You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Tom <du...@usa.net> on 2003/01/14 22:54:50 UTC
[users@httpd] .htaccess help
I think I have read every guide on the net about .htaccess (well maybe not all but quite a few), but I cannot locate an answer to my problem.
I created a .htaccess file in the /var/www/html/bd/ directory of a Redhat 7.2 system. Containing:
AuthUserFile /usr/local/bd/.htpasswd
AuthName Members
AuthType Basic
<Limit GET>
require vailid-user
</Limit>
I then created a .htpasswd file in /usr/local/bd and entered a user and password.
I then go to another machine and enter the url in I.E.
http://domain-name/bd/
The index.html file loads with out asking for a User/Password.
I have searched the internet, reviewed my httpd.conf file, I cannot see what is wrong and why this will not work.
Thanks,
Tom
Re: [users@httpd] .htaccess help
Posted by Tom <du...@usa.net>.
I gave it another go this morning. What I was doing was restarting httpd
after each change. Evidently that was not enough. I rebooted the computer
and WOW it works now. So the httpd stop then httpd start apparently was
not recognizing the changes that I was making...
Oh well, it works now.
Thanks for your help.
Tom
----- Original Message -----
From: "Joshua Slive" <jo...@slive.ca>
To: <us...@httpd.apache.org>
Sent: Wednesday, January 15, 2003 9:05 AM
Subject: Re: [users@httpd] .htaccess help
>
> On Tue, 14 Jan 2003, DUFFER wrote:
> > I went throught the httpd.conf file and changed AllowOverride None to
> > AllowOverride AuthConfig.
> > Restarted apache and still no go.
> > I can freely open the pages in that directory. I even put jiberish in
the
> > first line of the .htaccess file which should return an error if the
> > .htaccess file is being used. So it is not even looking for it.
> >
> > I guess I need to wipe the harddrive and start over. Its screwed up
> > somewhere, but none of the changes I make seems to make any difference.
> > Well this is a learning experience anyway.
>
> No, you don't need to wipe out the harddrive. If the .htaccess file is
> not being read, the problem is 99.999% AllowOverride. Take another look
> through your config. Put it a specific directory section
> <Directory /full/path/to/directory>
> AllowOverride AuthConfig
> </Directory>
>
> Alternatively, forget the .htaccess file and just put the auth directives
> directly in the directory section in httpd.conf.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] .htaccess help
Posted by Joshua Slive <jo...@slive.ca>.
On Tue, 14 Jan 2003, DUFFER wrote:
> I went throught the httpd.conf file and changed AllowOverride None to
> AllowOverride AuthConfig.
> Restarted apache and still no go.
> I can freely open the pages in that directory. I even put jiberish in the
> first line of the .htaccess file which should return an error if the
> .htaccess file is being used. So it is not even looking for it.
>
> I guess I need to wipe the harddrive and start over. Its screwed up
> somewhere, but none of the changes I make seems to make any difference.
> Well this is a learning experience anyway.
No, you don't need to wipe out the harddrive. If the .htaccess file is
not being read, the problem is 99.999% AllowOverride. Take another look
through your config. Put it a specific directory section
<Directory /full/path/to/directory>
AllowOverride AuthConfig
</Directory>
Alternatively, forget the .htaccess file and just put the auth directives
directly in the directory section in httpd.conf.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] .htaccess help
Posted by Jerry Martin <ch...@hotmail.com>.
Extremely basic, but have you restarted the server?
-----Original Message-----
From: DUFFER [mailto:duffer@usa.net]
Sent: Tuesday, January 14, 2003 9:01 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] .htaccess help
I found the <Limit GET> on one of the turtorials on the web, I don't
recall
which one. I looked at a whole bunch of them.
It just happened to be the last one I tried.
I went throught the httpd.conf file and changed AllowOverride None to
AllowOverride AuthConfig.
Restarted apache and still no go.
I can freely open the pages in that directory. I even put jiberish in
the
first line of the .htaccess file which should return an error if the
.htaccess file is being used. So it is not even looking for it.
I guess I need to wipe the harddrive and start over. Its screwed up
somewhere, but none of the changes I make seems to make any difference.
Well this is a learning experience anyway.
Thanks for the input.
