You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "--[ UxBoD ]--" <ux...@splatnix.net> on 2011/01/22 13:45:26 UTC
[users@httpd] Password Protection Ignored
Hi,
I have a reports directory I wish to secure and have created the necessary .htaccess file:
AuthUserFile /www/security/somedomain_access
AuthType Basic
AuthName "Restricted Access"
Require user someuser
I believe my virtual host config is correct:
<VirtualHost *:80>
ServerAdmin webmaster@somedomain.co.uk
DocumentRoot "/www/somedomain.co.uk"
<Directory /www/somedomain.co.uk/>
AllowOverride All
</Directory>
ServerName www.somedomain.co.uk
ServerAlias somedomain.co.uk
ExpiresActive On
ExpiresByType text/html "access plus 30 seconds"
ExpiresByType text/css "access plus 2 weeks"
ExpiresByType text/javascript "access plus 2 weeks"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
AddOutputFilterByType DEFLATE text/html text/css text/xml application/x-javascript application/javascript application/xml
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
DeflateCompressionLevel 6
Header append Vary User-Agent
ErrorLog "logs/www.somedomain.co.uk-error.log"
CustomLog "logs/www.somedomain.co.uk-access.log" common
</VirtualHost>
Though when I navigate to http://www.somedomain.co.uk/reports/test.html I am never prompted for a user/password :( If I add some random text to .htaccess then I do receive a Server Error so the file is being processed. Thoughts please ?
--
Thanks, Phil
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Password Protection Ignored
Posted by Jeroen Geilman <je...@adaptr.nl>.
On 1/24/11 9:38 AM, --[ UxBoD ]-- wrote:
>
> ----- Original Message -----
>> On 1/22/11 1:45 PM, --[ UxBoD ]-- wrote:
>>> Hi,
>>>
>>> I have a reports directory I wish to secure and have created the
>>> necessary .htaccess file:
>> Don't.
>> Just use the configuration file if you have access to it.
>>
>> It will make life so much easier.
>>
>>
>>
>> --
>> J.
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See<URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
> I have tried as-well adding it directly to httpd-vhosts.conf and get the same result :( Here is the virtual host entry if anybody can see what I have done wrong :(
>
Include logs from accesses so we can see what happens.
Also check if global or htaccess-based rewriting is going on anywhere.
--
J.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Password Protection Ignored
Posted by "--[ UxBoD ]--" <ux...@splatnix.net>.
----- Original Message -----
> On 1/22/11 1:45 PM, --[ UxBoD ]-- wrote:
> > Hi,
> >
> > I have a reports directory I wish to secure and have created the
> > necessary .htaccess file:
>
> Don't.
> Just use the configuration file if you have access to it.
>
> It will make life so much easier.
>
>
>
> --
> J.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
I have tried as-well adding it directly to httpd-vhosts.conf and get the same result :( Here is the virtual host entry if anybody can see what I have done wrong :(
<VirtualHost *:80>
ServerAdmin webmaster@somedomain.co.uk
DocumentRoot "/www/somedomain.co.uk"
<Directory /www/somedomain.co.uk/>
AllowOverride All
</Directory>
<Directory /www/somedomain.co.uk/reports/>
AuthUserFile /www/security/access
AuthType Basic
AuthName "Restricted Access"
Require user secretuser
Allow from all
Order deny,allow
</Directory>
ServerName www.somedomain.co.uk
ServerAlias somedomain.co.uk
ExpiresActive On
ExpiresByType text/html "access plus 30 seconds"
ExpiresByType text/css "access plus 2 weeks"
ExpiresByType text/javascript "access plus 2 weeks"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
AddOutputFilterByType DEFLATE text/html text/css text/xml application/x-javascript application/javascript application/xml
# Deactivate compression for buggy browsers
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
DeflateCompressionLevel 6
# Set header information for proxies
Header append Vary User-Agent
ErrorLog "logs/www.somedomain.co.uk-error.log"
CustomLog "logs/www.somedomain.co.uk-access.log" common
</VirtualHost>
--
Thanks, Phil
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Password Protection Ignored
Posted by Jeroen Geilman <je...@adaptr.nl>.
On 1/22/11 1:45 PM, --[ UxBoD ]-- wrote:
> Hi,
>
> I have a reports directory I wish to secure and have created the necessary .htaccess file:
Don't.
Just use the configuration file if you have access to it.
It will make life so much easier.
