|
.htaccess and .htpasswd Not Working
I have created a sub directory on my box on a website for my company. It is a page that has links to my tools I want to use when I do service calls. Links that connect to my servers webmin etc. Of course I don't want them found by webcrawling bots. I have created a .htpasswd file using htpasswd -c /location/to/file/.htpasswd.
This file is located outside the web. Just under the public_html folder. Then I went to the sub directory I want to protect and added a text file named .htaccess. It contains: /home/sites/www.domain.net/tech/ AuthType Basic AuthName "Some long name" AuthUserFile /home/sites/www.domain.net/.htpasswd Require valid-user ErrorDocument errornumber /home/sites/errorpages/403.html I also opened the httpd.conf and changed AllowedOverride to All The error document doesn't work either. I then restarted the httpd service. I try to access the site and it lets me right in without asking for a password. It is apache 2xxx on Centos 4.5. Webmin under Apache confifirms all this. What am I missing? |
Hi,
Looks like apache does not read the .htaccess. To see if that's the case, put some gibberish in .htaccess and see if you get a 500 error. Alos, to make sure your directory (e.g. /home/sites/www.domain.net/tech/) will be protected by .htaccess, add in httpd.conf Code:
<Directory /home/sites/www.domain.net/tech> |
Quote:
|
Quote:
btw I did add <Directory /home/sites/www.domaint/public_html/tech AllowOverride All Allow from all </Directory> to the httpd.conf and still no changes. |
Doh, check if you have defined a AccessFileName other than .htaccess in httpd.conf
Code:
AccessFileName .htaccess |
Quote:
this is whats there: AccessFileName: The name of the file to look for in each directory # for additional configuration directives. See also the AllowOverride # directive. # AccessFileName .htaccess |
You can try to remove .htaccess and put its contents in httpd.conf directly and see what happens:
Code:
<Directory /home/sites/www.domain.net/tech>Also make sure it's not a Selinux problem since you're running apache on Centos and your site's DocumentRoot is not under the default /var/www/html |
Quote:
|
Are you really using Centos 4.5; that's pretty old. 5.5 is out and 5.6 is (very) close. (RHEL 5.6 was out last yr)
I do know that putting htaccess directives inside the httpd.conf is recommended, as it's more secure than putting the .htaccess file in the target dir, where it's effectively publically avail, even if it is a 'hidden' file. |
Quote:
My bad. It's Centos 5.2 Just checked the one I was talking about to make sure. My DNS servers are running the older ones. I got several linux servers. Yeah I agree about putting that info in the httpd.conf file. But the custom error pages are a problem too. I would like to get Apache to read the .htaccess files. I just can't understand why it isn't. |
Stick with those directives in httpd.conf, forget using a .htaccess file. Of course you'll still need the .htpasswd file :)
The ErrorDocument directive requires either a string or a URL relative to DocumentRoot (specified in httpd.conf) or a complete URL ie http://... http://httpd.apache.org/docs/current...#errordocument HTH |
I agree with chrism01, that is better avoid .htaccess if possible. You can read more on this here
About the .htaccess problem, are you sure you have put .htaccess in the correct directory (/home/sites/www.domain.net/tech). Did you check the logs for errors? Just for testing, you can edit httpd.conf, find the <Directory /> stanza and add/edit "AllowOverride All" to it and see if apache reads .htaccess files Regarding the ErrorDocument, chrism01 is right. The path to the file you specify is relative to the DocumentRoot of the server Regards |
| All times are GMT -5. The time now is 08:18 PM. |