htaccess not password protecting directory in a web server

Question

amish123 0 Newbie Poster

14 Years Ago

hey guys, would really appreciate if you could help me out.

on my web server, i have created a directory, to which i want password protection.
for that i have created a .htaccess file and saved it in that directory.
Also, i have created a .htpasswd file and saved it in another directory.
I have set authconfig to all in the apache config file.

below are the details of my above file, please let me know where im going wrong,

.htpasswd file contains, this line, root:7rF2c3QN5gWeh

.htacces contains the following,

AuthUserFile /var/.htpasswd
AuthType Basic
AuthName "My Secret Folder"
Require valid-user

apache2.conf contains,
<Directory "/usr/share/apache2/error">
AllowOverride All
# Options IncludesNoExec
# AddOutputFilter Includes html
# AddHandler type-map var
# Order allow,deny
# Allow from all
# LanguagePriority en cs de es fr it nl sv pt-br ro
# ForceLanguagePriority Prefer Fallback
</Directory>

im working on, Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny4

the prob what i think is the path to the htpasswd file. so i tried many different combination, but no success yet.

Thanks.
Amish.

apache

2 Contributors
5 Replies
180 Views
5 Days Discussion Span
Latest Post 14 Years Ago Latest Post by sknake

sknake 1,622 Senior Poster

14 Years Ago

Please use code tags when posting code/config files on daniweb:

What are the permissions on the .htpasswd file? ls -al /var/.htpasswd Do you see any error messages in /var/log/apache2/? Also the password hashes for htpasswd are weak, so you should change the password since you posted it up here.

I configure authentication in the apache config instead of directory level htaccess. Is this an option for you? Here is an example:

<Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
                AuthType Basic
                AuthName "Apex Repository"
                AuthUserFile /etc/apache2/htpasswd
                Require valid-user
        </Directory>

Edited 11 Years Ago by happygeek because: fixed formatting

sknake 1,622 Senior Poster

14 Years Ago

Post any relevant lines from your access.log or error.log

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

amish123 0 Newbie Poster · Answer 1 · 2010-01-08T04:05:17+00:00

hey sknake, thanks for your reply.

I did as you said, i put the following code into my apache server config file,

<Directory "/var/www/">
      Options Indexes FollowSymLinks MultiViews
      AllowOverride None
      Order allow,deny
      allow from all
      AuthType Basic
      AuthName "Apex Repository"
      AuthUserFile /var/.htpasswd
      Require valid-user
    </Directory>

And the permissions for my htpasswd file is 644

yet no expected result, am still able to login to my server directly from browser, with no asking for password.

Im trying to understand the log file, will let u know in my next reply.

thanks

amish123 0 Newbie Poster · Answer 2 · 2010-01-11T23:41:59+00:00

Hey sknake,

Thank you very much, it worked today.

Although I don't understand why it didn't worked on friday, when i make the changes and restarted the Apache server to make sure that configuration changes apply.

Anyways, all good as long as things works. :)

One more thing I was wondering about is, why it didn't worked with the directory level htaccess. Could you shed some light on it?

Thanks,
Amish.

sknake 1,622 Senior Poster Featured Poster · Answer 3 · 2010-01-12T06:05:13+00:00

Not off hand... I don't know what would cause that. I have never used directory level access before :(

Please mark this thread as solved if you have found a solution to your problem and good luck!