| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 53104 | 2005-01-07 10:39:00 | Apache Passwords | Altec_ (2950) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 311724 | 2005-01-07 10:39:00 | I'm running Apache 2.0.52 (the lastest) and try as I might, I cannot get BasicAuth working! I have a .htpasswd file in /passwd/.htpasswd the contents: emma:$apr1$/A3.....$NBT0pC6iUHyyFL/vnM1x/. In my .htaccess file (in /htdocs) I have: AuthType Basic AuthName "Restricted Files" AuthUserFile /passwds Require user emma In my httpd.conf file, i have the following: <Directory /> Options FollowSymLinks AllowOverride AuthConfig </Directory> When I goto my website, I don't have to authenticate. I have tried it through a proxy too, still no pop up to enter username and pass. Even if I have 'Deny from all' it has no effect, through just going http://localhost or going through a proxy. It seems the server is just ignoring the .htaccess file all together. Any ideas? (I've tried several tutorials including the official one) |
Altec_ (2950) | ||
| 311725 | 2005-01-07 10:56:00 | Needs to be the full path - here's a working config (hash removed): -------------------------------------------------------- .htaccess: deny from all AuthUserFile /servers/blink/html/.htpasswd AuthName "Blink Secure" AuthType Basic AuthGroupFile /dev/null require valid-user Satisfy any .htpasswd: username:hash -------------------------------------------------------- You might wanna use this tool to generate your crypts as well - that one you've posted looks odd: www.4webhelp.net I'd also try changing your AllowOveride to: AllowOverride All On my server thats in access.conf but that will be configuration specific methinks. IIRC apache won't let you protect a base site directory without that set, only subfolders. |
ninja (1671) | ||
| 311726 | 2005-01-07 11:10:00 | Still nothing :( Here is the URL anyway, http://nothingelse.dyndns.org Here's more details, Apache was installed at c:\program files\apache group\apache2 Web folder /htdocs Password folder /passwd htaccess: deny from all AuthUserFile /passwd/.htpasswd AuthName "Restricted" AuthType Basic AuthGroupFile /dev/null require valid-user Satisfy any htpasswd: emma:63hv/mzjthed2 I still get nothing :S Would you get the auth box even if you just went to http://localhost? Edit: Ah yes, even with AllowOverride All, no luck |
Altec_ (2950) | ||
| 311727 | 2005-01-07 11:22:00 | Umm ok... apache on windows... eek... umm download a Debian ISO? But seriously: Ok, for a start Windows doesn't let you call a file ".htaccess" or ".htpasswd" a filename generally has to be something.xxx or something.something I would suggest firstly, changing the name of your htaccess file to ht.acl (or something) and then changing the AccessFileName directive in the httpd.conf to match. What is the exact path to the "htpasswd" file equivalent? And the filename - I doubt it is ".htpasswd"? ie: C:\Somefolder\Someother\passwd.txt (or whatever) Maybe try checking this: sniptools.com |
ninja (1671) | ||
| 311728 | 2005-01-07 11:34:00 | It was a battle to let me name a file .htaccess but it let me in the end. The complete path is c:\program files\apache group\apache2\passwd\.htpasswd What about the .htpasswd waht do I rename that to? |
Altec_ (2950) | ||
| 311729 | 2005-01-07 11:39:00 | It was a battle to let me name a file . htaccess but it let me in the end . The complete path is c:\program files\apache group\apache2\passwd\ . htpasswd What about the . htpasswd waht do I rename that to? Well . . more power to you I guess if you got it to work . If the complete path it as above, try: AuthUserFile c:\program files\apache group\apache2\passwd\ . htpasswd (with the other stuff in the normal htaccess file) If it still gives issues, try changing the file name to htpasswd . txt (or similar) and use: AuthUserFile c:\program files\apache group\apache2\passwd\htpasswd . txt I don't think Windows would handle the . htetc filenames too well . This should work . Though that said, if the . htaccess file was working in any case, it should prompt for a password even if the . htpasswd file isn't there (at least it does on *nix systems) Check that the AccessFileName directive in the httpd . conf does specify . htaccess as the name, or failing that - try changing this to something like htaccess . txt and renaming the htaccess file . |
ninja (1671) | ||
| 311730 | 2005-01-07 11:53:00 | Seriously though, try working step by step through this: sniptools.com It's for an older version of Apache but the principles should be the same. Imma go to bed now, will revisit in the morning. Ok, and the other thing is you could try: AuthUserFile "c:\program files\apache group\apache2\passwd\htpasswd.txt" Not sure if that'd help (obviously make sure the filename at the end matches whatever you set up |
ninja (1671) | ||
| 311731 | 2005-01-07 12:02:00 | All my base belongs to you! Woot! That link you gave solved all my problems, thank you very much! |
Altec_ (2950) | ||
| 311732 | 2005-01-07 12:04:00 | All my base belongs to you! Woot! That link you gave solved all my problems, thank you very much! No worries... just for completeness sake, do you want to post your final htacess and htpasswd files here (sans the password hash) in the event someone else is researching the same thing (we hit pretty high on Google). Edit: You now need to change your password. Posting the hash on the intarweb means that someone (like me) could crack the password - see your PM box. Oh, and it's "all my base are belong to you!" |
ninja (1671) | ||
| 311733 | 2005-01-07 12:58:00 | Oh, and it's "all my base are belong to you!" Ah yes, brain lapse. I was also trying to make a weak joke :) ht.acl: AuthUserFile c:/apache/apache2/bin/passwd.txt AuthName "This Blog Is Restricted." AuthType Basic <Limit GET POST> require valid-user </Limit> AllowOverride was set to All for / AccessFileName was set to ht.acl .htaccess I ended up using the htpasswd for encryttion (but its not that strong ;-)) I just used this (sniptools.com) tutorial, as mentioned above. |
Altec_ (2950) | ||
| 1 | |||||