Link to home
Start Free TrialLog in
Avatar of aej1973
aej1973

asked on

Setting .htaccess protection.

Hello, I have a apache server running on xp machine. I need certain section of the web page blocked from all user. I have set up a htaccess page but what happens is that when I get to the protected page instead of getting a pop with an option with user name and passwd i get a page with something like this;

john:$apr1$lP5.....$x8n/QngyoJLwZbZpwxbqJ/  

John is the user name i have set. What could be the issue??


Thank you.
Avatar of periwinkle
periwinkle
Flag of United States of America image

I use Apache under Linux, but I did find a good Windows/Apache tutorial:

http://sniptools.com/tutorials/windows-apache-and-htaccess-authentication

That rather looks like a Linux apache .htaccess password file...
Avatar of aej1973
aej1973

ASKER

Not able to get it to work for some reason. It takes me to the page in want to protect without asking me for a username or password.
sounds like you misconfigured .htaceess, can you please post its content
Avatar of aej1973

ASKER

This is the htaccess file.

AuthType Basic
AuthUserFile C:\apache\Apache2\htdocs\purchase_order\admin.php
AuthName "Restricted"
<LIMIT GET POST>
require valid-user
</LIMIT>
ASKER CERTIFIED SOLUTION
Avatar of ahoffmann
ahoffmann
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ahoffmann is correct - the AuthUserFile should contain your username and passwords that were created via the htpasswd program.

Generally, the full path to this program is placed outside of the web page directory for security purposes.
Avatar of aej1973

ASKER

Hoffmann, thank you for the reply, but can you be more specific.

I need to protect my admin.php file which is one of the files in my purchase_order folder. Now the command i write for the password is in bin dir, so  this if this is the steps i will need to follow;
htaccess file:

AuthType Basic
AuthUserFile C:\apache\Apache2\htdocs\purchase_order\passwd_file
AuthName "Restricted"
<LIMIT GET POST>
require valid-user
</LIMIT>


c:\apache\apache2\bin: htpasswd -c  passwd_file john

Will not this protect my purchase_order dir? What will I have to do to protect only a certain file in this dir.Also what will  I need to edit in the httpd.conf  file? Thank you for your answers.

A


You actually password protect a directory, not just a file; any files in your purchase_order folder will be password protected if that is where the .htaccess file lives.  It should start with a period btw;  not htaccess but .htaccess

If your httpd.conf file permits overrides, like:

AllowOverride ALL

Did you take a look at:

http://sniptools.com/tutorials/windows-apache-and-htaccess-authentication

?  It shows how these commands should look.  If you use VirtualHosts instead of just one web site, though, I would state that you should put this inside your VirtualHost container instead of the default.
as periwinkle explained, you have to place your .htaccess in the same directory as admin.php
Avatar of aej1973

ASKER

Ok, now it worked to a point wher i have the pop up that asks me for my user name and passed., but the problem is that it is not allowing me to enter the dir even after supplying the correct pw and username.
are you certain that you are entering in the username and password correctly?  Generally, .htaccess authentication is case sensitive - that means that John isn't the same as john ...
Avatar of aej1973

ASKER

ues i am quite sure. Infact i changed the username and pw a few times but it is still not letting me in.
Try moving the C:\apache\Apache2\htdocs\purchase_order\passwd_file outside of the htdocs hierarchy.  Adjust the directory in the .htaccess file, and try again.
what do your error_logs report about the failed access?
Avatar of aej1973

ASKER

[Wed Apr 12 16:23:51 2006] [error] [client 127.0.0.1] (OS 5)Access is denied.  : Could not open password file: C:/apache/Apache2/htdocs/purchase_order
[Wed Apr 12 16:23:51 2006] [error] [client 127.0.0.1] user arun not found: /purchase_order
[Wed Apr 12 16:24:00 2006] [error] [client 127.0.0.1] (OS 5)Access is denied.  : Could not open password file: C:/apache/Apache2/htdocs/purchase_order
[Wed Apr 12 16:24:00 2006] [error] [client 127.0.0.1] user arunj not found: /purchase_order
[Wed Apr 12 16:24:09 2006] [error] [client 127.0.0.1] (OS 5)Access is denied.  : Could not open password file: C:/apache/Apache2/htdocs/purchase_order
[Wed Apr 12 16:24:09 2006] [error] [client 127.0.0.1] user arun not found: /purchase_order
[Wed Apr 12 16:26:19 2006] [error] [client 127.0.0.1] (OS 5)Access is denied.  : Could not open password file: C:/apache/Apache2/htdocs/purchase_order
[Wed Apr 12 16:26:19 2006] [error] [client 127.0.0.1] user carun not found: /purchase_order

this  are my error logs
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Is it working now?  If so, congratulations!
Avatar of aej1973

ASKER

It is working,  thanks a ton.

A