[SOLVED] .htaccess not working

mfoley · 08-29-2018, 12:11 PM

OK, after and hour of messing with this, I give up and will turn to the LQ experts. I am running Apache 2.4.29 on Slackware64 14.2. I have created an .htaccess file in DocumentRoot/calendars/testing/.htaccess as:

Code:

AuthType Basic
AuthUserFile /etc/httpd/passwords
Require valid-user

I've also put an index.html file in that directory displaying "hello".

Whenever I load the URL for that testing folder I get "hello" displayed. It is not asking me for any credentials. Why?

The .htaccess file is owned by apache.apache with everyone-read permission. /etc/httpd/passwords is also everyone-read. httpd.config has 'AllowOverride all', and 'RewriteEngine on'. No messages appear in /var/log/httpd/error_log.

What am I missing?

bathory · 08-29-2018, 12:42 PM

Quote:

Originally Posted by mfoley

OK, after and hour of messing with this, I give up and will turn to the LQ experts. I am running Apache 2.4.29 on Slackware64 14.2. I have created an .htaccess file in DocumentRoot/calendars/testing/.htaccess as:

Code:

AuthType Basic
AuthUserFile /etc/httpd/passwords
Require valid-user

I've also put an index.html file in that directory displaying "hello".

Whenever I load the URL for that testing folder I get "hello" displayed. It is not asking me for any credentials. Why?

The .htaccess file is owned by apache.apache with everyone-read permission. /etc/httpd/passwords is also everyone-read. httpd.config has 'AllowOverride all', and 'RewriteEngine on'. No messages appear in /var/log/httpd/error_log.

What am I missing?

Maybe the session is cached in your browser, so close it and start it again, or use a different one.

Also you need to supply an AuthName directive in the .htaccess:

Code:

AuthType Basic
AuthUserFile /etc/httpd/passwords
Require valid-user
AuthName "Restricted"

Regards

mfoley · 08-29-2018, 12:59 PM

Quote:

Originally Posted by bathory

Maybe the session is cached in your browser, so close it and start it again, or use a different one.

Also you need to supply an AuthName directive in the .htaccess:

Code:

AuthType Basic
AuthUserFile /etc/httpd/passwords
Require valid-user
AuthName "Restricted"

Regards

Added the AuthName to the .htaccess file. Nope, didn't fix the problem. I tried 3 different browser on 2 different devices -- including my smartPhone -- none of which had tried to access this page before. All brought up the "hello" page with no crendentials asked for and no messages in error_log. I even restarted httpd. Confused! I've used .htaccess file a-plenty in the past. Don't get what's going wrong.

Turbocapitalist · 08-29-2018, 01:21 PM

Try modifying your vhost's configuration with the same directives and then reload Apache2. If it is your server and you have access to the configuration file then it is better to use it. Using .htaccess is a hack for use-cases that mostly died out in the 1990s.

If you do have a use-case for .htaccess can you say why you are trying .htaccess instead of using the configuration file itself? That can be made to work but it would be nice to know why.

bathory · 08-29-2018, 01:54 PM

Quote:

Originally Posted by mfoley

Added the AuthName to the .htaccess file. Nope, didn't fix the problem. I tried 3 different browser on 2 different devices -- including my smartPhone -- none of which had tried to access this page before. All brought up the "hello" page with no crendentials asked for and no messages in error_log. I even restarted httpd. Confused! I've used .htaccess file a-plenty in the past. Don't get what's going wrong.

Most likely apache does not read the .htaccess file.
You mentioned in your OP that you already have "AllowOverride all", I guess inside the "Directory DocumentRoot/calendars/testing>...</Directory> stanza, or any directory above it.

To verify if apache actually reads .htaccess files, put some gibberish inside it, reload the page in question and see if you get a 500 error.

mfoley · 08-29-2018, 03:12 PM

Quote:

Originally Posted by Turbocapitalist

Try modifying your vhost's configuration with the same directives and then reload Apache2. If it is your server and you have access to the configuration file then it is better to use it. Using .htaccess is a hack for use-cases that mostly died out in the 1990s.

If you do have a use-case for .htaccess can you say why you are trying .htaccess instead of using the configuration file itself? That can be made to work but it would be nice to know why.

Actually, I was just using this .htaccess to test something, it's not intended to be permanent. I'm quite perplexed. I've used .htaccess files numerous times in the past and I can't figure this out. I did try:

Code:

<Directory "/srv/httpd/htdocs/calendars/testing" />
AllowOverride AuthConfig
</Directory>

But httpd failed to start with the error "AH00526: Syntax error on line 281 of /etc/httpd/httpd.conf: Multiple <Directory> arguments not (yet) supported."

In the <Directory "/srv/httpd/htdocs" /> I changed to, AllowOverride Options=AuthConfig (which I got from another config where .htaccess works), but that gave the error /srv/httpd/htdocs/calendars/testing/.htaccess: AuthType not allowed here. If I change that to 'AllowOverride AuthConfig', it again lets me load the page, no errors.

