LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 12-11-2012, 03:23 PM   #1
usafitz
Member
 
Registered: Feb 2004
Location: Albuquerque
Distribution: Fedora 9
Posts: 46

Rep: Reputation: 15
.htaccess not working


hello everyone, and thank you for your help.

I am a novice at apache and am trying to protect my directories. I could use one of those management programs, but that wouldn't be any fun, right?

anyway, I opted to go with .htaccess and have been reading up on it. I created my .htaccess file, and then my password file using htpasswd.

AuthName "Please Input Credentials"
AuthUserFile /var/www/html/testaccess/passwordfile
AuthType Basic
require user user1

Then, I changed the httpd.conf file to read the following, then I restarted the service using 'service httpd restart'

<Directory />
Options FollowSymLinks
AllowOverride all
</Directory>

this is a fresh install of apache on Fedora 17. The default index.html file will pop up on the web browser with no authentication.

Any thoughts? Thanks again!

Last edited by usafitz; 12-11-2012 at 03:24 PM.
 
Old 12-11-2012, 04:47 PM   #2
eSelix
Senior Member
 
Registered: Oct 2009
Location: Wroclaw, Poland
Distribution: Kubuntu
Posts: 1,190

Rep: Reputation: 301Reputation: 301Reputation: 301Reputation: 301
Can you paste full "httpd.conf" file? What happen if you made a some mistake in this .htaccess file, for example enter at beginning random characters. Server report error or display your index.html without errors?
 
Old 12-11-2012, 05:44 PM   #3
usafitz
Member
 
Registered: Feb 2004
Location: Albuquerque
Distribution: Fedora 9
Posts: 46

Original Poster
Rep: Reputation: 15
I get the index.html page without any errors. It's like there's nothing happening.

I'm not so sure that you want me to post the entire httpd.conf file... it's rather large. Is there a portion of it that would be useful to see? The only changes I've made are to that particular 'AllowOverride all' line as well as changing my server name.

thank you for the help.
 
Old 12-11-2012, 05:54 PM   #4
eSelix
Senior Member
 
Registered: Oct 2009
Location: Wroclaw, Poland
Distribution: Kubuntu
Posts: 1,190

Rep: Reputation: 301Reputation: 301Reputation: 301Reputation: 301
So, .htaccess is not readed at all. Check permissions, if user or group on which webserver is running has read access to it. Check all "AllowOverride" entries, maybe there are more specific which has "None" option set. Look also into files in "Include" directives if you have any.

Last edited by eSelix; 12-11-2012 at 06:06 PM.
 
Old 12-11-2012, 06:06 PM   #5
usafitz
Member
 
Registered: Feb 2004
Location: Albuquerque
Distribution: Fedora 9
Posts: 46

Original Poster
Rep: Reputation: 15
well, I think I figured it out. You were correct about the httpd.conf file. There were two entries for <Directory>. The first was for the root directory and the sequential ones were for directories within the /var/www/html. So I added an entry:

<Directory "/var/www/html/testaccess">
AllowOverride All
</Directory>

Adding this below the other directories (I would assume) would load that command last and therefore would not be overridden by those other entries.

BTW, I changed the root directory back to AllowOverride None : ) ...that's the one that I had change originally.

Thank you for the help!
 
Old 12-12-2012, 12:37 AM   #6
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,225

Rep: Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021
FYI use the httpd.conf file instead of htaccess
Quote:
In general, you should only use .htaccess files when you don't have access to the main server configuration file. There is, for example, a common misconception that user authentication should always be done in .htaccess files, and, in more recent years, another misconception that mod_rewrite directives must go in .htaccess files. This is simply not the case. You can put user authentication configurations in the main server configuration, and this is, in fact, the preferred way to do things. Likewise, mod_rewrite directives work better, in many respects, in the main server configuration.
https://httpd.apache.org/docs/curren.../htaccess.html
 
Old 12-12-2012, 06:07 AM   #7
usafitz
Member
 
Registered: Feb 2004
Location: Albuquerque
Distribution: Fedora 9
Posts: 46

Original Poster
Rep: Reputation: 15
I went ahead and tested this out with another directory that I created and it worked great. However, the authentication window said that the password is not being sent encrypted. out of curiosity, will the password be in plain text for sniffing programs to see?

I guess the only way to remedy that is to make the site secure and put the protected directory behind it. Is there a way to make the password inputs more secure?
 
Old 12-12-2012, 02:13 PM   #8
eSelix
Senior Member
 
Registered: Oct 2009
Location: Wroclaw, Poland
Distribution: Kubuntu
Posts: 1,190

Rep: Reputation: 301Reputation: 301Reputation: 301Reputation: 301
Yes, in basic authentication passwords are sent in plain text and easily readable by sniffing. Some more secure method is a digest authentication Credentials data is somehow mangled and even readed by sniffer is probably not possible to guess password, but this method is not safe againts man in the middle attacks, as browser cannot authenticate server. Also any method of authentication you choose does not crypt data you transfer between browser and server. You need to use ssl certificates to crypt communication.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
.htaccess Not Working? emil2k Linux - Server 1 12-22-2007 01:04 AM
.htaccess + .htpasswd not working nazs Linux - Security 1 05-17-2006 09:28 PM
.htaccess NOT WORKING! SpiderIRE Linux - Software 2 10-04-2005 04:06 PM
.htaccess stops working adm1329 Linux - Networking 6 05-26-2004 12:56 PM
.htaccess was working, now it's not! WorldBuilder Linux - General 6 09-22-2003 02:08 PM


All times are GMT -5. The time now is 12:18 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration