Setting .htaccess protection.

Hello, I have a apache server running on xp machine. I need certain section of the web page blocked from all user. I have set up a htaccess page but what happens is that when I get to the protected page instead of getting a pop with an option with user name and passwd i get a page with something like this;

john:$apr1$lP5.....$x8n/QngyoJLwZbZpwxbqJ/  

John is the user name i have set. What could be the issue??


Thank you.
aej1973Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

periwinkleCommented:
I use Apache under Linux, but I did find a good Windows/Apache tutorial:

http://sniptools.com/tutorials/windows-apache-and-htaccess-authentication

That rather looks like a Linux apache .htaccess password file...
0
aej1973Author Commented:
Not able to get it to work for some reason. It takes me to the page in want to protect without asking me for a username or password.
0
ahoffmannCommented:
sounds like you misconfigured .htaceess, can you please post its content
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

aej1973Author Commented:
This is the htaccess file.

AuthType Basic
AuthUserFile C:\apache\Apache2\htdocs\purchase_order\admin.php
AuthName "Restricted"
<LIMIT GET POST>
require valid-user
</LIMIT>
0
ahoffmannCommented:
> AuthUserFile C:\apache\Apache2\htdocs\purchase_order\admin.php

you should point to your password file there, not a .php file (nevertheless any extension should be meaningless here)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
periwinkleCommented:
ahoffmann is correct - the AuthUserFile should contain your username and passwords that were created via the htpasswd program.

Generally, the full path to this program is placed outside of the web page directory for security purposes.
0
aej1973Author Commented:
Hoffmann, thank you for the reply, but can you be more specific.

I need to protect my admin.php file which is one of the files in my purchase_order folder. Now the command i write for the password is in bin dir, so  this if this is the steps i will need to follow;
htaccess file:

AuthType Basic
AuthUserFile C:\apache\Apache2\htdocs\purchase_order\passwd_file
AuthName "Restricted"
<LIMIT GET POST>
require valid-user
</LIMIT>


c:\apache\apache2\bin: htpasswd -c  passwd_file john

Will not this protect my purchase_order dir? What will I have to do to protect only a certain file in this dir.Also what will  I need to edit in the httpd.conf  file? Thank you for your answers.

A


0
periwinkleCommented:
You actually password protect a directory, not just a file; any files in your purchase_order folder will be password protected if that is where the .htaccess file lives.  It should start with a period btw;  not htaccess but .htaccess

If your httpd.conf file permits overrides, like:

AllowOverride ALL

Did you take a look at:

http://sniptools.com/tutorials/windows-apache-and-htaccess-authentication

?  It shows how these commands should look.  If you use VirtualHosts instead of just one web site, though, I would state that you should put this inside your VirtualHost container instead of the default.
0
ahoffmannCommented:
as periwinkle explained, you have to place your .htaccess in the same directory as admin.php
0
aej1973Author Commented:
Ok, now it worked to a point wher i have the pop up that asks me for my user name and passed., but the problem is that it is not allowing me to enter the dir even after supplying the correct pw and username.
0
periwinkleCommented:
are you certain that you are entering in the username and password correctly?  Generally, .htaccess authentication is case sensitive - that means that John isn't the same as john ...
0
aej1973Author Commented:
ues i am quite sure. Infact i changed the username and pw a few times but it is still not letting me in.
0
periwinkleCommented:
Try moving the C:\apache\Apache2\htdocs\purchase_order\passwd_file outside of the htdocs hierarchy.  Adjust the directory in the .htaccess file, and try again.
0
ahoffmannCommented:
what do your error_logs report about the failed access?
0
aej1973Author Commented:
[Wed Apr 12 16:23:51 2006] [error] [client 127.0.0.1] (OS 5)Access is denied.  : Could not open password file: C:/apache/Apache2/htdocs/purchase_order
[Wed Apr 12 16:23:51 2006] [error] [client 127.0.0.1] user arun not found: /purchase_order
[Wed Apr 12 16:24:00 2006] [error] [client 127.0.0.1] (OS 5)Access is denied.  : Could not open password file: C:/apache/Apache2/htdocs/purchase_order
[Wed Apr 12 16:24:00 2006] [error] [client 127.0.0.1] user arunj not found: /purchase_order
[Wed Apr 12 16:24:09 2006] [error] [client 127.0.0.1] (OS 5)Access is denied.  : Could not open password file: C:/apache/Apache2/htdocs/purchase_order
[Wed Apr 12 16:24:09 2006] [error] [client 127.0.0.1] user arun not found: /purchase_order
[Wed Apr 12 16:26:19 2006] [error] [client 127.0.0.1] (OS 5)Access is denied.  : Could not open password file: C:/apache/Apache2/htdocs/purchase_order
[Wed Apr 12 16:26:19 2006] [error] [client 127.0.0.1] user carun not found: /purchase_order

this  are my error logs
0
periwinkleCommented:
That's the directory, not the password file - you need to have the full path including the password file on the AuthFileName directive.
0
periwinkleCommented:
Is it working now?  If so, congratulations!
0
aej1973Author Commented:
It is working,  thanks a ton.

A
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.