Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 702
  • Last Modified:

Setting .htaccess protection.

Hello, I have a apache server running on xp machine. I need certain section of the web page blocked from all user. I have set up a htaccess page but what happens is that when I get to the protected page instead of getting a pop with an option with user name and passwd i get a page with something like this;

john:$apr1$lP5.....$x8n/QngyoJLwZbZpwxbqJ/  

John is the user name i have set. What could be the issue??


Thank you.
0
aej1973
Asked:
aej1973
  • 7
  • 7
  • 4
2 Solutions
 
periwinkleCommented:
I use Apache under Linux, but I did find a good Windows/Apache tutorial:

http://sniptools.com/tutorials/windows-apache-and-htaccess-authentication

That rather looks like a Linux apache .htaccess password file...
0
 
aej1973Author Commented:
Not able to get it to work for some reason. It takes me to the page in want to protect without asking me for a username or password.
0
 
ahoffmannCommented:
sounds like you misconfigured .htaceess, can you please post its content
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
aej1973Author Commented:
This is the htaccess file.

AuthType Basic
AuthUserFile C:\apache\Apache2\htdocs\purchase_order\admin.php
AuthName "Restricted"
<LIMIT GET POST>
require valid-user
</LIMIT>
0
 
ahoffmannCommented:
> AuthUserFile C:\apache\Apache2\htdocs\purchase_order\admin.php

you should point to your password file there, not a .php file (nevertheless any extension should be meaningless here)
0
 
periwinkleCommented:
ahoffmann is correct - the AuthUserFile should contain your username and passwords that were created via the htpasswd program.

Generally, the full path to this program is placed outside of the web page directory for security purposes.
0
 
aej1973Author Commented:
Hoffmann, thank you for the reply, but can you be more specific.

I need to protect my admin.php file which is one of the files in my purchase_order folder. Now the command i write for the password is in bin dir, so  this if this is the steps i will need to follow;
htaccess file:

AuthType Basic
AuthUserFile C:\apache\Apache2\htdocs\purchase_order\passwd_file
AuthName "Restricted"
<LIMIT GET POST>
require valid-user
</LIMIT>


c:\apache\apache2\bin: htpasswd -c  passwd_file john

Will not this protect my purchase_order dir? What will I have to do to protect only a certain file in this dir.Also what will  I need to edit in the httpd.conf  file? Thank you for your answers.

A


0
 
periwinkleCommented:
You actually password protect a directory, not just a file; any files in your purchase_order folder will be password protected if that is where the .htaccess file lives.  It should start with a period btw;  not htaccess but .htaccess

If your httpd.conf file permits overrides, like:

AllowOverride ALL

Did you take a look at:

http://sniptools.com/tutorials/windows-apache-and-htaccess-authentication

?  It shows how these commands should look.  If you use VirtualHosts instead of just one web site, though, I would state that you should put this inside your VirtualHost container instead of the default.
0
 
ahoffmannCommented:
as periwinkle explained, you have to place your .htaccess in the same directory as admin.php
0
 
aej1973Author Commented:
Ok, now it worked to a point wher i have the pop up that asks me for my user name and passed., but the problem is that it is not allowing me to enter the dir even after supplying the correct pw and username.
0
 
periwinkleCommented:
are you certain that you are entering in the username and password correctly?  Generally, .htaccess authentication is case sensitive - that means that John isn't the same as john ...
0
 
aej1973Author Commented:
ues i am quite sure. Infact i changed the username and pw a few times but it is still not letting me in.
0
 
periwinkleCommented:
Try moving the C:\apache\Apache2\htdocs\purchase_order\passwd_file outside of the htdocs hierarchy.  Adjust the directory in the .htaccess file, and try again.
0
 
ahoffmannCommented:
what do your error_logs report about the failed access?
0
 
aej1973Author Commented:
[Wed Apr 12 16:23:51 2006] [error] [client 127.0.0.1] (OS 5)Access is denied.  : Could not open password file: C:/apache/Apache2/htdocs/purchase_order
[Wed Apr 12 16:23:51 2006] [error] [client 127.0.0.1] user arun not found: /purchase_order
[Wed Apr 12 16:24:00 2006] [error] [client 127.0.0.1] (OS 5)Access is denied.  : Could not open password file: C:/apache/Apache2/htdocs/purchase_order
[Wed Apr 12 16:24:00 2006] [error] [client 127.0.0.1] user arunj not found: /purchase_order
[Wed Apr 12 16:24:09 2006] [error] [client 127.0.0.1] (OS 5)Access is denied.  : Could not open password file: C:/apache/Apache2/htdocs/purchase_order
[Wed Apr 12 16:24:09 2006] [error] [client 127.0.0.1] user arun not found: /purchase_order
[Wed Apr 12 16:26:19 2006] [error] [client 127.0.0.1] (OS 5)Access is denied.  : Could not open password file: C:/apache/Apache2/htdocs/purchase_order
[Wed Apr 12 16:26:19 2006] [error] [client 127.0.0.1] user carun not found: /purchase_order

this  are my error logs
0
 
periwinkleCommented:
That's the directory, not the password file - you need to have the full path including the password file on the AuthFileName directive.
0
 
periwinkleCommented:
Is it working now?  If so, congratulations!
0
 
aej1973Author Commented:
It is working,  thanks a ton.

A
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

  • 7
  • 7
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now