Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
OK, after and hour of messing with this, I give up and will turn to the LQ experts. I am running Apache 2.4.29 on Slackware64 14.2. I have created an .htaccess file in DocumentRoot/calendars/testing/.htaccess as:
I've also put an index.html file in that directory displaying "hello".
Whenever I load the URL for that testing folder I get "hello" displayed. It is not asking me for any credentials. Why?
The .htaccess file is owned by apache.apache with everyone-read permission. /etc/httpd/passwords is also everyone-read. httpd.config has 'AllowOverride all', and 'RewriteEngine on'. No messages appear in /var/log/httpd/error_log.
OK, after and hour of messing with this, I give up and will turn to the LQ experts. I am running Apache 2.4.29 on Slackware64 14.2. I have created an .htaccess file in DocumentRoot/calendars/testing/.htaccess as:
I've also put an index.html file in that directory displaying "hello".
Whenever I load the URL for that testing folder I get "hello" displayed. It is not asking me for any credentials. Why?
The .htaccess file is owned by apache.apache with everyone-read permission. /etc/httpd/passwords is also everyone-read. httpd.config has 'AllowOverride all', and 'RewriteEngine on'. No messages appear in /var/log/httpd/error_log.
What am I missing?
Maybe the session is cached in your browser, so close it and start it again, or use a different one.
Also you need to supply an AuthName directive in the .htaccess:
Added the AuthName to the .htaccess file. Nope, didn't fix the problem. I tried 3 different browser on 2 different devices -- including my smartPhone -- none of which had tried to access this page before. All brought up the "hello" page with no crendentials asked for and no messages in error_log. I even restarted httpd. Confused! I've used .htaccess file a-plenty in the past. Don't get what's going wrong.
Try modifying your vhost's configuration with the same directives and then reload Apache2. If it is your server and you have access to the configuration file then it is better to use it. Using .htaccess is a hack for use-cases that mostly died out in the 1990s.
If you do have a use-case for .htaccess can you say why you are trying .htaccess instead of using the configuration file itself? That can be made to work but it would be nice to know why.
Added the AuthName to the .htaccess file. Nope, didn't fix the problem. I tried 3 different browser on 2 different devices -- including my smartPhone -- none of which had tried to access this page before. All brought up the "hello" page with no crendentials asked for and no messages in error_log. I even restarted httpd. Confused! I've used .htaccess file a-plenty in the past. Don't get what's going wrong.
Most likely apache does not read the .htaccess file.
You mentioned in your OP that you already have "AllowOverride all", I guess inside the "Directory DocumentRoot/calendars/testing>...</Directory> stanza, or any directory above it.
To verify if apache actually reads .htaccess files, put some gibberish inside it, reload the page in question and see if you get a 500 error.
Try modifying your vhost's configuration with the same directives and then reload Apache2. If it is your server and you have access to the configuration file then it is better to use it. Using .htaccess is a hack for use-cases that mostly died out in the 1990s.
If you do have a use-case for .htaccess can you say why you are trying .htaccess instead of using the configuration file itself? That can be made to work but it would be nice to know why.
Actually, I was just using this .htaccess to test something, it's not intended to be permanent. I'm quite perplexed. I've used .htaccess files numerous times in the past and I can't figure this out. I did try:
But httpd failed to start with the error "AH00526: Syntax error on line 281 of /etc/httpd/httpd.conf: Multiple <Directory> arguments not (yet) supported."
In the <Directory "/srv/httpd/htdocs" /> I changed to, AllowOverride Options=AuthConfig (which I got from another config where .htaccess works), but that gave the error /srv/httpd/htdocs/calendars/testing/.htaccess: AuthType not allowed here. If I change that to 'AllowOverride AuthConfig', it again lets me load the page, no errors.
Quote:
Originally Posted by bathory
Most likely apache does not read the .htaccess file.
You mentioned in your OP that you already have "AllowOverride all", I guess inside the "Directory DocumentRoot/calendars/testing>...</Directory> stanza, or any directory above it.
To verify if apache actually reads .htaccess files, put some gibberish inside it, reload the page in question and see if you get a 500 error.
I did put gibberish in the .htaccess file it does give the error "Invalid Command"
Actually, I was just using this .htaccess to test something, it's not intended to be permanent. I'm quite perplexed. I've used .htaccess files numerous times in the past and I can't figure this out. I did try:
But httpd failed to start with the error "AH00526: Syntax error on line 281 of /etc/httpd/httpd.conf: Multiple <Directory> arguments not (yet) supported."
Hmmm. Was that directive nested within another Directory directive? Or separate from it? I ask because I have several locations where the directory in one is below the directory in another, but the directives themselves are not nested. I also don't use the "/>" construct at the end of the directory command. Nor is the directory path quoted in my config file.
Neither of which comments are likely to help with your problem, just grasping at straws.
Hmmm. Was that directive nested within another Directory directive? Or separate from it? I ask because I have several locations where the directory in one is below the directory in another, but the directives themselves are not nested. I also don't use the "/>" construct at the end of the directory command. Nor is the directory path quoted in my config file.
Neither of which comments are likely to help with your problem, just grasping at straws.
No, I checked to make sure it wasn't nested. In fact, I also tried without the /> and without the quotes too. Other <Directory> directive do have those, so I put them it mine to try. Perhaps my httpd.conf will help, you can see where I put my <Directory> entry:
Now, I found in /etc/httpd/extra/httpd-dav.conf that I have:
Code:
<Directory /calendars>
AllowOverride none
Options None
Require all granted
</Directory>
So I changed that to 'AllowOverrides AuthConfig', but still no go. It permits showing the 'hello' page. I again tried with another host which has never tried access this page (I'm running out of hosts!)
In that same httpd-dav.conf I also have:
Code:
<Location "/calendars">
Dav On
AuthType Basic
AuthName DAV-upload
# You can use the htdigest program to create the password database:
# htdigest -c "/usr/user.passwd" DAV-upload admin
AuthUserFile "/etc/httpd/passwords"
# Allow universal write access
# <RequireAny>
Require method GET POST OPTIONS
Require valid-user
# </RequireAny>
</Location>
but that seem do do nothing, probably because I'm not using calDAV.
You are restarting httpd every time you change anything in the config files, yes?
How is /etc/httpd/passwords maintained? What does it contain? (you probably don't want to post the answer to that question, but it should look something like this:
Code:
username:PO2C4EflByd4A
with a line for each user.
These are, again, just more SWAGs. I can't see anything wrong in what you've posted.
OK ... it's working now. I have absolutely no idea what I did, if anything, to get it working. My <Directory> is now:
Code:
<Directory "/srv/httpd/htdocs">
Options FollowSymLinks
AllowOverride AuthConfig
Require all granted
</Directory>
which is what I had back in post #2. Grrrr! I'll try some more things like making a separate <Directory> block for this specific path, and post back.
While I'm experimenting, is there a way to make authentication apply only to, or exclude from, an IP range? For example, if I did not want to require authentication for 192.168.0.0/24?
Later ...
Actually, I think I answered my own question. Put "require ip 192.168.0.0/24" in the .htaccess file. That seems to work.
no idea what fixed it in the end, but the slash at the end was definitely wrong:
Yeah, that must have been it. The 1st <Directory> entry in the file (original to the installation) is:
Code:
<Directory />
AllowOverride none
Require all denied
</Directory>
So, I copied that syntax. It is however true that the directives with paths do not have the />. Nevertheless, mine with the /> did pass the 'httpd -t' syntax check. Anyway, I'll assume that was the problem and stick a fork in this one. Thanks.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.