Apache Server not asking for password Authentication
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
To test if apache reads .htaccess files, put some garbage in it and see if you get a 500 "Internal Server Error"
Hi,
Thanks a lot, it is done. apache was not accessing .htaccess file bcz i put the full path of .htaccess i.e. /var/www/html/.htaccess in httpd.conf.
now i just made it .htaccess in httpd.conf. now it is OK.
Thanks a lot, it is done. apache was not accessing .htaccess file bcz i put the full path of .htaccess i.e. /var/www/html/.htaccess in httpd.conf.
now i just made it .htaccess in httpd.conf. now it is OK.
thanks a lot again.
Nice to know that it is resolved.
You can mark the thread as Solved now.
i have CentOS 5 configured with apache web server. but it is not asking for password authentication while accessing the web page. the config detail is as below:-
Web Page location - /var/www/html .htaccess file location - /var/www/html
Contents of .htaccess file :-
AuthName "Password Protected"
AuthType Basic
AuthUserFile /etc/httpd/conf/.htpassword
require user chitranjan
Entry in /etc/httpd/conf/httpd.conf file:-
<Directory "/var/www/html">
AllowOverride AuthConfig
Order allow,deny
Allow from all
Posting a conflicting, and I feel incorrect, solution to an 8 year old thread is likely to be confusing to some, nay most.
In the original thread, had I read it back then, I'd have pointed out that putting the password auth file in the web space was not a good idea.
Unhiding it is even a worse idea.
Please start a new thread to discuss the problem you're having and we'll try to help you with it.
Location: St. John's, Newfoundland and Labrador, Canada
Distribution: Debian, Raspbian, OpenELEC, Knoppix
Posts: 13
Rep:
scasey,
Lets dismiss your worries about correctness before moving on to the more important issue. A leading dot indicates a hidden file; this is an administrative feature, not a security feature, and is not necessary in system directories where suitable file permissions are used. Consider /etc/profile and ~/.bash_profile. If you are still not happy with this answer, then why not read Authentication and Authorization, in the official Apache documentation, which does not use a dot file.
As for resurrecting old threads: they are indexed by search engines and many users find themselves reading these threads looking to solve their own problems. There is an issue with reading .files and the solution was not posted here. I have added it and therefore the solution exists for anyone finding themselves here: as I did, yesterday.
I am not sure why you felt it necessary to post your comments, or are unable to realize the benefit of posting solutions--especially for software as widely adopted as Apache--but I will say it was shortsighted.
If you still believe this inconvenienced you in some terrible way, I suggest you discuss it with the administrators of linuxquestions.org. Perhaps they will have a different opinion as to the benefits of acquiring search engine traffic and purge old posts, or freeze them. Then again, maybe they believe view solutions are solutions, and new visitors keep the community alive, nay, know they do.
scasey,
Lets dismiss your worries about correctness before moving on to the more important issue. A leading dot indicates a hidden file; this is an administrative feature, not a security feature, and is not necessary in system directories where suitable file permissions are used. Consider /etc/profile and ~/.bash_profile. If you are still not happy with this answer, then why not read Authentication and Authorization, in the official Apache documentation, which does not use a dot file.
...except the link you posted to the official documentation DOES have .htaccess. Nowhere in it does it say anything about removing the dot, as far as I could see.
Quote:
As for resurrecting old threads: they are indexed by search engines and many users find themselves reading these threads looking to solve their own problems. There is an issue with reading .files and the solution was not posted here. I have added it and therefore the solution exists for anyone finding themselves here: as I did, yesterday.
And after eight years, the answers have probably changed; do you use the same versions of software/OS/apache as you did eight years ago??
Quote:
I am not sure why you felt it necessary to post your comments, or are unable to realize the benefit of posting solutions--especially for software as widely adopted as Apache--but I will say it was shortsighted.
If you still believe this inconvenienced you in some terrible way, I suggest you discuss it with the administrators of linuxquestions.org. Perhaps they will have a different opinion as to the benefits of acquiring search engine traffic and purge old posts, or freeze them. Then again, maybe they believe view solutions are solutions, and new visitors keep the community alive, nay, know they do.
Necroposting has long been frowned upon in this forum; eight years is a LONG time to go between postings. The solutions have probably changed in that time, as did versions of software so scasey has a perfectly good point in saying "Open something new", because (as you say), this forum is indexed by search engines. Someone looking for a solution NOW isn't going to want to read something from eight years ago, but WILL want something current.
If you feel that you have been inconvenienced by having someone say something about necroposting, perhaps you should also contact the site administrators and ask them their feelings.
The OP has the AuthUserFile file hidden, but in the web space. I wanted to be sure that followers-on understood that having the AuthUserFile file in the web space was a bad idea.
I'll presume that the documentation you linked to does not use a dot file in their examples, as you say, but I have 21 AuthUserFiles in an not-in-the-web-space directory and they are all dot files.
In fact, the original thread has nothing about ".htpasswd" except as a discussion of that string as a file suffix. htpasswd is a utility for generating an encrypted password for use in an AuthUserFile. See
Code:
man htpasswd
So, removing the dot is NOT a solution to the OP. Nor is it a solution at all, as far as I can tell. That is my main objection to your post: The "issues about correctness" which you dismissed. The fact that a future searcher may find this thread as you did is precisely why I commented, tho I'm sure they'll appreciate the link you provided to the apache documentation.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.