Ask Question Forum:
Model Library:2025-02-08 Updated:A.I. model is online for auto reply question page
C
O
M
P
U
T
E
R
2
8
Show
#
ASK
RECENT
←
- Underline
- Bold
- Italic
- Indent
- Step
- Bullet
- Quote
- Cut
- Copy
- Paste
- Table
- Spelling
- Find & Replace
- Undo
- Redo
- Link
- Attach
- Clear
- Code
Below area will not be traslated by Google,you can input code or other languages
Hint:If find spelling error, You need to correct it,1 by 1 or ignore it (code area won't be checked).
X-position of the mouse cursor
Y-position of the mouse cursor
Y-position of the mouse cursor
Testcursor
caretPos
Attachment:===
Asked by vkimura2007
at 2024-07-30 01:56:58
ModifyPoint:500 Replies:15 POST_ID:829162USER_ID:12056
Topic:
Linux;Linux Distributions;Linux Network Security
Hi,
I'm trying to use .htaccess password to protect my directory and it's sub directories.
I have this in my .htaccess file for the directory:
I'm trying to use .htaccess password to protect my directory and it's sub directories.
I have this in my .htaccess file for the directory:
AuthName "Restricted Area"AuthType BasicAuthUserFile /home/htpass/.htpasswdAuthGroupFile /dev/nullrequire valid-user 1:2:3:4:5:
for my .htpasswd I have:
But when I go to the directory I get an "Internal Server Error".
When I delete the .htaccess file from the directory then it becomes a Forbidden error. So I'm assuming something is wrong with the .htaccess file.
How can I password protect my directory recursively using .htaccess?
Thank you and Father bless<">"<"
Author: vkimura2007 replied at 2024-08-25 20:34:40
Kyanwan was correct about the AllowOverride AuthConfig setting. Thank you all!
Assisted Solution
Expert: serialband replied at 2024-08-07 10:39:44
75 points EXCELLENT
If you're just blocking search engine bots, you just need to place a robots.txt file in your web site root folder with the following entries. Legitimate search bots will honor it.
Also, that password hash seems a bit short. It may be an outdated hash algorithm. Try this
I generated that with the linux command line htpasswd command, but you can go to this page and it will generate a more modern hash.
http://www.htaccesstools.com/htpasswd-generator-windows/
Author: vkimura2007 replied at 2024-07-31 19:54:18
Ok, strange. The window Auth message popped up in IE.
AuthType BasicAuthName "restricted area"AuthUserFile /home/myultrat/public_html/l4/.htpasswdrequire valid-user 1:2:3:4:
I placed the .htpasswd in the same directory as .htaccess to see if it was a permissions issue.
This is in my .htpasswd:
It's encrypted. I generated the file from here:
http://www.tools.dynamicdrive.com/password/
The pass is 'test' without quotes. Nothing secure about the site. I'm just using it to block all search engine bots from accessing and crawling it. Just a Laravel proj test on the pub directory. (just fyi).
In IE the Auth message popped up and then I entered my credentials and then I can see the spinning wheel trying to access the page. I placed an index.html in that page as well. What could be wrong?
here's the url:
/home/myultrat/public_html/l4
Expert: serialband replied at 2024-07-31 19:17:13
If you've already entered a usernam/password, you'll have to clear it from the browser cache. The easiest way is to restart your browser.
Expert: Seth Simmons replied at 2024-07-31 18:53:55
the 403 forbidden could be something different
maybe that user doesn't have access to that folder or there is no default page and document index is off
maybe that user doesn't have access to that folder or there is no default page and document index is off
Author: vkimura2007 replied at 2024-07-31 18:38:06
Hi Seth Simmons,
Ok, I got it to work for one moment and I saw the login Auth popup. I entered the info (maybe I typed something wrong) and then it's a Forbidden error. I changed the chown to:
chown -R nobody:nobody /home/htpass/.htpasswd
my httpd.conf is under nobody user. Is that ok?
Maybe I typed my pass or username wrong but I can't get access to the Authorization message/popup. How do I reset it?
Ok, I got it to work for one moment and I saw the login Auth popup. I entered the info (maybe I typed something wrong) and then it's a Forbidden error. I changed the chown to:
chown -R nobody:nobody /home/htpass/.htpasswd
my httpd.conf is under nobody user. Is that ok?
Maybe I typed my pass or username wrong but I can't get access to the Authorization message/popup. How do I reset it?
Assisted Solution
Expert: serialband replied at 2024-07-31 18:38:01
50 points EXCELLENT
You put both .htpasswd and .htaccess in the directories you wish to protect. You can put it in root or in any folder, assuming you set it in the configuration to allow users to do so. Each directory can be protected with separate .htaccess and .htpasswd settings. You can specify the location of the .htpasswd in .htaccess, and it's easiest if they're in the same folders for better clarity, so you don't have to dig around each .htaccess file to find them.
