LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 02-08-2013, 06:21 PM   #1
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,435

Rep: Reputation: 434Reputation: 434Reputation: 434Reputation: 434Reputation: 434
password protect web server


I have figure out how to p/w protect a subfolder on my web server with .htaccess, .htpasswd, and .htgroup. my problem is when i try to move them to the root of my domain i can not figure out what the

Code:
AuthName	"??????"
line should read in .htaccess

i tried index, i tried the name of my domain, and i tried the path of my domain on my web server. none of those options worked.

In the subdirectory i just call it the name of the directory but with a capital first letter and that worked great. how do i set it for the entire domain?

Thanks.
 
Old 02-09-2013, 02:58 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,883

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
Hi,

Please note that you can use whatever you want in AuthName. What you put there is used in the login pop-up box to inform user.
If authentication does not work when you move .htaccess under docroot, make sure that you have at least
Code:
AllowOverride AuthConfig
inside the <Directoy /path/to/docroot>...</Directory> stanza of your docroot directory

Regards
 
Old 02-09-2013, 07:32 AM   #3
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,435

Original Poster
Rep: Reputation: 434Reputation: 434Reputation: 434Reputation: 434Reputation: 434
thanks ill play around with that when i get home this afternoon.
 
Old 02-09-2013, 10:34 AM   #4
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,435

Original Poster
Rep: Reputation: 434Reputation: 434Reputation: 434Reputation: 434Reputation: 434
ok i must of screwed something up:

Quote:
Server error!

The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there was an error in a CGI script.

If you think this is a server error, please contact the webmaster.

Error 500

xxxxxxxx.com
Apache/2.2.3 (CentOS)

Code:
cat .htaccess 
AuthUserFile	/www/xxxxxxxxxx.com/docs/.htpasswd
AuthGroupFile	/dev/null
AuthName	"Home"
AuthType	        Basic
AllowOverride	AuthConfig
require		valid-user
 
Old 02-09-2013, 11:21 AM   #5
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,883

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
Quote:
cat .htaccess
AuthUserFile /www/xxxxxxxxxx.com/docs/.htpasswd
AuthGroupFile /dev/null
AuthName "Home"
AuthType Basic
AllowOverride AuthConfig
require valid-user
No. You are supposed to put "AllowOverride AuthConfig" inside the <Directory ...>...</Directory> for the DocumentRoot stanza.
Since you're running Centos, the default apache docroot is /var/www/html.
So open /etc/httpd/conf/httpd.conf, find the <Directory "/var/www/html"> and edit it accordingly to read:
Code:
<Directory "/var/www/html">
AllowOverride	AuthConfig
...
</Directory>
 
Old 02-09-2013, 04:35 PM   #6
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,435

Original Poster
Rep: Reputation: 434Reputation: 434Reputation: 434Reputation: 434Reputation: 434
oh oh oh, so this is in the httpd.conf file i am adding that line... that is clear. sorry and thank you.

just to be 100% clear in httpd.conf i should make it look something like the following:

Code:
<VirtualHost 11.11.11.11>
        ServerName              www.xxxxxx.com
        ServerAlias             xxxxxx.com
        DocumentRoot            /www/xxxxx.com/docs
        AllowOverride         AuthConfig
        ServerAdmin             webmaster@xxxxx.com
        ErrorLog                /www/xxxxx.com/error_log
        CustomLog               /weblogs/current/xxxxx.com combined
</VirtualHost>

Last edited by lleb; 02-09-2013 at 04:39 PM.
 
Old 02-09-2013, 05:31 PM   #7
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,225

Rep: Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021
You'll also find that recommended best practice is to put all the directives inside the <Dir.. /Dir..> tags section inside httpd.conf.
Works the same, BUT avoids the potential security hole of having the .htaccess file in the web docs dir.
See the Apache home site for details https://httpd.apache.org/docs/curren.../htaccess.html
 
1 members found this post helpful.
Old 02-10-2013, 02:50 AM   #8
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,883

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
Quote:
Originally Posted by lleb View Post
oh oh oh, so this is in the httpd.conf file i am adding that line... that is clear. sorry and thank you.

just to be 100% clear in httpd.conf i should make it look something like the following:

Code:
<VirtualHost 11.11.11.11>
        ServerName              www.xxxxxx.com
        ServerAlias             xxxxxx.com
        DocumentRoot            /www/xxxxx.com/docs
        AllowOverride         AuthConfig
        ServerAdmin             webmaster@xxxxx.com
        ErrorLog                /www/xxxxx.com/error_log
        CustomLog               /weblogs/current/xxxxx.com combined
</VirtualHost>
For the 3rd time no. You need to put the directive it inside a <Directory ...>..</Directory>, like this:
Code:
<VirtualHost 11.11.11.11>
        ServerName              www.xxxxxx.com
        ServerAlias             xxxxxx.com
        DocumentRoot            /www/xxxxx.com/docs
<Directory /www/xxxxx.com/docs>
        AllowOverride         AuthConfig
</Directory>
        ServerAdmin             webmaster@xxxxx.com
        ErrorLog                /www/xxxxx.com/error_log
        CustomLog               /weblogs/current/xxxxx.com combined
</VirtualHost>
 
1 members found this post helpful.
Old 02-10-2013, 01:09 PM   #9
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,435

Original Poster
Rep: Reputation: 434Reputation: 434Reputation: 434Reputation: 434Reputation: 434
oh got ya. sorry for being so dense about this.
 
Old 02-10-2013, 01:11 PM   #10
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,435

Original Poster
Rep: Reputation: 434Reputation: 434Reputation: 434Reputation: 434Reputation: 434
perfection. many thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Password protect a web folder on apache andy1974 Linux - Security 13 05-15-2009 01:28 AM
Password protect web folders dilemma rectospander Linux - Server 2 07-19-2007 02:28 AM
Password Protect Web Dir ALInux Linux - Security 9 08-11-2006 12:16 PM
How do I password protect ~/public_html on the web? brynjarh Linux - Security 2 03-29-2006 01:11 PM
How to password protect a web directory abdulber Linux - Software 1 01-27-2004 11:34 PM


All times are GMT -5. The time now is 04:32 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration