Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Can you paste full "httpd.conf" file? What happen if you made a some mistake in this .htaccess file, for example enter at beginning random characters. Server report error or display your index.html without errors?
I get the index.html page without any errors. It's like there's nothing happening.
I'm not so sure that you want me to post the entire httpd.conf file... it's rather large. Is there a portion of it that would be useful to see? The only changes I've made are to that particular 'AllowOverride all' line as well as changing my server name.
So, .htaccess is not readed at all. Check permissions, if user or group on which webserver is running has read access to it. Check all "AllowOverride" entries, maybe there are more specific which has "None" option set. Look also into files in "Include" directives if you have any.
well, I think I figured it out. You were correct about the httpd.conf file. There were two entries for <Directory>. The first was for the root directory and the sequential ones were for directories within the /var/www/html. So I added an entry:
Adding this below the other directories (I would assume) would load that command last and therefore would not be overridden by those other entries.
BTW, I changed the root directory back to AllowOverride None : ) ...that's the one that I had change originally.
In general, you should only use .htaccess files when you don't have access to the main server configuration file. There is, for example, a common misconception that user authentication should always be done in .htaccess files, and, in more recent years, another misconception that mod_rewrite directives must go in .htaccess files. This is simply not the case. You can put user authentication configurations in the main server configuration, and this is, in fact, the preferred way to do things. Likewise, mod_rewrite directives work better, in many respects, in the main server configuration.
I went ahead and tested this out with another directory that I created and it worked great. However, the authentication window said that the password is not being sent encrypted. out of curiosity, will the password be in plain text for sniffing programs to see?
I guess the only way to remedy that is to make the site secure and put the protected directory behind it. Is there a way to make the password inputs more secure?
Yes, in basic authentication passwords are sent in plain text and easily readable by sniffing. Some more secure method is a digest authentication Credentials data is somehow mangled and even readed by sniffer is probably not possible to guess password, but this method is not safe againts man in the middle attacks, as browser cannot authenticate server. Also any method of authentication you choose does not crypt data you transfer between browser and server. You need to use ssl certificates to crypt communication.