Problem with htaccess?

Jake_B · 01-20-2006, 11:46 PM

I would like to use basic authentication to prevent people from accessing certain directories. I've used this:

Code:

AuthUserFile /var/www/.htpasswd
AuthGroupFile /dev/null
AuthName "Auth Required"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

But, it has no effect, not so much as a log-in pop-up. Why?

Also, in httpd.conf, AllowOverride is set to "All".

Htaccess is chmod 644, this is a dir listing:

Code:

[root@localhost akair]# ls -Al
total 12
-rw-r--r--    1 akair akair      142 Jan 20 18:52 .htaccess
drwxr-xr-x    2 akair akair      4096 Jan 20 00:12 images
-rw-r--r--    1 akair akair      3635 Jan 20 00:12 working.php

There must be something in httpd.conf I'm missing???

Jake_B · 01-21-2006, 02:07 PM

Anything, anyone?

gilead · 01-21-2006, 02:36 PM

I'm assuming you're using the Apache 2.0.x series...

There's a tutorial on htaccess stuff at http://httpd.apache.org/docs/2.0/howto/htaccess.html which may be helpful. They recommend not using htaccess files unless you have to.

If you have access to edit the Apache httpd.conf file, have a look at http://httpd.apache.org/docs/2.0/howto/auth.html.

Jake_B · 01-21-2006, 02:48 PM

Quote:

Originally Posted by gilead

I'm assuming you're using the Apache 2.0.x series...

There's a tutorial on htaccess stuff at http://httpd.apache.org/docs/2.0/howto/htaccess.html which may be helpful. They recommend not using htaccess files unless you have to.

If you have access to edit the Apache httpd.conf file, have a look at http://httpd.apache.org/docs/2.0/howto/auth.html.

Yes, Apache 2.0.

Sorry, I've already read several tutorials on the issue, both at Apache.org and elsewhere. That's why I'm asking for advice here:

Httpd.conf seems to be properly configured (if you think otherwise, do you have a suggestion?) with AllowOverride iset to "All", and the .htaccess file seems to be properly formed with all the right directives (if you think otherwise, do you have a suggestion?). That's why I'm asking here, I've already read the tutorials...

Thanks...

gilead · 01-21-2006, 03:04 PM

I don't use htaccess files, I set up access from httpd.conf. The following works fine on my setup:

Code:

<Directory "/some/dir/webpics">
    Options Indexes FollowSymLinks
    IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort NameWidth=*
    AllowOverride None
    Order allow,deny
    Allow from all
    AuthType Basic
    AuthName "Restricted Files"
    AuthUserFile /usr/local/apache2/passwd/passwords
    Require user webpics
</Directory>

I created the passwd file with:

Code:

/usr/local/apache2/bin/htpasswd -c /usr/local/apache2/passwd/passwords webpics

Jake_B · 01-21-2006, 03:48 PM

Quote:

Originally Posted by gilead

I don't use htaccess files, I set up access from httpd.conf.

Hmmm... That's an idea. Now this question:

Looks like about the same directives I would put in the .htaccess file (which would make sense, but of course I'll read the docs...), so doing it your way, that is moving everything into the httpd.conf file, this eliminates the need for any .htaccess file?

gilead · 01-21-2006, 03:53 PM

Yep - I put the Directory section in the previous post in one of my virtual hosts and I don't have htaccess files anywhere. The 'AllowOverride None' directive stops any directives in .htaccess files from being used anyway.