Member Avatar for Mosco

Ok i am running an apache server , on my window;s xp. For some reason i when i make a .htaccess file and put it into my www - dir its doesnt promt for a password or anything.!

This is what i have for my .htaccess file

AuthUserFile d:/www/.htpasswd
AuthType Basic
AuthName "My Private Area"
require valid-user

For some reason i cant even edit my server.conf file, It gives me a server error ever time i do. I found out it doesnt like the (AuthUserFile) command line.

Please some one help me out.!

  • 4 Contributors
  • 8 Replies
  • 446 Views
  • 7 Years Discussion Span
  • Latest Post Latest Post by isouza
Member Avatar for Dani

I don't know anything about Apache for windows, but are you sure the path isn't D:\www\.htpasswd ? And does the file exist?

Member Avatar for Mosco

I tryed it d:/www/.htpasswd and d:\www\.htpasswd None of them seem to work.! Yes the password file is in the riht dir.

Member Avatar for TheOgre

I tryed it d:/www/.htpasswd and d:\www\.htpasswd None of them seem to work.! Yes the password file is in the riht dir.

If you're trying to limit access on a particular directory within your /www/ directory, you have to first create a user account and password using the htpasswd utility using the -a switch and then specify which file the password will be stored in, then reference that file within httpd.conf

Example:


<Directory /usr/local/www/mydomain.com/secure>
AuthType Basic
AuthName "Members Only"
AuthUserFile /usr/local/www/passwords
Require valid-user
</Directory>

The syntax for htpasswd is as follows:


user@host$ htpasswd
Usage:
htpasswd [-cmdps] passwordfile username
htpasswd -b[cmdps] passwordfile username password

htpasswd -n[mdps] username
htpasswd -nb[mdps] username password
-c Create a new file.
-n Don't update file; display results on stdout.
-m Force MD5 encryption of the password.
-d Force CRYPT encryption of the password (default).
-p Do not encrypt the password (plaintext).
-s Force SHA encryption of the password.
-b Use the password from the command line rather than prompting for it.
On Windows, TPF and NetWare systems the '-m' flag is used by default.
On all other systems, the '-p' flag will probably not work.


Then, in the directories you want protected, place .htaccess in that directory with the following contents:

Options Indexes FollowSymLinks Includes
 AddType text/html .html
 AddHandler server-parsed .html
Member Avatar for Mosco

Hrmm, i cant edit the Httpd.Conf file...! When i do edit the httpd.cong file and goto restart apache it says.

===========
ERROR
===========
Coulnd not perform requested operation

I deleted this command that u suggested i put into my httpd.conf file and the server worked again.!

<Directory /usr/local/www/mydomain.com/secure>
AuthType Basic
AuthName "Members Only"
AuthUserFile /usr/local/www/passwords
Require valid-user
</Directory>

Member Avatar for Mosco

The http.conf file doesnt like it when this is in their ( AuthUserFile ).
Im at a loss because i dont know why it doesnt like that command.! :sad:

here is the contents of my httpd.conf file, maybe some one can spot an error.!


Listen 80
ServerRoot "/www/Apache2"
DocumentRoot "/www/webroot"
ServerName localhost:80
ServerAdmin admin@yourdomain.com
ServerSignature On
ServerTokens Full
DefaultType text/plain
AddDefaultCharset ISO-8859-1
UseCanonicalName Off
HostnameLookups Off
ErrorLog logs/error.log
LogLevel error
PidFile logs/httpd.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15

<IfModule mpm_winnt.c>
ThreadsPerChild 250
MaxRequestsPerChild 0
</IfModule>

LoadModule access_module modules/mod_access.so
#LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
#LoadModule asis_module modules/mod_asis.so
#LoadModule auth_module modules/mod_auth.so
#LoadModule auth_anon_module modules/mod_auth_anon.so
#LoadModule auth_dbm_module modules/mod_auth_dbm.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule cgi_module modules/mod_cgi.so
#LoadModule dav_module modules/mod_dav.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dir_module modules/mod_dir.so
#LoadModule env_module modules/mod_env.so
#LoadModule expires_module modules/mod_expires.so
#LoadModule file_cache_module modules/mod_file_cache.so
LoadModule headers_module modules/mod_headers.so
#LoadModule imap_module modules/mod_imap.so
#LoadModule include_module modules/mod_include.so
LoadModule info_module modules/mod_info.so
#LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule negotiation_module modules/mod_negotiation.so
#LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
#LoadModule speling_module modules/mod_speling.so
LoadModule status_module modules/mod_status.so
#LoadModule unique_id_module modules/mod_unique_id.so
#LoadModule userdir_module modules/mod_userdir.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
<IfDefine SSL>
LoadModule ssl_module modules/mod_ssl.so
</IfDefine>
LoadModule deflate_module modules/mod_deflate.so
LoadModule perl_module modules/mod_perl.so
LoadModule php4_module /www/php/php4apache2.dll

<Directory />
<IfModule mod_deflate.c>
# AddOutputFilterByType DEFLATE text/html text/plain text/xml
# The above does not seem to work under win32 100%, we will use this instead...
SetOutputFilter DEFLATE
<IfModule mod_headers.c>
Header append Vary User-Agent
</IfModule>
</IfModule>
Options FollowSymLinks
AllowOverride
order deny,allow
deny from all
</Directory>

