LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 03-12-2002, 11:49 AM   #1
Syncrm
Member
 
Registered: Aug 2001
Location: Lansing, Michigan
Distribution: slackware8+
Posts: 472

Rep: Reputation: 30
protect directories in apache


i've been trying to some time to do this, but either i'm missing something... or something's just plain broken. :-) i'm trying to protect directories in apache, i've read the how-tos and several tutorials, but haven't been able to get it working.

my .htaccess file in the dir i want to protect looks like this:


AuthUserFile /usr/local/apache/auth/users
AuthGroupFile /dev/null
AuthName "password dir"
AuthType Basic

<Limit GET POST>
order deny,allow
deny from all
require valid-user
</Limit>


my access.conf file looks like:


<files ~ "/\.ht">
order deny,allow
deny from all
</files>

<Directory /mp3sync>
AllowOverride AuthConfig
</Directory>


yet i'm still never prompted for a passwd when accessing that dir via the web. so what am i missing?? i've been pulling my hair out for awhile.
 
Old 03-12-2002, 04:20 PM   #2
kill-hup
Member
 
Registered: Aug 2000
Location: NY - USA
Distribution: Slackware
Posts: 109

Rep: Reputation: 15
It's probably in your Apache config. You need to allow AuthConfig and Limit on the directories in question.

Code:
<Directory /foo/bar>
...
AllowOverride AuthConfig Limit
...
</Directory>
Otherwise, Apache doesn't even bother looking to .htaccess files.

You might also want to check the value of "AccessFileName" to make sure is specifies ".htaccess".
 
Old 03-12-2002, 04:21 PM   #3
kill-hup
Member
 
Registered: Aug 2000
Location: NY - USA
Distribution: Slackware
Posts: 109

Rep: Reputation: 15
..of course my example was more of a minimum. You could always "AllowOverride All"
 
Old 03-13-2002, 12:37 PM   #4
Syncrm
Member
 
Registered: Aug 2001
Location: Lansing, Michigan
Distribution: slackware8+
Posts: 472

Original Poster
Rep: Reputation: 30
i still can't get it to work... this is really driving me crazy, cause as far as i can tell i'm doing everything right. anyway, here's what i have in my httpd.conf file now:<BR><BR>

<Directory /mp3sync>
AllowOverride All
</Directory>


#ResourceConfig conf/srm.conf
#AccessConfig conf/access.conf


# AccessFileName: The name of the file to look for in each directory
# for access control information.
#
AccessFileName .htaccess


and my .htaccess file looks like:


AuthUserFile /usr/local/apache/auth/users
AuthGroupFile /dev/null
AuthName "w00t"
AuthType Basic

<Limit GET POST>
order deny,allow
deny from all
require valid-user
 
Old 03-13-2002, 12:39 PM   #5
Syncrm
Member
 
Registered: Aug 2001
Location: Lansing, Michigan
Distribution: slackware8+
Posts: 472

Original Poster
Rep: Reputation: 30
ok, how come this forum doesn't allow multiple line breaks anymore?
 
Old 03-14-2002, 08:36 AM   #6
kill-hup
Member
 
Registered: Aug 2000
Location: NY - USA
Distribution: Slackware
Posts: 109

Rep: Reputation: 15
Quote:
Originally posted by Syncrm
i still can't get it to work... this is really driving me crazy, cause as far as i can tell i'm doing everything right. anyway, here's what i have in my httpd.conf file now:<BR><BR>

<Directory /mp3sync>
AllowOverride All
</Directory>


Is the "mp3sync" directory path on the file system actually "/"? The "Directory" directive needs the exact filesystem path for the directory, not the path relative to DocumentRoot. I would assume it's something more like "/blah/blah/mp3sync", of course I could be wrong
 
Old 03-14-2002, 10:07 AM   #7
Syncrm
Member
 
Registered: Aug 2001
Location: Lansing, Michigan
Distribution: slackware8+
Posts: 472

Original Poster
Rep: Reputation: 30
you know what? you're right... i actually figured that out last night. :-)

so now i have another question... is it possible to protect the directory based on the client's IP?

the situation is that i have this directory that i use mostly from my internal network (IPs are 192.168.1.x) which i would like to be able to access from my internal clients without hastle. however, on the rare occassion that i do access it from anywhere else on the inet, i'd like to be prompted for a passwd. i know it's possible using PHP in the index.php file, however i'd like to protect the entire directory and not just the index file. is this possible?

i appreciate the help. :-)
 
Old 03-14-2002, 10:40 AM   #8
kill-hup
Member
 
Registered: Aug 2000
Location: NY - USA
Distribution: Slackware
Posts: 109

Rep: Reputation: 15
Sure - in the .htaccess:

Code:
<LIMIT ...>

order deny, allow
deny from all
allow from 192.168.1
[more "allow from"s, if needed]
AuthType Basic
AuthUserFile ...
AuthGroupFile ...(if needed)
AuthName Whatever
require valid-user
satisfy any
</LIMIT>
If the user's IP is in one of the "allow from" lines they won't need a passwd. If not, they get the prompt (the "satisfy any" line).
 
Old 03-14-2002, 10:43 AM   #9
Syncrm
Member
 
Registered: Aug 2001
Location: Lansing, Michigan
Distribution: slackware8+
Posts: 472

Original Poster
Rep: Reputation: 30
i'll give that a try when i get home (blah... at work). you're the man. :-)
 
Old 03-19-2002, 12:52 PM   #10
DavidPhillips
LQ Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163

Rep: Reputation: 58
Here is one that asks for a password on https:// and will not ask for a password on http:// it will deny on http://

You should consider not sending your passwords over an unsecure connection.

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>


Alias /upload /var/www/html/upload
<Directory /var/www/html/upload>
SSLRequiressl
EnablePut On
AuthType Basic
AuthName UploadAccess
AuthUserFile /etc/httpd/conf/.htpasswd
EnableDelete Off
umask 007
#<Limit PUT>
require valid-user
#</Limit>
</Directory>

Last edited by DavidPhillips; 03-19-2002 at 12:54 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache 2.0, I want to list dir contents & password protect... Scrag Linux - Software 3 02-10-2005 12:38 PM
Is it possible to protect an old, unpached apache server? J_Szucs Linux - Security 3 12-18-2004 01:33 PM
how to password protect certain directories? sirpelidor Linux - Security 3 10-06-2004 01:16 PM
how do I poassword protect a directory on a website, Apache bentman78 Linux - Software 8 06-17-2004 12:12 PM
using apache to protect a directory Syncrm Linux - Networking 0 08-31-2001 05:54 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 09:46 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration