You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Singh <ap...@rediffmail.com> on 2004/09/01 23:32:43 UTC
[users@httpd] How to write .htpasswd in
Hi friends...
I am trying to secure my application directory in Apache. I made a .htpasswd file under /home/user/apache2/ using the command
htpasswd -c .htpasswd username. My query is how to implement this thing? My config file looks something like this :
------snip-----
DocumentRoot "/var/www/html/apps" #apps is the directory where application is placed.
<Directory />
Options Indexes FollowSymLinks
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
Order allow,deny
Deny from all
#Allow from x.x.x.x (terminal address in LAN)
AuthType Basic
AuthUserFile /home/user/apache2/.htpasswd
AuthName "Authentication Please"
Require valid-user
Satisfy any
#AllowOverride All
AllowOverride AuthConfig
</Directory>
<Limit GET POST>
Require valid-user
</Limit>
<Directory "/var/www/html/apps">
AllowOverride All
Options Indexes FollowSymLinks
Order allow,deny
Allow from all
</Directory>
Regards
Re: [users@httpd] How to write .htpasswd in
Posted by Joshua Slive <js...@gmail.com>.
On 1 Sep 2004 21:32:43 -0000, Singh <ap...@rediffmail.com> wrote:
> Hi friends...
> I am trying to secure my application directory in Apache. I made a .htpasswd file under /home/user/apache2/ using the command
> htpasswd -c .htpasswd username. My query is how to implement this thing? My config file looks something like this :
>
> ------snip-----
> DocumentRoot "/var/www/html/apps" #apps is the directory where application is placed.
> <Directory />
> Options Indexes FollowSymLinks
> AllowOverride None
> Order Deny,Allow
> Deny from all
> </Directory>
> <Directory "/var/www/html">
> Options Indexes FollowSymLinks
> Order allow,deny
> Deny from all
> #Allow from x.x.x.x (terminal address in LAN)
> AuthType Basic
> AuthUserFile /home/user/apache2/.htpasswd
> AuthName "Authentication Please"
> Require valid-user
> Satisfy any
> #AllowOverride All
> AllowOverride AuthConfig
> </Directory>
> <Limit GET POST>
> Require valid-user
> </Limit>
> <Directory "/var/www/html/apps">
> AllowOverride All
> Options Indexes FollowSymLinks
> Order allow,deny
> Allow from all
> </Directory>
The main problem is that, since you have "Satisfy Any", the "Allow
from all" in the last section overrides any access control and allows
everyone to access the site. Try getting rid of everything you have
there and simply having:
<Directory "/var/www/html/apps">
Options Indexes FollowSymLinks
AuthType Basic
AuthUserFile /home/user/apache2/.htpasswd
AuthName "Authentication Please"
Require valid-user
</Directory>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org