----- Original Message -----
From: "Joshua Slive" <jo...@slive.ca>
To: <us...@httpd.apache.org>
Sent: Tuesday, January 14, 2003 4:02 PM
Subject: Re: [users@httpd] .htaccess help
>
> On Tue, 14 Jan 2003, Tom wrote:
>
> > I think I have read every guide on the net about .htaccess (well
maybe
> > not all but quite a few), but I cannot locate an answer to my
problem.
>
> Well, you haven't been reading very good tutorials.
>
> >
> > I created a .htaccess file in the /var/www/html/bd/ directory of a
> > Redhat 7.2 system. Containing:
> > AuthUserFile /usr/local/bd/.htpasswd
> > AuthName Members
> > AuthType Basic
> > <Limit GET>
> > require vailid-user
> > </Limit>
>
> Why the <Limit GET> and </Limit>? Those are NOT needed, and are a
> possible security risk. Who told you to use those?
>
> > The index.html file loads with out asking for a User/Password.
>
> Check the setting of AllowOverride in httpd.conf. It must include at
> least AuthConfig to get it to read the .htaccess file.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] .htaccess help
Posted by DUFFER <du...@usa.net>.
I found the <Limit GET> on one of the turtorials on the web, I don't recall
which one. I looked at a whole bunch of them.
It just happened to be the last one I tried.
I went throught the httpd.conf file and changed AllowOverride None to
AllowOverride AuthConfig.
Restarted apache and still no go.
I can freely open the pages in that directory. I even put jiberish in the
first line of the .htaccess file which should return an error if the
.htaccess file is being used. So it is not even looking for it.
I guess I need to wipe the harddrive and start over. Its screwed up
somewhere, but none of the changes I make seems to make any difference.
Well this is a learning experience anyway.
Thanks for the input.
----- Original Message -----
From: "Joshua Slive" <jo...@slive.ca>
To: <us...@httpd.apache.org>
Sent: Tuesday, January 14, 2003 4:02 PM
Subject: Re: [users@httpd] .htaccess help
>
> On Tue, 14 Jan 2003, Tom wrote:
>
> > I think I have read every guide on the net about .htaccess (well maybe
> > not all but quite a few), but I cannot locate an answer to my problem.
>
> Well, you haven't been reading very good tutorials.
>
> >
> > I created a .htaccess file in the /var/www/html/bd/ directory of a
> > Redhat 7.2 system. Containing:
> > AuthUserFile /usr/local/bd/.htpasswd
> > AuthName Members
> > AuthType Basic
> > <Limit GET>
> > require vailid-user
> > </Limit>
>
> Why the <Limit GET> and </Limit>? Those are NOT needed, and are a
> possible security risk. Who told you to use those?
>
> > The index.html file loads with out asking for a User/Password.
>
> Check the setting of AllowOverride in httpd.conf. It must include at
> least AuthConfig to get it to read the .htaccess file.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] .htaccess help
Posted by Joshua Slive <jo...@slive.ca>.
On Tue, 14 Jan 2003, Tom wrote:
> I think I have read every guide on the net about .htaccess (well maybe
> not all but quite a few), but I cannot locate an answer to my problem.
Well, you haven't been reading very good tutorials.
>
> I created a .htaccess file in the /var/www/html/bd/ directory of a
> Redhat 7.2 system. Containing:
> AuthUserFile /usr/local/bd/.htpasswd
> AuthName Members
> AuthType Basic
> <Limit GET>
> require vailid-user
> </Limit>
Why the <Limit GET> and </Limit>? Those are NOT needed, and are a
possible security risk. Who told you to use those?
> The index.html file loads with out asking for a User/Password.
Check the setting of AllowOverride in httpd.conf. It must include at
least AuthConfig to get it to read the .htaccess file.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] .htaccess help
Posted by Jacob Coby <jc...@listingbook.com>.
> I created a .htaccess file in the /var/www/html/bd/ directory of a Redhat
7.2 system. Containing:
> AuthUserFile /usr/local/bd/.htpasswd
> AuthName Members
> AuthType Basic
> <Limit GET>
> require vailid-user
> </Limit>
you misspelt "require valid-user"
Take out the Limit part, and just have the valid-user and see if you can
challenge-authenticate against that. If it works, add the limit back.
Don't try to get everything working in one big swoop, start small and build
from there :-)
-Jacob
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org