.htaccess driving me crazy! Help!
Hi all,
I recently started into the world of making my own websites. I am new to it, but enjoy it so far. On my site, there is an area which I would like to password protect, that is I want people to have to enter a username and password to enter. After some questions and some research, I figured that .htaccess was the way to go. I have apache running on an RH 8 box. Everything runs fine with apache, but I cannot get this .htaccess thing to work to save my life. I turn to you, the Gods of Linux! Here's what I have done: My DocumentRoot directory is /home/www. There is a subdirectopry called "jonathan". That is the site I want password protected. I created the .htaccess file inside the jonathan directory, and it looks like this: AuthUserFile /home/www/passwd/.htpasswd AuthGroupFile /dev/null AuthName You_need_a_Password AuthType Basic <Limit GET> require user doowadiddy </Limit> Then, I created my .htpasswd file in the /home/www/passwd directory by: /usr/local/apache2/bin/htpasswd -c /home/www/passwd/.htpasswd doowadiddy I then input what I wanted the password would be at the cute little prompt. Tried to go to the site, and it let me right in without prompting me for a password or username. Hmmmmmmmmm... I researched a bit farther. I then vi'ed the httpd.conf file and looked around in there for a while. AllowOverride is set to all and AccessFileName is set to .htaccess. Looks ok to me (in my limited knowledge)! Permissions are as follows: jonathan directory = rwxr-xr-x passwd directory = rwxr-xr-x .htaccess file = rwxrwxrwx .passwd file = rwxrwxrwx I am at a loss as to what's wrong. Any thought would be greatly appreciated! Thanks a million. Chris |
I'm using basic auth although it is fairly insecure.
if you add the following httpd.conf <Directory /home/www/jonathan/> AuthType Basic AuthName "jonathan" AuthUserFile /home/www/access/jonathan Require valid-user </Directory> then create the pass file "jonathan"in /home/www/access/ that should work unless i've left something out. I just did exactly what i was told by apache basic auth doc hope that helps |
Adding password protection to a web site.
1. Change to and/or specify directory to protect: Code: -------------------------------------------------------------------------------- vi /etc/httpd/conf/httpd.conf <Directory /home/www/jonathan/> AllowOverride All </Directory> -------------------------------------------------------------------------------- 2.) Create the directory you want to password protect (example: hb) Create a file home/www/jonathan/.htaccess in that director that looks something like this: Code: -------------------------------------------------------------------------------- vi /home/www/jonathan/.htaccess AuthName "Add your login message here." AuthType Basic AuthUserFile /var/www/html/hb/.htpasswd AuthGroupFile /dev/null require user name-of-user -------------------------------------------------------------------------------- In this case the "name-of-user" is the login name you wish to use for accessing the web site. 3.) Create the password file /home/www/jonathan/.htpasswd using the program htpasswd: Code: -------------------------------------------------------------------------------- htpasswd -c /home/www/jonathan/.htpasswd name-of-user service httpd restart -------------------------------------------------------------------------------- |
Thanks for the ideas so far, fellas, but this is still not working! This is really annoying! Here's part of my httpd.conf file:
# This should be changed to whatever you set DocumentRoot to. # <Directory "/home/www"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI Multiviews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs-2.0/mod/core.html#options # for more information. # Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride All # # Controls who can get stuff from this server. # Order allow,deny Allow from all </Directory> # # Disable autoindex for the root directory, and present a # default Welcome page if no other index page is present. # <LocationMatch "^/$> Options -Indexes ErrorDocument 403 /error/noindex.html </LocationMatch> # # UserDir: The name of the directory that is appended onto a user's home # directory if a ~user request is received. # # The path to the end user account 'public_html' directory must be # accessible to the webserver userid. This usually means that ~userid # must have permissions of 711, ~userid/public_html must have permissions # of 755, and documents contained therein must be world-readable. # Otherwise, the client will only receive a "403 Forbidden" message. # # See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden # <IfModule mod_userdir.c> # # UserDir is disabled by default since it can confirm the presence # of a username on the system (depending on home directory # permissions). # UserDir disable # # To enable requests to /~user/ to serve the user's public_html # directory, remove the "UserDir disable" line above, and uncomment # the following line instead: # #UserDir public_html </IfModule> # # Control access to UserDir directories. The following is an example # for a site where these directories are restricted to read-only. # #<Directory /home/*/public_html> # AllowOverride FileInfo AuthConfig Limit # Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec # <Limit GET POST OPTIONS> # Order allow,deny # Allow from all # </Limit> # <LimitExcept GET POST OPTIONS> # Order deny,allow # Deny from all # </LimitExcept> #</Directory> # # DirectoryIndex: sets the file that Apache will serve if a directory # is requested. # # The index.html.var file (a type-map) is used to deliver content- # negotiated documents. The MultiViews Option can be used for the # same purpose, but it is much slower. # DirectoryIndex index.html index.html.var # # AccessFileName: The name of the file to look for in each directory # for access control information. See also the AllowOverride directive. # AccessFileName .htaccess One thing I noticed... I do NOT have a "public_html" directory. Is that important? Thanks! Chris |
I have a Dir called /max2/www which houses all my subdirectories and users for the web.
in httpd.conf: <Directory /max2/www/> AllowOverride All Order allow,deny Allow from all AllowOverride AuthConfig </Directory> Make sure this is in there for your main directory not the directory of individual web page areas, but the root directory instead. |
the config file you posted does not have an auth section.
so it's not even going to try to work. you need a section setting up basic auth for your directory like bruce and i have mentioned. go through the doc and it will work. |
Quote:
# This should be changed to whatever you set DocumentRoot to. # <Directory "/home/www"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI Multiviews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs-2.0/mod/core.html#options # for more information. # Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride All # # Controls who can get stuff from this server. # Order allow,deny Allow from all </Directory> All the things you mention are within the <Directory> and </Directory>. Isn't that what you are talking about? The only thing missing is the AllowOverride AuthConfig which I added as one of my attempts. I'm sorry, I know this must be irritating (dealing with me, that is), but I simply don't understand what you are telling me. Further help, please? Thanks for your patience, guys! Chris PS. I am using Apache 2.0, by the way. |
I know what's wrong! You guys will kill me when you read my next post (provided I can get it working, which I think I can now!). I will post later.
Chris |
My post that is two above this is correct, as opposed to what I was being told by you guys. However, I was editing the WRONG FILE! I know, I'm a tool... I used to have apache 1.3 which was installed from RPM. Months ago, I uninstalled that RPM and installed apache 2 from source. That installs in a completely different directory structure, not to /etc like the RPM install does. I was editing the old /etc/httpd/conf/httpd.conf file when I should have been editing the /usr/local/apache2/conf/httpd.conf file! Oops! Thanks for all the infu though, guys. I appreciate it. It's working fine now, no worries.
Chris |
right on.
yeah i guess i forgot to ask what version of apache you were using. alls well that ends well. |
All times are GMT -5. The time now is 01:43 PM. |