apache .htaccess and htpasswd - can't lock directory
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
apache .htaccess and htpasswd - can't lock directory
Hi there,
I am having trouble locking out a directory on my server (requiring username/password access)
I ran htpasswd -c .htpasswd username
and entered username's password
for now I have put .htpassword in the same directory I am trying to protect.
here are the access rights:
-rw-r--r-- 1 apache apache 79 Feb 5 23:32 .htaccess
-r--r--r-- 1 apache apache 23 Feb 5 23:30 .htpasswd
-rw-r--r-- 1 jordan thompsons 115 Feb 4 00:15 index.html
Here are the contents of .htaccess:
AuthName "Test"
AuthType Basic
AuthUserFile ".htpasswd"
require valid-user
Here are the contents of .htpasswd:
username:RnCYlrJTT7hwU
When I web to the directory, I get immediate access (no prompt for username/password.)
This works fine with me, so the prob could be one or several of:
- you need to specify a group file
- you have to have a Limit section, especially the requiŕe valid user sounds pretty valuable.. (;
- And the full path might be required, Im not sure.. But hey, this one of mine works as it should..
You should make sure that your host/virtual host is configured to first deny, then allow.
Here is a sample (edited) .htaccess file I am using on one of my test machines:
Code:
Linux:/srv/www/htdocs/ # cat .htaccess
AuthType Basic
AuthName "Test_Login"
AuthUserFile /srv/www/AccessControl/passwords #This contains the name:password pairs
Deny from all #Note we are instructing Apache to deny everyone access
Allow from 192.168.1.0/255.255.255.0 #Now we are allowing only from specific IP ranges (e.g., if you want to allow only a certain company to access, or configure for an intranet, etc.) - you can omit IP restriction if you want
Require user foo #You could require a user, list of users, or a group, etc.
Satisfy Any #Valid choices are "Any" or "All" which is equivalent to OR or AND logical operators, respectively.
Originally posted by KimVette You should make sure that your host/virtual host is configured to first deny, then allow.
Here is a sample (edited) .htaccess file I am using on one of my test machines:
Code:
Linux:/srv/www/htdocs/ # cat .htaccess
AuthType Basic
AuthName "Test_Login"
AuthUserFile /srv/www/AccessControl/passwords #This contains the name:password pairs
Deny from all #Note we are instructing Apache to deny everyone access
Allow from 192.168.1.0/255.255.255.0 #Now we are allowing only from specific IP ranges (e.g., if you want to allow only a certain company to access, or configure for an intranet, etc.) - you can omit IP restriction if you want
Require user foo #You could require a user, list of users, or a group, etc.
Satisfy Any #Valid choices are "Any" or "All" which is equivalent to OR or AND logical operators, respectively.
Disabling smilies, leaving the original so mods and admins can see the problem with the board software. emoticon substitution code should ignore anything in the [c0de] section.
I think that there is something missing from my apache setup. Where is the setup file for apache and what should I be looking for?
thanks for your help.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.