--
J.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Password Protection Ignored
Posted by "--[ UxBoD ]--" <ux...@splatnix.net>.
----- Original Message -----
> Have you checked the Order directive?
>
> Also I usually have the Basic authentication in a Location tag to
> ensure its been applied to the right URL.
>
> On Sat, Jan 22, 2011 at 11:45 PM, --[ UxBoD ]-- <ux...@splatnix.net>
> wrote:
> > Hi,
> >
> > I have a reports directory I wish to secure and have created the
> > necessary .htaccess file:
> >
> > AuthUserFile /www/security/somedomain_access
> > AuthType Basic
> > AuthName "Restricted Access"
> > Require user someuser
> >
> > I believe my virtual host config is correct:
> >
> > <VirtualHost *:80>
> > ServerAdmin webmaster@somedomain.co.uk
> > DocumentRoot "/www/somedomain.co.uk"
> > <Directory /www/somedomain.co.uk/>
> > AllowOverride All
> > </Directory>
> >
> > ServerName www.somedomain.co.uk
> > ServerAlias somedomain.co.uk
> >
> > ExpiresActive On
> > ExpiresByType text/html "access plus 30 seconds"
> > ExpiresByType text/css "access plus 2 weeks"
> > ExpiresByType text/javascript "access plus 2 weeks"
> > ExpiresByType image/png "access plus 1 month"
> > ExpiresByType image/gif "access plus 1 month"
> > ExpiresByType image/jpg "access plus 1 month"
> >
> > AddOutputFilterByType DEFLATE text/html text/css text/xml
> > application/x-javascript application/javascript application/xml
> >
> > BrowserMatch ^Mozilla/4 gzip-only-text/html
> > BrowserMatch ^Mozilla/4\.0[678] no-gzip
> > BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
> >
> > DeflateCompressionLevel 6
> >
> > Header append Vary User-Agent
> >
> > ErrorLog "logs/www.somedomain.co.uk-error.log"
> > CustomLog "logs/www.somedomain.co.uk-access.log" common
> > </VirtualHost>
> >
> > Though when I navigate to
> > http://www.somedomain.co.uk/reports/test.html I am never prompted
> > for a user/password :( If I add some random text to .htaccess then I
> > do receive a Server Error so the file is being processed. Thoughts
> > please ?
> > --
> > Thanks, Phil
> >
How do you mean, please ?
--
Thanks, Phil
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Password Protection Ignored
Posted by Devraj Mukherjee <de...@gmail.com>.
Have you checked the Order directive?
Also I usually have the Basic authentication in a Location tag to
ensure its been applied to the right URL.
On Sat, Jan 22, 2011 at 11:45 PM, --[ UxBoD ]-- <ux...@splatnix.net> wrote:
> Hi,
>
> I have a reports directory I wish to secure and have created the necessary .htaccess file:
>
> AuthUserFile /www/security/somedomain_access
> AuthType Basic
> AuthName "Restricted Access"
> Require user someuser
>
> I believe my virtual host config is correct:
>
> <VirtualHost *:80>
> ServerAdmin webmaster@somedomain.co.uk
> DocumentRoot "/www/somedomain.co.uk"
> <Directory /www/somedomain.co.uk/>
> AllowOverride All
> </Directory>
>
> ServerName www.somedomain.co.uk
> ServerAlias somedomain.co.uk
>
> ExpiresActive On
> ExpiresByType text/html "access plus 30 seconds"
> ExpiresByType text/css "access plus 2 weeks"
> ExpiresByType text/javascript "access plus 2 weeks"
> ExpiresByType image/png "access plus 1 month"
> ExpiresByType image/gif "access plus 1 month"
> ExpiresByType image/jpg "access plus 1 month"
>
> AddOutputFilterByType DEFLATE text/html text/css text/xml application/x-javascript application/javascript application/xml
>
> BrowserMatch ^Mozilla/4 gzip-only-text/html
> BrowserMatch ^Mozilla/4\.0[678] no-gzip
> BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
>
> DeflateCompressionLevel 6
>
> Header append Vary User-Agent
>
> ErrorLog "logs/www.somedomain.co.uk-error.log"
> CustomLog "logs/www.somedomain.co.uk-access.log" common
> </VirtualHost>
>
> Though when I navigate to http://www.somedomain.co.uk/reports/test.html I am never prompted for a user/password :( If I add some random text to .htaccess then I do receive a Server Error so the file is being processed. Thoughts please ?
> --
> Thanks, Phil
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org