<Directory "/www/webroot">
order allow,deny
allow from all
</Directory>

<IfModule mod_cgi.c>
<IfModule mod_alias.c>
ScriptAlias /cgi-bin/ "/www/cgi-bin/"
</IfModule>
<Directory "/www/cgi-bin">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</IfModule>

#####For mod_perl Hello example, \www\perl\site\lib\Apache\Hello.pm
#
PerlModule Apache::Hello
<Location /hello>
SetHandler modperl
PerlResponseHandler Apache::Hello
</Location>
#
#####End mod_perl Hello example

#####For Apache::ASP examples
#
# AccessFileName .htaccess
#
# <Files ~ "^\.htaccess$">
# order allow,
#
# </Files>
#
<Directory "/www/webroot/asp-example">
order deny,allow
deny from all
# allow from 192.168.1.101
# Options FollowSymLinks
# AllowOverride All
</Directory>
#
#####End Apache::ASP examples

#####Apache::ASP setup
#
<IfModule mod_perl.c>
PerlModule Apache::ASP
<Files ~ (\.asp)>
SetHandler perl-script
PerlHandler Apache::ASP
PerlSetVar Global .
PerlSetVar StateDir /tmp/asp
</Files>
</IfModule>
#
#####End Apache::ASP setup

<Directory "/www/webroot/phpMyAdmin">
order deny,allow
deny from all
allow from 192.168.1.101
</Directory>
<Directory "/www/webroot/analog">
order deny,allow
deny from all
allow from 192.168.1.101
</Directory>
<IfModule mod_log_config.c>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
CustomLog logs/access.log combined
<IfModule mod_deflate.c>
DeflateFilterNote Input instream
DeflateFilterNote Output outstream
DeflateFilterNote Ratio ratio
LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
CustomLog logs/deflate.log deflate
</IfModule>
</IfModule>
<IfModule mod_dir.c>
DirectoryIndex index.html index.php index.asp
</IfModule>
<IfModule mod_mime.c>
TypesConfig conf/mime.types
AddType application/x-tar .tgz
AddType application/x-rar-compressed .rar
<IfModule sapi_apache2.c>
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
</IfModule>
</IfModule>
<IfModule mod_setenvif.c>
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
<IfModule mod_deflate.c>
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
</IfModule>
</IfModule>
<IfModule mod_status.c>
ExtendedStatus On
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 192.168.1.101
</Location>
</IfModule>
<IfModule mod_info.c>
<Location /server-info>
SetHandler server-info
Order deny,allow
Deny from all
Allow from 192.168.1.101
</Location>
</IfModule>
<IfModule mod_ssl.c>
Include conf/ssl.conf
</IfModule>

Member Avatar for TheOgre

OK, first of all, you have to have a directory you want to protect already created within C:\www\webroot. For example, C:\www\webroot\sample\

Then, in httpd.conf, you need to add the example I pasted earlier, but modify it so the path is correct for your environment, like this:


<Directory C:\www\webroot\sample>
AuthType Basic
AuthName "Members Only"
AuthUserFile C:\www\passwords
Require valid-user
</Directory>


After you've modified your httpd.conf file and created the directory, you need to add a user and set a password for that user with the htpasswd command (see my previous post.)

Then, create/copy the .htaccess file in C:\www\webroot and restart Apache so it reads the config file (httpd.conf) and implements the changes.

If you don't have an index.html file already in that directory (\sample\) and you just want Apache to list the files available in that directory, comment out the following line in httpd.conf:

#LoadModule autoindex_module modules/mod_autoindex.so

so it reads:

LoadModule autoindex_module modules/mod_autoindex.so

and restart Apache.

I've found it's a LOT easier to use the htpasswd command to create a userid and password than it is to use .htaccess in the directory you want to protect.

You also need to have this uncommented in httpd.conf:


# AccessFileName .htaccess
#
# <Files ~ "^\.htaccess$">
# order allow,
#
# </Files>


so it reads:


# AccessFileName .htaccess
#
<Files ~ "^\.htaccess$">
Order allow,deny
Deny from all
Satisfy All
</Files>


Change:
ServerName localhost:80

to:
ServerName localhost

You don't need to specify the port it listens on, as that's another variable already defined by:

Port 80

And just out of curiosity, why can't you edit httpd.conf? There should be a menu shortcut labeled something like, "Edit Apache configuration file" on the Start Menu. If you can't edit it by that, then open httpd.conf with Notepad - it's in the directory you installed Apache into.

Let me know what happens.

Member Avatar for Mosco

I fixed the problem of my .htaccess not working and my httpd.conf messing up my server.! As it turned out my Loadmodules had a # in front of some of them in which was messing up the server

But thank you for trying to help out.! :)

Member Avatar for isouza

It's simple...
Puts AllowOverride FileInfo in the Directory Directive!

<Directory /usr/local/www/mydomain.com/secure>
AllowOverride FileInfo
AuthType Basic
AuthName "Members Only"
AuthUserFile /usr/local/www/passwords
Require valid-user
</Directory>
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.