Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

enable .htaccess files within ssl.conf

Posted on 2004-10-18
3
Medium Priority
?
1,265 Views
Last Modified: 2008-03-17
i'm trying to use htaccess files on my secure site but i can't get them to work, i was hoping someone could tell me how to edit the file to allow a subdirectory to be password protected

i.e.  html/secure_dir/


my ssl.conf file roughly looks like this

<IfDefine SSL>
Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism
#   to use and second the expiring timeout (in seconds).
#SSLSessionCache        none
#SSLSessionCache        shmht:logs/ssl_scache(512000)
#SSLSessionCache        shmcb:logs/ssl_scache(512000)
SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300

#   Semaphore:
#   Configure the path to the mutual exclusion semaphore the
#   SSL engine uses internally for inter-process synchronization.
SSLMutex  file:logs/ssl_mutex

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin


<VirtualHost XXX.XXX.XXX.XXX:443>

#  General setup for the virtual host

DocumentRoot "/usr/local/apache/domain/html"
ServerName www.domain.com:443
ServerAdmin admin@domain.com
ErrorLog /usr/local/apache/domain/logs/ssl_error_log
TransferLog /usr/local/apache/domain/logs/ssl_access_log

.....
certificate crap
.....

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars +
</Files>

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

</IfDefine>
0
Comment
Question by:philjones85
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 13

Accepted Solution

by:
gripe earned 2000 total points
ID: 12341041
Do you have an AllowOverride directive set to 'none' somewhere in your config that is cascading down to your Virtual hosts? You may need to set a <Directory> block and 'AllowOverride all' (or whatever .htaccess directives you'd like to allow) on the directory you want to use.
0
 
LVL 13

Expert Comment

by:gripe
ID: 12341058
Here is an example of how to configure an .htaccess file to allow for authentication:

AuthType Basic
AuthName "Password Required"
AuthUserFile /www/passwords/password.file
AuthGroupFile /www/passwords/group.file
Require Group admins

Note that you must use htpasswd to set up your password file with the appropriate users.

What is the problem you're seeing exactly? Could you post the contents of the .htaccess file you're trying to use?

0
 
LVL 6

Author Comment

by:philjones85
ID: 12341480
i haven't seen any documentation that adds directories to the ssl.conf file, i didn't know you could do that.

that was the problem though, i added:

<Directory "/">
        AllowOverride All
        Options FollowSymLinks
        Order allow,deny
        Allow from all
</Directory>

to the ssl.conf file and it works fine now, thanks.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses
Course of the Month10 days, 7 hours left to enroll

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question