Quote:

Originally Posted by bathory

Most likely apache does not read the .htaccess file.
You mentioned in your OP that you already have "AllowOverride all", I guess inside the "Directory DocumentRoot/calendars/testing>...</Directory> stanza, or any directory above it.

To verify if apache actually reads .htaccess files, put some gibberish inside it, reload the page in question and see if you get a 500 error.

I did put gibberish in the .htaccess file it does give the error "Invalid Command"

scasey · 08-29-2018, 03:28 PM

Quote:

Originally Posted by mfoley

Actually, I was just using this .htaccess to test something, it's not intended to be permanent. I'm quite perplexed. I've used .htaccess files numerous times in the past and I can't figure this out. I did try:

Code:

<Directory "/srv/httpd/htdocs/calendars/testing" />
AllowOverride AuthConfig
</Directory>

But httpd failed to start with the error "AH00526: Syntax error on line 281 of /etc/httpd/httpd.conf: Multiple <Directory> arguments not (yet) supported."

Hmmm. Was that directive nested within another Directory directive? Or separate from it? I ask because I have several locations where the directory in one is below the directory in another, but the directives themselves are not nested. I also don't use the "/>" construct at the end of the directory command. Nor is the directory path quoted in my config file.

Neither of which comments are likely to help with your problem, just grasping at straws.

mfoley · 08-29-2018, 04:08 PM

Quote:

Originally Posted by scasey

Hmmm. Was that directive nested within another Directory directive? Or separate from it? I ask because I have several locations where the directory in one is below the directory in another, but the directives themselves are not nested. I also don't use the "/>" construct at the end of the directory command. Nor is the directory path quoted in my config file.

Neither of which comments are likely to help with your problem, just grasping at straws.

No, I checked to make sure it wasn't nested. In fact, I also tried without the /> and without the quotes too. Other <Directory> directive do have those, so I put them it mine to try. Perhaps my httpd.conf will help, you can see where I put my <Directory> entry:

Code:

ServerRoot "/usr"
TraceEnable off
Listen 80

LoadModule mpm_event_module lib64/httpd/modules/mod_mpm_event.so
LoadModule authn_file_module lib64/httpd/modules/mod_authn_file.so
LoadModule authn_core_module lib64/httpd/modules/mod_authn_core.so
LoadModule authz_host_module lib64/httpd/modules/mod_authz_host.so
LoadModule authz_groupfile_module lib64/httpd/modules/mod_authz_groupfile.so
LoadModule authz_user_module lib64/httpd/modules/mod_authz_user.so
LoadModule authz_core_module lib64/httpd/modules/mod_authz_core.so
LoadModule access_compat_module lib64/httpd/modules/mod_access_compat.so
LoadModule auth_basic_module lib64/httpd/modules/mod_auth_basic.so
LoadModule socache_shmcb_module lib64/httpd/modules/mod_socache_shmcb.so
LoadModule reqtimeout_module lib64/httpd/modules/mod_reqtimeout.so
LoadModule filter_module lib64/httpd/modules/mod_filter.so
LoadModule mime_module lib64/httpd/modules/mod_mime.so
LoadModule log_config_module lib64/httpd/modules/mod_log_config.so
LoadModule env_module lib64/httpd/modules/mod_env.so
LoadModule headers_module lib64/httpd/modules/mod_headers.so
LoadModule setenvif_module lib64/httpd/modules/mod_setenvif.so
LoadModule version_module lib64/httpd/modules/mod_version.so
LoadModule proxy_module lib64/httpd/modules/mod_proxy.so
LoadModule proxy_connect_module lib64/httpd/modules/mod_proxy_connect.so
LoadModule proxy_ftp_module lib64/httpd/modules/mod_proxy_ftp.so
LoadModule proxy_http_module lib64/httpd/modules/mod_proxy_http.so
LoadModule proxy_fcgi_module lib64/httpd/modules/mod_proxy_fcgi.so
LoadModule proxy_scgi_module lib64/httpd/modules/mod_proxy_scgi.so
LoadModule proxy_wstunnel_module lib64/httpd/modules/mod_proxy_wstunnel.so
LoadModule proxy_ajp_module lib64/httpd/modules/mod_proxy_ajp.so
LoadModule proxy_express_module lib64/httpd/modules/mod_proxy_express.so
LoadModule ssl_module lib64/httpd/modules/mod_ssl.so
LoadModule lbmethod_byrequests_module lib64/httpd/modules/mod_lbmethod_byrequests.so
LoadModule lbmethod_bytraffic_module lib64/httpd/modules/mod_lbmethod_bytraffic.so
LoadModule lbmethod_bybusyness_module lib64/httpd/modules/mod_lbmethod_bybusyness.so
LoadModule unixd_module lib64/httpd/modules/mod_unixd.so
LoadModule dav_module lib64/httpd/modules/mod_dav.so
LoadModule status_module lib64/httpd/modules/mod_status.so
LoadModule autoindex_module lib64/httpd/modules/mod_autoindex.so
LoadModule dav_fs_module lib64/httpd/modules/mod_dav_fs.so
LoadModule dav_lock_module lib64/httpd/modules/mod_dav_lock.so
LoadModule dir_module lib64/httpd/modules/mod_dir.so
LoadModule alias_module lib64/httpd/modules/mod_alias.so
LoadModule rewrite_module lib64/httpd/modules/mod_rewrite.so

