now we are allowing only from specific IP ranges (e.g., if you want to allow only a certain company to access, or configure for an intranet, etc.) - you can omit IP restriction if you want

Require user foo  #You could require a user, list of users, or a group, etc.

Satisfy Any #Valid choices are "Any" or "All" which is equivalent to OR or AND logical operators, respectively.
Disabling smilies, leaving the original so mods and admins can see the problem with the board software. emoticon substitution code should ignore anything in the [c0de] section.
 
Old 02-07-2005, 05:52 PM   #8
jordanthompson
Member
 
Registered: Oct 2004
Posts: 115

Original Poster
Rep: Reputation: 15
Thanks for all of your help, but none of his is working...
Does it matter that the index.html file in the directory is redirectiing to a cgi?

<html>
<META HTTP-EQUIV="Refresh"
CONTENT="0; URL=http://www.mydomain.com/cgi-bin/movies.pl?action=">
</html>

When I web over to it, it just does the redirect and bataboom I am running the cgi.

Any suggestions?
 
Old 02-07-2005, 05:59 PM   #9
jordanthompson
Member
 
Registered: Oct 2004
Posts: 115

Original Poster
Rep: Reputation: 15
I think that there is something missing from my apache setup. Where is the setup file for apache and what should I be looking for?
thanks for your help.
 
Old 02-07-2005, 11:12 PM   #10
Artanicus
Member
 
Registered: Jan 2005
Location: Finland
Distribution: Ubuntu, Debian, Gentoo, Slackware
Posts: 827

Rep: Reputation: 31
imho the redirect shouldnt be a problem..

the config is usually located at /etc/apache/httpd.conf but it varies by distribution.. just do a 'locate httpd.conf'

Here are a few settings there considering .htaccess:
Code:
AccessFileName .htaccess
Code:
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</Files>
And inside the main www root Directory settings tags:
Code:
    AllowOverride All # or something not as drastic, but this atleast works.. (:

Last edited by Artanicus; 02-07-2005 at 11:13 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
.htaccess .htpasswd plisken Linux - General 5 05-21-2006 01:44 PM
htaccess -- Apache can't find account exactly in htpasswd -- please help b:z Linux - Networking 7 05-16-2005 05:47 AM
.htaccess .htpasswd issue Robin01 Linux - Newbie 4 12-24-2003 03:36 PM
About .htaccess & .htpasswd edhan Linux - Newbie 3 10-17-2003 12:16 AM
Help with .htpasswd and .htaccess MikeeX Linux - General 3 03-25-2003 10:41 AM


All times are GMT -5. The time now is 07:38 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration