Solved

500 internal server error after setting .htaccess and .htpasswd

Posted on 2002-06-08
11
8,701 Views
Last Modified: 2012-06-27
Hi experts,

I got "500 internal server error" after configuring files .htaccess and .htpasswd in my directory on a site from which i have some space to put my stuff.

The site displays the following:
"Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, blahblah(my email address on that site) and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log."



And followed is the site's instruction on how to PASSWORD PROTECT directories:
yes you can. you can create usernames and passwrods for directories using the 'htpasswd' command.

step 1: create a file called '.htaccess' in the directory you want to protect
AuthUserFILE /path/to/my/directory/.htpasswd
AuthGroupFILE /dev/null
AuthNAME "my protected files"
AuthTYPE Basic
require valid-user
<limit GET POST PUT>
order allow,deny
allow from all
</limit>

Step2: run the 'htpasswd' command, for the first time:
htpasswd -c .htpasswd myuser1
you will be prompted to enter a password for the new user. After theis first user is created, you can then add additional users with:
htpasswd .htpasswd myuser2

next, reference your site with a ~ style URL, for instance: http://blahblah.org/~username and NOT http://username.blahblah.org



OK back to the problem i have.

I strictly followed these steps but still get the "500 internal server" error. I guess there must be something wrong with my configuration about .htaccess and .htpasswd...... if i removed these two files, everything's fine.

I don't think this is a very difficult problem to solve, but i just couldn't figure it out. Can someone out there give me a hand?
KEN

0
Comment
Question by:ken021600
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
11 Comments
 
LVL 15

Expert Comment

by:samri
ID: 7065224
ken,

First thing to look is the server log, specifically the error_log file.  


Try adding the following line;
"AuthAuthoritative  On"

So you .htaccess would look like;
----.htaccesss

AuthUserFILE /path/to/my/directory/.htpasswd
AuthGroupFILE /dev/null
AuthNAME "my protected files"
AuthTYPE Basic
"AuthAuthoritative  On"

require valid-user
<limit GET POST PUT>
order allow,deny
allow from all
</limit>
-----------


Next, try removing (commenting out, the;  (I personally think that there is no problem with this directive)).

<limit GET POST PUT>
order allow,deny
allow from all
</limit>

Some links that you might want to take a peek;

http://httpd.apache.org/docs/howto/auth.html
http://httpd.apache.org/docs/misc/FAQ.html

Specific FAQ that might be related.
http://httpd.apache.org/docs/misc/FAQ.html#authauthoritative
0
 
LVL 15

Expert Comment

by:samri
ID: 7065227
Ken,

apology,

you need to remove the quote ("),

AuthUserFILE /path/to/my/directory/.htpasswd
AuthGroupFILE /dev/null
AuthNAME "my protected files"
AuthTYPE Basic
AuthAuthoritative  On

require valid-user
<limit GET POST PUT>
order allow,deny
allow from all
</limit>
0
 

Author Comment

by:ken021600
ID: 7065951
Hi Samri,

Nice to see you again! (I had a feeling that you'd "jump out" and give me a hand :))

Well, i've figured it out. the line "order allow,deny" should be--->order 'allow,deny', coz order takes only one parameter.

anyway, you pointed out "AuthAuthoritative On", without which the authentication won't work. so i'll give you my points.

by the way, do you want to take a look at another question i posted? I'm not happy with the answers i got...
http://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=linux&qid=20308503

Thanks,
KEN
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 15

Expert Comment

by:samri
ID: 7066019
ken,

the Order directive looks ok, and should not have any quote around it.  If it works with ' (single quote), I'm really not sure.  

First try to leave the Order allow,deny untouch, and just add the "AuthAuthoritative On".  That alone (i believe) should get the authentication goes thru.

Back to the other Q.
 I am pretty much agree with psimation's. on the definition.

cheers.
0
 

Author Comment

by:ken021600
ID: 7066079
K.

before finalizing this thread, just 2 very quick questions to ask:

1) it came to my attention that the mode setting of .htaccess and .htpasswd is important in terms of authentication. i just don't understand the mode for .htpasswd should be 744... i think the .htaccess file will get username and password from the browser and it will compare them with that in the .htpasswd file. so i think this is all done on the server side. why should we give all others the "r" bit? i tried to set it 700, but the password authentication just wouldn't work.

2) this is a little bit off the topic. but since this is a quick question, i would guess that you won't mind...
i downloaded the gpg package for windows and decompressed it. under DOS, i punched in "gpg" and i was told:
gpg:  c:/gnupg/secring.gpg:  keyring created
gpg:  c:/gnupg/pubring.gpg:  keyring created
gpg: go ahead and type your message...

i gave some keystrokes to my keyboard, thinking this is because gpg need some random number. but it just didn't give me any output! i typed for a long time and nothing happened! i had a look at files secring.gpg and pubring.gpg---they have 0 bytes.

so what's going on? how much should i type? or maybe i did it the wrong way?

Thanks,
KEN
0
 

Author Comment

by:ken021600
ID: 7066090
sorry i forgot to put the following down:

if the files .htpasswd has to be set 744, then other users on the system could read it. and by copying the content of it and doing some algorithm tricks, they could figure out what the password is... is this a security issue?

Thanks,
KEN
0
 
LVL 15

Expert Comment

by:samri
ID: 7066189
Ken,

On the permission issue;  Remember that the webserver itself is running as a "user" on the system, and bearing that in mind, it has to somehow get proper access to the file.  Permission 744 (rwxr--r--), will give the creator - full access, group - read, and others - read.   It is closely related to who created the files at the first place.  In most cases, people tend to login as root (or su to root) for managig such files, and that is where the complication begins.  The permission 744 is needed since apache is running as apache, and the file is owned by root.

Consider the following two files;
-rwxr--r--         root   root   .htpasswd
-r-x------         apache apache .htpasswd1

File one has 744 permission

and for the second parts; you could create the file and changes ownership to allow only user apache, and/or group=apache to access the file to ensure that other users on the system does not have access to it.

Another approach is to create a separate folder just to store the passwd, and protect that folder.  One quick way to do is;

Create a folder, and give only 500 permission, and change the ownership to apache/apache (or whatever uid apache would be running).

gpg - hmm.. i never tried that.  should anything good comes up, I 'll post it here.

cheers.
0
 
LVL 15

Expert Comment

by:samri
ID: 7066200
ken,

tried gpg the other day, got the same problem.  try again.  Yeah... something look goods..

You could get some help by doing "gpg --help".

Briefly,

1. You need to generate the key first; Do a "gpg --gen-key".  Answer a few question, and try "gpg --list-keys".  At the point, you will have something

2. Sign the file; "gpg --sign <file>", the output fill be "file.gpg";  Tht output file looks ecrypted.

Still woking on decrypting it. :(

This is as far as I got at the moment.



0
 
LVL 15

Expert Comment

by:samri
ID: 7066201
ken,

gpg --decyrpt file.gpg > outfile.txt would reverse the enc.

The question now is; I doesn't event know where is the PGP signature.
0
 
LVL 15

Accepted Solution

by:
samri earned 50 total points
ID: 7066211
ken,

the README.W32, and FAQ is very informative.  I would recoomend you to take a look (as I am reading it now).

cheers.
0
 

Author Comment

by:ken021600
ID: 7068659
Thanks samri!

I appreciate your explanation to the mode-setting bit. As to  gpg under windows, don't worry about it. i'll take a look at the FAQ and README.WIN32...

see you next time,
KEN
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question