htaccess configuration quickie

htaccess configuration quickie

am 14.09.2007 10:20:18 von Tim Gordon

Hi,

I've been pulling my hair out with this so any pointers as to where I should
start would be appreciated.

I've a directory, 'admin' in my apache2 server that I want to protect from
access and be prompted for a user name and password- the complete directory
structure is:

/srv/www/ htdocs/admin

htdocs is the document root and I created an 'allowlist' in the www
directory. I've created a .htaccess file within the admin directory
containing:

AuthUserFile /srv/www/allowlist
AuthGroupFile /dev/null

AuthName "TheSecretpage"

AuthType Basic



require valid-user



The httpd.conf file has:


# forbid access to the entire filesystem by default



Options None

AllowOverride All

Order deny,allow

Deny from all







Options All

AllowOverride All

Order deny,allow

Deny from all





# use .htaccess files for overriding,

AccessFileName .htaccess

# and never show them

#

# Order allow,deny

# Deny from all

#



At present I am not getting prompted for a user/password and am getting
access denied when I try and access the directory.

Any ideas?

Thanks in advance

Tim

--
I never wish I was not what I was not when I didn't wish what I was not was
not what I am not.

Re: htaccess configuration quickie

am 14.09.2007 10:23:26 von unknown

Post removed (X-No-Archive: yes)

Re: htaccess configuration quickie

am 14.09.2007 10:37:02 von Tim Gordon

"Davide Bianchi" wrote in message
news:slrnfekh5o.2pn.davideyeahsure@fogg.onlyforfun.net...
> On 2007-09-14, Tim Gordon wrote:
>> # forbid access to the entire filesystem by default
>>
>>
>> Options None
>> AllowOverride All
>> Order deny,allow
>> Deny from all <---- NOTE
>>
>>
>>
>> Options All
>> AllowOverride All
>> Order deny,allow
>> Deny from all <--- NOTE
>>
>
> This way you basically deny any access to such directory.
>
>> At present I am not getting prompted for a user/password and am getting
>> access denied when I try and access the directory.
>>
>> Any ideas?
>
> Yeah, get rid of the 'deny' bit and put an 'allow from all' instead.
>
> Davide

Thanks, but that cannot be correct. My root directory is working for
annoymous browsing no problem at all. I did the change you suggested
though, to the admin directory, and now I have full access. Still no prompt
for user or password though.

Anyone else any thoughts or ideas?

Tim

--
I never wish I was not what I was not when I didn't wish what I was not was
not what I am not.

Re: htaccess configuration quickie

am 14.09.2007 10:40:48 von unknown

Post removed (X-No-Archive: yes)

Re: htaccess configuration quickie

am 14.09.2007 10:49:27 von Tim Gordon

"Davide Bianchi" wrote in message
news:slrnfeki69.2pn.davideyeahsure@fogg.onlyforfun.net...
> On 2007-09-14, Tim Gordon wrote:
>> Thanks, but that cannot be correct. My root directory is working for
>> annoymous browsing no problem at all. I did the change you suggested
>> though, to the admin directory, and now I have full access. Still no
>> prompt
>> for user or password though.
>
> One step at a time. Now you have access to the directory, it's time
> to check if the .htaccess is read and why it doesn't work. Any
> informations
> in the error_log?

Nothing in the error log and the access log is normal too. I have a piece
of text at the end of my .htaccess file 'GARBAGE' which, if the file was
being read, I thought I'd get an error somewhere.

> How did you created the 'accesslist'?

Mmm. An online tool.

Tim

--
I never wish I was not what I was not when I didn't wish what I was not was
not what I am not.

Re: htaccess configuration quickie

am 14.09.2007 11:00:04 von unknown

Post removed (X-No-Archive: yes)

Re: htaccess configuration quickie

am 14.09.2007 11:15:22 von Tim Gordon

"Davide Bianchi" wrote in message
news:slrnfekjad.2pn.davideyeahsure@fogg.onlyforfun.net...
> On 2007-09-14, Tim Gordon wrote:
>> Nothing in the error log and the access log is normal too. I have a
>> piece
>> of text at the end of my .htaccess file 'GARBAGE' which, if the file was
>> being read, I thought I'd get an error somewhere.
>
> Ok, so now the problem is that your .htaccess is not read. I think that
> somewhere in your configuration your block is overridden,
> I'd start by changing the block as follow (if I remember correctly your
> original post and you haven't falsified anything) :
>
>
> Options All
> AllowOverride All
> Order allow,deny
> Allow from all
>
>
> (restart apache of course after doing this)
>
> then post your config file.
>
>> Mmm. An online tool.
>
> Watch out: if the password is encrypted with a different library than
> the one installed on the server it won't work. Always and only use
> the standard htpasswd program.


That's done it! Thanks very much.

I got a server error 500 to start with. I then remembered to take the
'garbage' text out from the .htaccess and now it works a dream.

Tim

--
I never wish I was not what I was not when I didn't wish what I was not was
not what I am not.