You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Singh <ap...@rediffmail.com> on 2004/09/01 23:32:43 UTC

[users@httpd] How to write .htpasswd in

Hi friends...
I am trying to secure my application directory in Apache. I made a .htpasswd file under /home/user/apache2/ using the command
htpasswd -c .htpasswd username. My query is how to implement this thing? My config file looks something like this :

------snip-----
DocumentRoot "/var/www/html/apps" #apps is the directory where application is placed.
<Directory />
    Options Indexes FollowSymLinks
    AllowOverride None
    Order Deny,Allow
    Deny from all
</Directory>
<Directory "/var/www/html">
	Options Indexes FollowSymLinks
	Order allow,deny
	Deny from all
        #Allow from x.x.x.x (terminal address in LAN) 
	AuthType Basic
	AuthUserFile /home/user/apache2/.htpasswd
	AuthName "Authentication Please"
	Require valid-user
	Satisfy any
	#AllowOverride All
	AllowOverride AuthConfig
</Directory>
<Limit GET POST>
Require valid-user
</Limit>
<Directory "/var/www/html/apps">
        AllowOverride All
        Options Indexes FollowSymLinks
        Order allow,deny
        Allow from all
</Directory>

Regards

Re: [users@httpd] How to write .htpasswd in

Posted by Joshua Slive <js...@gmail.com>.

On 1 Sep 2004 21:32:43 -0000, Singh <ap...@rediffmail.com> wrote:
> Hi friends...
> I am trying to secure my application directory in Apache. I made a .htpasswd file under /home/user/apache2/ using the command
> htpasswd -c .htpasswd username. My query is how to implement this thing? My config file looks something like this :
> 
> ------snip-----
> DocumentRoot "/var/www/html/apps" #apps is the directory where application is placed.
> <Directory />
>     Options Indexes FollowSymLinks
>     AllowOverride None
>     Order Deny,Allow
>     Deny from all
> </Directory>
> <Directory "/var/www/html">
>         Options Indexes FollowSymLinks
>         Order allow,deny
>         Deny from all
>         #Allow from x.x.x.x (terminal address in LAN)
>         AuthType Basic
>         AuthUserFile /home/user/apache2/.htpasswd
>         AuthName "Authentication Please"
>         Require valid-user
>         Satisfy any
>         #AllowOverride All
>         AllowOverride AuthConfig
> </Directory>
> <Limit GET POST>
> Require valid-user
> </Limit>
> <Directory "/var/www/html/apps">
>         AllowOverride All
>         Options Indexes FollowSymLinks
>         Order allow,deny
>         Allow from all
> </Directory>

The main problem is that, since you have "Satisfy Any", the "Allow
from all" in the last section overrides any access control and allows
everyone to access the site.  Try getting rid of everything you have
there and simply having:
<Directory "/var/www/html/apps">
         Options Indexes FollowSymLinks
         AuthType Basic
         AuthUserFile /home/user/apache2/.htpasswd
         AuthName "Authentication Please"
         Require valid-user
</Directory>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org