RewriteEngine On
RewriteRule ^/DVR$ DVR/ [R]

ProxyPass /DVR/ http://192.168.0.24/

<IfModule unixd_module>
User apache
Group apache

</IfModule>

ServerAdmin someone

ServerName obfuscate.org:80

<Directory />
    AllowOverride none
    Require all denied
</Directory>

DocumentRoot "/srv/httpd/htdocs"
<Directory "/srv/httpd/htdocs">
    Options FollowSymLinks

    AllowOverride AuthConfig

    Require all granted
</Directory>

#<Directory "/srv/httpd/htdocs/calendars/testing" />
#AllowOverride AuthConfig
#</Directory>

<IfModule dir_module>
    DirectoryIndex index.html index.php
</IfModule>

<Files ".ht*">
    Require all denied
</Files>

ErrorLog "/var/log/httpd/error_log"
LogLevel warn

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    SetEnvIf Request_URI "^/calendars" dontlog=true
    CustomLog "/var/log/httpd/access_log" common env=!dontlog

</IfModule>

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/srv/httpd/cgi-bin/"
</IfModule>

<IfModule cgid_module>
</IfModule>

<Directory "/srv/httpd/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule headers_module>
    RequestHeader unset Proxy early
</IfModule>

<IfModule mime_module>
    TypesConfig /etc/httpd/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
</IfModule>

Include /etc/httpd/extra/httpd-dav.conf

<IfModule proxy_html_module>
Include /etc/httpd/extra/proxy-html.conf
</IfModule>

Include /etc/httpd/extra/httpd-ssl.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

Include /etc/httpd/mod_php.conf

Now, I found in /etc/httpd/extra/httpd-dav.conf that I have:

Code:

<Directory /calendars>
    AllowOverride none
    Options None
    Require all granted
</Directory>

So I changed that to 'AllowOverrides AuthConfig', but still no go. It permits showing the 'hello' page. I again tried with another host which has never tried access this page (I'm running out of hosts!)

In that same httpd-dav.conf I also have:

Code:

<Location "/calendars">
    Dav On
 
    AuthType Basic
    AuthName DAV-upload
    # You can use the htdigest program to create the password database:
    #   htdigest -c "/usr/user.passwd" DAV-upload admin
    AuthUserFile "/etc/httpd/passwords"

    # Allow universal write access
#    <RequireAny>
        Require method GET POST OPTIONS
        Require valid-user
#    </RequireAny>
</Location>

but that seem do do nothing, probably because I'm not using calDAV.

scasey · 08-29-2018, 06:05 PM

You are restarting httpd every time you change anything in the config files, yes?
How is /etc/httpd/passwords maintained? What does it contain? (you probably don't want to post the answer to that question, but it should look something like this:

Code:

username:PO2C4EflByd4A

with a line for each user.

These are, again, just more SWAGs. I can't see anything wrong in what you've posted.

mfoley · 08-29-2018, 09:49 PM

Yup - restarting httpd every time I make a change to anything. That's exactly what my passwords file looks like, permissions:

Code:

> ls -l /etc/httpd/passwords
-rw-r--r-- 1 root apache 406 2018-07-13 14:50 /etc/httpd/passwords

This is quite a puzzler. I've also commented out including /etc/httpd/extra/httpd-dav.config. Didn't help.

If I remove the passwords file, restart, and try the page, I get it, no complaints, no errors.

mfoley · 08-29-2018, 10:16 PM

OK ... it's working now. I have absolutely no idea what I did, if anything, to get it working. My <Directory> is now:

Code:

<Directory "/srv/httpd/htdocs">
    Options FollowSymLinks
AllowOverride AuthConfig
    Require all granted
</Directory>

which is what I had back in post #2. Grrrr! I'll try some more things like making a separate <Directory> block for this specific path, and post back.

While I'm experimenting, is there a way to make authentication apply only to, or exclude from, an IP range? For example, if I did not want to require authentication for 192.168.0.0/24?

Later ...

Actually, I think I answered my own question. Put "require ip 192.168.0.0/24" in the .htaccess file. That seems to work.

ondoho · 08-30-2018, 12:39 AM

no idea what fixed it in the end, but the slash at the end was definitely wrong:

Quote:

Originally Posted by mfoley

Code:

<Directory "/srv/httpd/htdocs/calendars/testing" />

mfoley · 08-31-2018, 12:46 AM

Quote:

Originally Posted by ondoho

no idea what fixed it in the end, but the slash at the end was definitely wrong:

Yeah, that must have been it. The 1st <Directory> entry in the file (original to the installation) is:

Code:

<Directory />
    AllowOverride none
    Require all denied
</Directory>

So, I copied that syntax. It is however true that the directives with paths do not have the />. Nevertheless, mine with the /> did pass the 'httpd -t' syntax check. Anyway, I'll assume that was the problem and stick a fork in this one. Thanks.