LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-04-2003, 11:53 AM   #1
tailine
Member
 
Registered: Jun 2002
Distribution: Slackware 9.0
Posts: 45

Rep: Reputation: 15
.htaccess


I have created a .htaccess file and placed it in the root of /var/www/htdocs/travels dir which is the directory I would like to protect, and I would like to disable dir listing. .htaccess file:

Options -Indexes
AuthUserFile /.htpasswd
AuthName "travel"
AuthType Basic
AuthUserFile /var/www/htdocs/travels
Require valid-user

After this I have also created a .htpasswd file in the root of my system with the user name of travels using the command = htpasswd -c /.htpasswd travels

It does not seem to work, do I need to update anything in my httpd.config file in order for apache to pick up .htaccess? or how can I get this going?
p.s. i am using slackware 9
thanks
 
Old 06-04-2003, 01:29 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
The command you have used:
command = htpasswd -c /.htpasswd travelsWould be put in the / dir not in /var/www/htdocs/travels
 
Old 06-04-2003, 02:39 PM   #3
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 235Reputation: 235Reputation: 235
Quote:
Originally posted by david_ross
The command you have used:
command = htpasswd -c /.htpasswd travelsWould be put in the / dir not in /var/www/htdocs/travels
So to clarify, what David is saying is.. type the full path to .htaccess.. and you don't need two AuthUserFile's

Example:

Options -Indexes
AuthUserFile /var/www/htdocs/travels/.htaccess
AuthName "travel"
AuthType Basic
Require valid-user

Last edited by trickykid; 06-04-2003 at 02:42 PM.
 
Old 06-05-2003, 05:14 AM   #4
tailine
Member
 
Registered: Jun 2002
Distribution: Slackware 9.0
Posts: 45

Original Poster
Rep: Reputation: 15
After reading some documentation on .htaccess it was stated that the .htpasswd file should be created in a directory outside the /var/www/htdocs and the .htaccess file should point to the location of the .htpasswd due to security reasons, that is why I have created the .htpasswd on the / of the system.
Is this not the case should both .htaccess and .htpasswd files be in the dir that I am protecting?
 
Old 06-05-2003, 05:59 AM   #5
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
To clarify:
file /var/www/htdocs/travels/.htaccess
Code:
Options -Indexes
AuthUserFile /.htpasswd
AuthName "travel"
AuthType Basic
AuthUserFile /var/www/auth/.htpasswd
Require valid-user
file /var/www/auth/.htpasswd
Code:
username:crypted-passwd
I usually create a directory called users or auth and put it outside the DocumentRoot. You will need this directory and both .ht files readable by the web server.
 
Old 06-05-2003, 06:03 AM   #6
tailine
Member
 
Registered: Jun 2002
Distribution: Slackware 9.0
Posts: 45

Original Poster
Rep: Reputation: 15
Thanks ill give that a go
 
Old 06-05-2003, 09:51 AM   #7
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 235Reputation: 235Reputation: 235
I'm still not understanding why your specifying the .htaccess file with two locations for AuthUserFile ?? You should only really need one pointing to the actual location of the .htpasswd file.
 
Old 06-05-2003, 11:07 AM   #8
tailine
Member
 
Registered: Jun 2002
Distribution: Slackware 9.0
Posts: 45

Original Poster
Rep: Reputation: 15
Sorry that was my mistake, i think all the is left is to restart my apache server but when running the command kill -HUP (pid number of httpd) i am not completely sure this is restarting thou as i am getting no change and the pid number is always the same when i check. After reading through the documentation of restarting the server it states the following command
kill -HUP /usr/local/apache/logs/httpd.pid
there is no such location on my machine or no such file.
How can i restart it and know that it has restarted?
 
Old 06-05-2003, 11:34 AM   #9
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 235Reputation: 235Reputation: 235
Quote:
Originally posted by tailine
How can i restart it and know that it has restarted?
apachectl restart

But if you already have the .htaccess directive in the httpd.conf file, there is no need to restart it. Only if you make direct changes to the file itself. If you already had it setup, then the .htaccess and .htpasswd is already in affect when you set those up.
 
Old 06-05-2003, 11:39 AM   #10
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
Sorry I meant to take the first one out - I forgot when I copied and pasted.
 
Old 06-05-2003, 11:44 AM   #11
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 235Reputation: 235Reputation: 235
Quote:
Originally posted by david_ross
Sorry I meant to take the first one out - I forgot when I copied and pasted.
There are no excuses for your actions.. you must be assimilated... or something like that..

I'm sorry.. in a good mood.. its raining.. I love the rain..
 
Old 06-05-2003, 12:54 PM   #12
tailine
Member
 
Registered: Jun 2002
Distribution: Slackware 9.0
Posts: 45

Original Poster
Rep: Reputation: 15
This i still not working, i am trying to check the directive in the httpd.conf but i am not sure what i am looking for.
What command do i need to set?
 
Old 06-05-2003, 01:03 PM   #13
tailine
Member
 
Registered: Jun 2002
Distribution: Slackware 9.0
Posts: 45

Original Poster
Rep: Reputation: 15
The following commands are set up in my httpd.conf file

AccessFileName .htaccess
 
Old 06-05-2003, 01:08 PM   #14
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 235Reputation: 235Reputation: 235
Make sure you have these in your httpd.conf file:

Code:
# This to look for filename to access control information

AccessFileName .htaccess

# This to prevent the .htpassword and .htaccess files from being able to be viewed.

<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</Files>


# And also something like this placed in your <Directory> directive tags, etc:

    AllowOverride AuthConfig Limit
 
Old 06-05-2003, 01:09 PM   #15
tailine
Member
 
Registered: Jun 2002
Distribution: Slackware 9.0
Posts: 45

Original Poster
Rep: Reputation: 15
Here is the total directive set in httpd.conf
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>

<Directory "/var/www/htdocs">

AllowOverride None

Order allow,deny
Allow from all
</Directory>

<IfModule mod_userdir.c>
UserDir public_html
</IfModule>

IncludesNoExec

<IfModule mod_dir.c>
DirectoryIndex index.html
</IfModule>

AccessFileName .htaccess

<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
.htaccess Help GUIPenguin Linux - Security 6 02-22-2005 03:25 PM
.htaccess luca2005 Linux - Software 2 01-01-2005 08:38 PM
.htaccess kidestranged Linux - General 1 01-26-2004 11:18 AM
Htaccess DoobyWho Linux - General 4 04-28-2003 02:01 PM
.htaccess bretthoward Linux - Security 5 04-02-2001 04:33 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 12:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration