Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a folder on my server i want to protect with http authentication but i have problem.
i created a password
htpasswd -c .htpasswd razzera
then i created a .htaccess file in the folder and added
AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile /.htpasswd
Require user razzera
but when i go tho the folder it wont request any login details. why ??
Like suggested make sure to create the .htpasswd file in the right folder.
Another thing to check on is if the config of the apache allows usage of .htpasswd files.
Check your config for a line like
Code:
AllowOverride
If it reads like
Code:
AllowOverride None
.htpasswd files are not used.
Change it to
Code:
AllowOverride Auth
(from mind check out apache.org page for correctness)
Like suggested make sure to create the .htpasswd file in the right folder.
Another thing to check on is if the config of the apache allows usage of .htpasswd files.
Check your config for a line like
Code:
AllowOverride
If it reads like
Code:
AllowOverride None
.htpasswd files are not used.
Change it to
Code:
AllowOverride Auth
(from mind check out apache.org page for correctness)
Must the .htpasswd be in the folder i want to protect? cant it be in another place on the server ??
EDIT:
I changed it in the httpd.conf for apache so it's "AllowOverride Auth" now.
I now moved the .htpasswd to /etc/apache2/.htpasswd and my .htaccess looks like this
Quote:
AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile /etc/apache2/.htpasswd
Require user razzera
still when i go to the folder i get no login details :/
Sorry I mixed up .htaccess and .htpasswd.
The .htpasswd file which contains the user and passwords can be anywhere. (Just make sure the user under which apache is running can access it).
The .htaccess file needs to go into the directory you want to protect.
Did you restart the apache after changing the config file?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
