LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-07-2002, 11:08 AM   #1
quincy56
LQ Newbie
 
Registered: Mar 2001
Location: Marlborough, MA
Distribution: RedHat 7.2
Posts: 13

Rep: Reputation: 0
Question .htaccess file has no effect?


I'm having a bit of a problem. I have set up a .htaccess file in a sub-directory under my web-root directory.

This is the contents of my .htaccess file:
AuthUserFile /var/www/html/usage/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic
require valid-user

My web root dir is /var/www/html

I have an .htaccess file in that directory as well to prevent directory listings. It works there for that, but the password one does not.

Any ideas?

John
 
Old 02-08-2002, 10:15 AM   #2
kill-hup
Member
 
Registered: Aug 2000
Location: NY - USA
Distribution: Slackware
Posts: 109

Rep: Reputation: 15
Sounds to me like you do not have permission to set the "LIMIT" access rights for that directory. You may need to check your apache config file and see if there is an "AllowOverride" for either the directory in question or one of its parents and what options you are allowed to "override" with htaccess.
 
Old 02-08-2002, 11:42 AM   #3
quincy56
LQ Newbie
 
Registered: Mar 2001
Location: Marlborough, MA
Distribution: RedHat 7.2
Posts: 13

Original Poster
Rep: Reputation: 0
I did have the following in my httpd.conf:

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>

I tried changing the None to All and also commenting out all the lines and the page did not ask for a password when I accessed it.

John
 
Old 02-08-2002, 12:03 PM   #4
kill-hup
Member
 
Registered: Aug 2000
Location: NY - USA
Distribution: Slackware
Posts: 109

Rep: Reputation: 15
Is there a "Directory" directive in your conf file that references either "/var/www/html" or maybe "/var/www"? The "AllowOverride" there (assuming there is one) is probably what's messing you up.
If you switch it to "ALL" (or at least LIMIT) and
restart apache, you should see the password prompt when you reload the page.

Note that it's the last "AllowOverride" in the directory tree that matters. If "/" is set to "ALL" and "/var/www" is set to "NONE", you get none in every subdir of "/var/www", unless of course there's another entry for "/var/www/html" (and so on).
 
Old 02-08-2002, 12:10 PM   #5
quincy56
LQ Newbie
 
Registered: Mar 2001
Location: Marlborough, MA
Distribution: RedHat 7.2
Posts: 13

Original Poster
Rep: Reputation: 0
Thanks, there was a second entry. When I changed that from None to All, it asked me for my password.

John
 
Old 02-09-2002, 03:38 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
Hmm. Also, shouldn't passwd files be outside the webroot?..
 
Old 02-09-2002, 10:44 AM   #7
quincy56
LQ Newbie
 
Registered: Mar 2001
Location: Marlborough, MA
Distribution: RedHat 7.2
Posts: 13

Original Poster
Rep: Reputation: 0
I did have the .htpasswd file in the directory I was trying to password protect.

John
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I specify a memory slice limit with a .htaccess file? abefroman Linux - Software 0 09-22-2005 07:38 PM
htaccess protected file not visible hamish Linux - Security 2 10-11-2004 03:23 AM
How do i fix this open_basedir restriction in effect. File is in wrong directory DropHit Linux - Software 2 02-26-2004 06:28 PM
.htaccess file tailine Linux - Networking 6 07-10-2002 09:22 AM
Apache & the .htaccess file robeb Linux - Software 1 05-15-2002 10:56 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration