LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   htaccess and userdir problem (https://www.linuxquestions.org/questions/linux-server-73/htaccess-and-userdir-problem-715793/)

ThickGit 03-31-2009 09:32 AM
htaccess and userdir problem
 
Hi People.

I originally started this way back in October last year in http://www.linuxquestions.org/questi...umber.-678759/

I never did get to solve the problem but worked around it with a reasonably acceptable method. Now this has become a problem for another reason.

I will recap briefly:

On a server running virtual hosts and Apache 2.2

I found out that it is possible to get around the .htaccess file by using the IP number and user name like this "http://123.123.123.123/~username/protected_directory". .htaccess is simply ignored.

Using the domain name "www.domain.co.uk/protected_directory" is ok and htaccess performs normally.


I discovered that by changing the hppd.conf line "UserDir disable" to "UserDir public_html" prevented accessing the protected directories by IP/~username/protected_directory. I guess this is not really surprising. Of course, this has the byproduct of preventing valid access using the IP too. This has now become a problem and I need to solve it.

So, the question remains, "why does .htaccess not work when using "IP/~username/protected_directory" ?

Any clues where I can start looking would be most welcome.

bathory 03-31-2009 01:53 PM
What happens if you visit htp://www.domain.co.uk/~username/protected_directory
Could you post the contents of .htaccess?
Try to use
Code:
NameVirtualHost *:80
and replace "<VirtualHost 123.123.123.123:80>" with "<VirtualHost *:80>

ThickGit 04-01-2009 09:38 AM
Hmmm !
 
Bathory, many thanks for your reply.

If I visit visit htp://www.domain.co.uk/~username/protected_directory I get a 404 unavailable error.

I found "NameVirtualHost" in several places in the hppd.conf file as follows:

Code:
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash.  This fixes a
# problem with Microsoft WebFolders which does not appropriately handle
# redirects for folders with DAV methods.
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
NameVirtualHost 123.123.123.123:80
and

Code:
#
# Use name-based virtual hosting.
#
NameVirtualHost *:80
#
# NOTE: NameVirtualHost cannot be used without a port specifier
# (e.g. :80) if mod_ssl is being used, due to the nature of the
# SSL protocol.
#


Also in the VH section as here

Code:
<VirtualHost 123.123.123.123:80>
ServerName domain.co.uk
ServerAlias www.domain.co.uk
DocumentRoot /home/domaing/public_html
ErrorLog /home/domain/logs/error_log
CustomLog /home/domain/logs/access_log combined
ScriptAlias /cgi-bin/ /home/domain/cgi-bin/
<Directory /home/domain/public_html>
Options Indexes IncludesNOEXEC FollowSymLinks
allow from all
AllowOverride All
</Directory>
<Directory /home/domain/cgi-bin>
allow from all
</Directory>
<Directory /home/domain/public_html/stats>
Options Indexes IncludesNOEXEC FollowSymLinks
allow from all
AllowOverride All
</Directory>
</VirtualHost>
If I change
Code:
<VirtualHost 123.123.123.123:80>

to


<VirtualHost *:80>
and visit the site I get a directory listing.


The .htaccess file contains this :
Code:
AuthName "domain.co.uk protected"
AuthType Basic
AuthUserFile /home/domain/.protected-htpasswd
require valid-user
<Files .htpasswd>
deny from all
</Files>

Again, many thanks for your help, I am at a total loss.

bathory 04-01-2009 11:28 AM
Quote:
If I visit visit htp://www.domain.co.uk/~username/protected_directory I get a 404 unavailable error.
What's in error_log about that error.
What has the "username" above to do with the "domaing" in the DocumentRoot definition "DocumentRoot /home/domaing/public_html? You are using htp://www.domain.co.uk/~domaing/protected_directory to do your tests?
Unless it's a typo you need to change the DocumentRoot to "/home/domaing/public_html" to match the <Directory /home/domain/public_html>

About the rest:
Remove the line "NameVirtualHost 123.123.123.123:80" and change the vhost definition accordingly:
Code:
<VirtualHost *:80>
ServerName domain.co.uk
...
</VirtualHost>

ThickGit 04-02-2009 06:14 AM
Thanks again Bathory.

I have to apologise because I made a mistake. If I visit visit htp://www.domain.co.uk/~username/protected_directory the .htaccess file works properly. I don't know how I made that mistake, I don't think I have done anything that could have affected that.

Another apology, the "domainG" is a typo.

I obviously had a bad day.


So here is the result for your suggestion in your post:

I deleted "NameVirtualHost 123.123.123.123:80" and changed the vhost line to "<VirtualHost *:80>"

This is the result :
"http://123.123.123.123/~username/protected_directory" the .htaccess is ignored
"http://www.domain/~username/protected_directory" the .htaccess is ignored
"http://www.domain/protected_directory" displays the protected directory for the servers default site.

Unsurprisingly all other VH on this server stop when this change is in place.


Should I point out that the domain name and the username are of course identical.