Author: vkimura2007 replied at 2024-07-31 18:04:23
Hi duncanb7,
I don't think that's correct.
We're supposed to put the .htaccess (not the .htpasswd) in the directory that needs to be protected. You have it the other way around, friend.
AuthUserFile /home/htpass/.htpasswd
is the directive for where the .htpasswd should be placed which is outside the public folder. =)
I don't think that's correct.
We're supposed to put the .htaccess (not the .htpasswd) in the directory that needs to be protected. You have it the other way around, friend.
AuthUserFile /home/htpass/.htpasswd
is the directive for where the .htpasswd should be placed which is outside the public folder. =)
Expert: duncanb7 replied at 2024-07-30 19:29:00
there is no any user for denying besides the directory you set auth right
.htaccess is always in root or hosting roots(public_html) directory as usual.
Just put the .htpasswd for the directory you want protect
Duncan
.htaccess is always in root or hosting roots(public_html) directory as usual.
Just put the .htpasswd for the directory you want protect
Duncan
Expert: Seth Simmons replied at 2024-07-30 18:11:14
yeah...if the apache account is used for the process and doesn't have rights to access that folder
Author: vkimura2007 replied at 2024-07-30 17:04:05
Hi duncanb7,
I don't wish to deny access at the public_html folder. Wouldn't that deny everyone from accessing the website with those commands?
---
Hi Seth Simmons,
Do you mean something like?
chown -R apache:apache /home/htpass/.htpasswd
I don't wish to deny access at the public_html folder. Wouldn't that deny everyone from accessing the website with those commands?
---
Hi Seth Simmons,
Do you mean something like?
chown -R apache:apache /home/htpass/.htpasswd
Accepted Solution
Expert: kyanwan replied at 2024-07-30 11:24:59
250 points EXCELLENT
In your httpd.conf - make sure you:
AllowOverride AuthConfig
for the directory you're trying to activate Auth for.
[ The internal server error? If you go to error.log, you might see a "not allowed here' somewhere in there for that access. "AllowOverride none" is a common configuration, as it offers heightened security. If your override is not permitted, Apache will throw a server error when it picks up your attempt to request Auth via override if override is not enabled for the directory where you dropped the htaccess. ]
AllowOverride AuthConfig
for the directory you're trying to activate Auth for.
[ The internal server error? If you go to error.log, you might see a "not allowed here' somewhere in there for that access. "AllowOverride none" is a common configuration, as it offers heightened security. If your override is not permitted, Apache will throw a server error when it picks up your attempt to request Auth via override if override is not enabled for the directory where you dropped the htaccess. ]
Expert: Seth Simmons replied at 2024-07-30 06:45:50
i tested that same code and it works fine for me; only changed the path to the password file
as a sanity check, does the account that apache runs as have access to the .htpasswd file or /home/htpass folder?
i took my file and changed ownership to something other than the account apache uses and it returned a 500; the error log showed permission denied, couldn't open password file
i would check the account used and the folder/file access for that account first
if that isn't an issue then the apache error log should show the reason for the server error
as a sanity check, does the account that apache runs as have access to the .htpasswd file or /home/htpass folder?
i took my file and changed ownership to something other than the account apache uses and it returned a 500; the error log showed permission denied, couldn't open password file
i would check the account used and the folder/file access for that account first
if that isn't an issue then the apache error log should show the reason for the server error
Assisted Solution
Expert: duncanb7 replied at 2024-07-30 02:36:37
75 points EXCELLENT
Please put back the .htaccess file to original place that is setup by your server administrator.
Put the code as follows into the .htaccess file at original location, for example .at public_html
Put the code as follows into the .htaccess file at original location, for example .at public_html
AuthType BasicAuthName "Password Protected Area"AuthUserFile /path/to/.htpasswdRequire valid-user 1:2:3:4:
And make sure the .htpasswd file is exactly at file path , run this php script to check
your full path as follows code.
<?php$dir = dirname(__FILE__);echo "<p>Full path to this dir: " . $dir . "</p>";$filename= $dir . "/.htpasswd";if (file_exists($filename)) { echo "The file $filename exists";echo "<p>Full path to a .htpasswd file in this dir: " . $dir . "/.htpasswd" . "</p>";} else { echo "The file $filename does not exist";}?> 1:2:3:4:5:6:7:8:9:10:11:
Hope understand your question completely.If not, pls pt it out
Duncan
Assisted Solution
Expert: Edwin Hoffer replied at 2024-07-30 02:18:10
50 points EXCELLENT
Update your .htaccess code to this:
AuthType BasicAuthName "restricted area"AuthUserFile /home/htpass/.htpasswdrequire valid-user 1:2:3:4:
And generate htaccess password from here:
http://www.htaccesstools.com/htpasswd-generator/
Also you can check these articles:
http://davidwalsh.name/password-protect-directory-using-htaccess
http://css-tricks.com/easily-password-protect-a-website-or-subdirectory/
Thanks
Edwin
