Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
02-27-2011, 11:43 AM
|
#1
|
Member
Registered: Apr 2005
Posts: 252
Rep:
|
.htaccess and .htpasswd Not Working
I have created a sub directory on my box on a website for my company. It is a page that has links to my tools I want to use when I do service calls. Links that connect to my servers webmin etc. Of course I don't want them found by webcrawling bots. I have created a .htpasswd file using htpasswd -c /location/to/file/.htpasswd.
This file is located outside the web. Just under the public_html folder. Then I went to the sub directory I want to protect and added a text file named .htaccess. It contains:
/home/sites/www.domain.net/tech/
AuthType Basic
AuthName "Some long name"
AuthUserFile /home/sites/www.domain.net/.htpasswd
Require valid-user
ErrorDocument errornumber /home/sites/errorpages/403.html
I also opened the httpd.conf and changed AllowedOverride to All
The error document doesn't work either.
I then restarted the httpd service. I try to access the site and it lets me right in without asking for a password. It is apache 2xxx on Centos 4.5. Webmin under Apache confifirms all this.
What am I missing?
|
|
|
02-27-2011, 03:17 PM
|
#2
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,217
|
Hi,
Looks like apache does not read the .htaccess. To see if that's the case, put some gibberish in .htaccess and see if you get a 500 error.
Alos, to make sure your directory (e.g. /home/sites/www.domain.net/tech/) will be protected by .htaccess, add in httpd.conf
Code:
<Directory /home/sites/www.domain.net/tech>
AllowedOverride All
Allow from all
</Directory>
Regards
|
|
|
02-27-2011, 03:25 PM
|
#3
|
Member
Registered: Apr 2005
Posts: 252
Original Poster
Rep:
|
Quote:
Originally Posted by bathory
Hi,
Looks like apache does not read the .htaccess. To see if that's the case, put some gibberish in .htaccess and see if you get a 500 error.
Alos, to make sure your directory (e.g. /home/sites/www.domain.net/tech/) will be protected by .htaccess, add in httpd.conf
Code:
<Directory /home/sites/www.domain.net/tech>
AllowedOverride All
Allow from all
</Directory>
Regards
|
That seems to be the case. I did put garbage in it and nothing changed. So any idea's why it isn't reading the .htaccess file?
|
|
|
02-27-2011, 03:47 PM
|
#4
|
Member
Registered: Apr 2005
Posts: 252
Original Poster
Rep:
|
Quote:
Originally Posted by kitek
That seems to be the case. I did put garbage in it and nothing changed. So any idea's why it isn't reading the .htaccess file?
|
btw I did add
<Directory /home/sites/www.domaint/public_html/tech
AllowOverride All
Allow from all
</Directory>
to the httpd.conf and still no changes.
|
|
|
02-27-2011, 05:03 PM
|
#5
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,217
|
Doh, check if you have defined a AccessFileName other than .htaccess in httpd.conf
Code:
AccessFileName .htaccess
|
|
|
02-27-2011, 05:10 PM
|
#6
|
Member
Registered: Apr 2005
Posts: 252
Original Poster
Rep:
|
Quote:
Originally Posted by bathory
Doh, check if you have defined a AccessFileName other than .htaccess in httpd.conf
Code:
AccessFileName .htaccess
|
looks good
this is whats there:
AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
|
|
|
02-27-2011, 05:30 PM
|
#7
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,217
|
You can try to remove .htaccess and put its contents in httpd.conf directly and see what happens:
Code:
<Directory /home/sites/www.domain.net/tech>
# AllowedOverride All
Allow from all
AuthType Basic
AuthName "Some long name"
AuthUserFile /home/sites/www.domain.net/.htpasswd
Require valid-user
</Directory>
Of course you need to restart apache since you change httpd.conf
Also make sure it's not a Selinux problem since you're running apache on Centos and your site's DocumentRoot is not under the default /var/www/html
|
|
|
02-28-2011, 12:29 AM
|
#8
|
Member
Registered: Apr 2005
Posts: 252
Original Poster
Rep:
|
Quote:
Originally Posted by bathory
You can try to remove .htaccess and put its contents in httpd.conf directly and see what happens:
Code:
<Directory /home/sites/www.domain.net/tech>
# AllowedOverride All
Allow from all
AuthType Basic
AuthName "Some long name"
AuthUserFile /home/sites/www.domain.net/.htpasswd
Require valid-user
</Directory>
Of course you need to restart apache since you change httpd.conf
Also make sure it's not a Selinux problem since you're running apache on Centos and your site's DocumentRoot is not under the default /var/www/html
|
Now that worked. Any Idea why I have to do it that way? I mean I won't be locking many area's however, just wondering what I might run into later. What about error pages? I guess I just do the same thing?
|
|
|
02-28-2011, 12:50 AM
|
#9
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,419
|
Are you really using Centos 4.5; that's pretty old. 5.5 is out and 5.6 is (very) close. (RHEL 5.6 was out last yr)
I do know that putting htaccess directives inside the httpd.conf is recommended, as it's more secure than putting the .htaccess file in the target dir, where it's effectively publically avail, even if it is a 'hidden' file.
|
|
|
02-28-2011, 12:54 AM
|
#10
|
Member
Registered: Apr 2005
Posts: 252
Original Poster
Rep:
|
Quote:
Originally Posted by chrism01
Are you really using Centos 4.5; that's pretty old. 5.5 is out and 5.6 is (very) close. (RHEL 5.6 was out last yr)
I do know that putting htaccess directives inside the httpd.conf is recommended, as it's more secure than putting the .htaccess file in the target dir, where it's effectively publically avail, even if it is a 'hidden' file.
|
My bad. It's Centos 5.2 Just checked the one I was talking about to make sure. My DNS servers are running the older ones. I got several linux servers. Yeah I agree about putting that info in the httpd.conf file. But the custom error pages are a problem too. I would like to get Apache to read the .htaccess files. I just can't understand why it isn't.
|
|
|
02-28-2011, 01:23 AM
|
#11
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,419
|
Stick with those directives in httpd.conf, forget using a .htaccess file. Of course you'll still need the .htpasswd file
The ErrorDocument directive requires either a string or a URL relative to DocumentRoot (specified in httpd.conf) or a complete URL ie http://...
http://httpd.apache.org/docs/current...#errordocument
HTH
|
|
|
02-28-2011, 05:08 AM
|
#12
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,217
|
I agree with chrism01, that is better avoid .htaccess if possible. You can read more on this here
About the .htaccess problem, are you sure you have put .htaccess in the correct directory (/home/sites/www.domain.net/tech). Did you check the logs for errors?
Just for testing, you can edit httpd.conf, find the <Directory /> stanza and add/edit "AllowOverride All" to it and see if apache reads .htaccess files
Regarding the ErrorDocument, chrism01 is right. The path to the file you specify is relative to the DocumentRoot of the server
Regards
|
|
|
All times are GMT -5. The time now is 07:04 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|