I am tearing my hair out (and I have very little) so thanks for your continued help and patience.

chrism01 04-02-2009 06:24 AM
Are you sure
Code:
AuthUserFile /home/domain/.protected-htpasswd
require valid-user
<Files .htpasswd>
is right. They don't match filenames; surely you only need AuthUserFile entry....?
Also, if this is in a user's public dir, maybe only that user needs access eg
Code:
require user <that_user>

bathory 04-02-2009 06:53 AM
Now I'm also confused (I guess www.domain.co.uk is the same as www.domain). Could you please confirm the following:
http://www.domain.co.uk/~username/protected_directory works
http://123.123.123.123/~username/protected_directory not working
http://www.domain/protected_directory works?
http://123.123.123.123/protected_directory not working?
Quote:
Unsurprisingly all other VH on this server stop when this change is in place.
Since you've removed the extra "NameVirtualHost 123.123.123.123:80" you must change the other VHs starting tag accordingly (use <VirtualHost *:80>)
Now chrism01 gave me an idea. Move .protected-htpasswd somewhere outside of the homedir (e.g. /etc/.protected-htpasswd), change the "AuthUserFile ..." and see if it works.

ThickGit 04-03-2009 05:21 AM
Thanks Chris and Bathory for your continued efforts. Working with a thick git like me must be frustrating.

The current state is as follows :

I have removed the line "NameVirtualHost 123.123.123.123:80"

And I have changed the VH entry like this
Code:
<VirtualHost *:80>
ServerName domain.co.uk
...
</VirtualHost>
After Chris's suggestion I have reduced all possibilities to the minimum by doing the following:

I have created a directory called "protected_directory"
In that directory I have "index.htm", .htaccess and .htpasswd

.htaccess contains
Code:
AuthUserFile /home/username/public_html/protected_directory/.htpasswd
AuthGroupFile /dev/null
AuthName "Protected Directory"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

# username is of course the same as domain
.htpasswd contains
Code:
user:a03cGgnLWcCzY
I have added the following to the VH section (just in case)
Code:
<Directory /home/username/public_html/protected_directory>
Options Indexes IncludesNOEXEC FollowSymLinks
allow from all
AllowOverride All
</Directory>

The results are :
http://www.domain.co.uk/protected_directory
404 error. No sign of entry in /etc/httpd/logs/error_log

http://123.123.123.123/~username/protected_directory/
.htaccess ignored

http://www.domain.co.uk/~username/protected_directory
.htaccess ignored

http://123.123.123.123/protected_directory/
404 error. No sign of entry in /etc/httpd/logs/error_log As there is no directory in the default called "protected_directory" this is expected ?


Again, I thank you for your patience.

bathory 04-03-2009 06:03 AM
If you have left the rest of the VH unchanged, the 404 error should be in /home/domain/logs/error_log
What is the output of
Code:
httpd -S

ThickGit 04-03-2009 06:52 AM
The result of httpd -S is as follows :

Code:
[Fri Apr 03 12:14:46 2009] [warn] VirtualHost 123.123.123.123:80 overlaps with VirtualHost 123.123.123.123:80, the first has precedence, perhaps you need a NameVirtualHost directive

...

# Note that at this stage none of the other VH on this server have been changed to <VirtualHost *:80> which would explain this error

...

[Fri Apr 03 12:14:46 2009] [warn] VirtualHost 123.123.123.123:80 overlaps with VirtualHost 123.123.123.123:80, the first has precedence, perhaps you need a NameVirtualHost directive

VirtualHost configuration:
123.123.123.123:80    server-defailt-domain.co.uk (/etc/httpd/conf/httpd.conf:1004)
wildcard NameVirtualHosts and _default_ servers:
_default_:443          www.anotherdomain.com (/etc/httpd/conf.d/ssl.conf:81)
*:80                  is a NameVirtualHost
        default server domain.co.uk (/etc/httpd/conf/httpd.conf:1879)
        port 80 namevhost domain.co.uk (/etc/httpd/conf/httpd.conf:1879)
Syntax OK
Note:
In the above the last three lines "domain.co.uk" is the name of the VH I am using for testing.
"www.anotherdomain.com" refers to another VH which justy happens to be on this server.

Strangely, there is no error in /home/domain/logs/error_log either !

bathory 04-03-2009 07:24 AM
Here is a configuration that works at least for me:
1. In the part of httpd.conf defining UserDir:
Code:
UserDir public_html
...
<Directory /home/*/public_html>
    AllowOverride All
...
</Directory>
2. In the vhost definition:
Code:
<VirtualHost *:80>
        ServerName www.vhost.com
        DocumentRoot /home/username/public_html/vhost
<DIrectory /home/username/public_html/vhost>
AllowOverride All
</Directory>
...
</VirtualHost>
Tested with:
http://www.vhost.com/protected
http://xx.xx.xx.xx/~username/protected
http://servername/~username/protected


Of course you must use only one of "NameVirtualHost 123.123.123.123:80" or "NameVirtualHost *:80" and <VirtualHost 123.123.123.123:80> or <VirtualHost *:80> for apache to stop complaining about vhost overlapping.
I suggest you also to close completely your browser (not just the tab) when testing, because sometimes it keeps the password cached and does not ask again for authentication.

ThickGit 04-07-2009 07:01 AM
Solved
 
Fianlly !

It seems to be sorted out.

As far as I can tell, it would seem that it is necessary to change ALL instances of "<VirtualHost 123.123.123.123:80>" to <VirtualHost *:80> in the VH section. Changing just one for the purpose of testing does not work. You probably knew that, but I'm thick.

That surprised me, but it does seem to be working as expected now.

I was at the stage of giving up so many thanks to you for your help.

Interestingly, the error logs are now working properly too.

I am one happy bunny :)


All times are GMT -5. The time now is 05:58 AM.