You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "LeTortorec, Jean-Louis" <JL...@healthcore.com> on 2002/03/28 17:15:44 UTC
help on htaccess/htpasswd
Hi there.
I'm trying to protect a particular folder of my website.
For that, I created a .htaccess file in that folder:
AuthUserFile /.../html/.htpasswd
AuthGroupFile /dev/null
AuthName "My folder"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
And then I created the /.../html/.htpassd:
/usr/local/apache/bin/htpasswd -c .htpasswd newusername
Now I have .htpasswd, .htaccess, and the following line in httpd.conf:
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>
I guess I forgot something because the protection does not work. I should
have a pop-up window asking me for my username and password. Any help? (the
Apache log files do not help)
Thanks.
About the previous question on subdomains, I'm working on it with my ISP.
I'll keep you posted.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: help on htaccess/htpasswd
Posted by Joshua Slive <jo...@slive.ca>.
On Thu, 28 Mar 2002, LeTortorec, Jean-Louis wrote:
>
> AuthUserFile /.../html/.htpasswd
> AuthGroupFile /dev/null
> AuthName "My folder"
> AuthType Basic
> <Limit GET POST>
> require valid-user
> </Limit>
Please take whatever documentation you are using and throw it away. It is
giving you bad advice. Some good documentation is available here:
http://httpd.apache.org/docs/howto/auth.html
Some problems I see:
1. Don't place the password file in a web-accessible directory.
2. Don't use <Limit GET POST> and </Limit>. They are unnecessary and
possibly a security risk.
3. You probably need to read:
http://httpd.apache.org/docs/misc/FAQ.html#htaccess-work
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org