aej1973
asked on
Setting .htaccess protection.
Hello, I have a apache server running on xp machine. I need certain section of the web page blocked from all user. I have set up a htaccess page but what happens is that when I get to the protected page instead of getting a pop with an option with user name and passwd i get a page with something like this;
john:$apr1$lP5.....$x8n/Qn gyoJLwZbZp wxbqJ/
John is the user name i have set. What could be the issue??
Thank you.
john:$apr1$lP5.....$x8n/Qn
John is the user name i have set. What could be the issue??
Thank you.
ASKER
Not able to get it to work for some reason. It takes me to the page in want to protect without asking me for a username or password.
sounds like you misconfigured .htaceess, can you please post its content
ASKER
This is the htaccess file.
AuthType Basic
AuthUserFile C:\apache\Apache2\htdocs\p urchase_or der\admin. php
AuthName "Restricted"
<LIMIT GET POST>
require valid-user
</LIMIT>
AuthType Basic
AuthUserFile C:\apache\Apache2\htdocs\p
AuthName "Restricted"
<LIMIT GET POST>
require valid-user
</LIMIT>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ahoffmann is correct - the AuthUserFile should contain your username and passwords that were created via the htpasswd program.
Generally, the full path to this program is placed outside of the web page directory for security purposes.
Generally, the full path to this program is placed outside of the web page directory for security purposes.
ASKER
Hoffmann, thank you for the reply, but can you be more specific.
I need to protect my admin.php file which is one of the files in my purchase_order folder. Now the command i write for the password is in bin dir, so this if this is the steps i will need to follow;
htaccess file:
AuthType Basic
AuthUserFile C:\apache\Apache2\htdocs\p urchase_or der\passwd _file
AuthName "Restricted"
<LIMIT GET POST>
require valid-user
</LIMIT>
c:\apache\apache2\bin: htpasswd -c passwd_file john
Will not this protect my purchase_order dir? What will I have to do to protect only a certain file in this dir.Also what will I need to edit in the httpd.conf file? Thank you for your answers.
A
I need to protect my admin.php file which is one of the files in my purchase_order folder. Now the command i write for the password is in bin dir, so this if this is the steps i will need to follow;
htaccess file:
AuthType Basic
AuthUserFile C:\apache\Apache2\htdocs\p
AuthName "Restricted"
<LIMIT GET POST>
require valid-user
</LIMIT>
c:\apache\apache2\bin: htpasswd -c passwd_file john
Will not this protect my purchase_order dir? What will I have to do to protect only a certain file in this dir.Also what will I need to edit in the httpd.conf file? Thank you for your answers.
A
You actually password protect a directory, not just a file; any files in your purchase_order folder will be password protected if that is where the .htaccess file lives. It should start with a period btw; not htaccess but .htaccess
If your httpd.conf file permits overrides, like:
AllowOverride ALL
Did you take a look at:
http://sniptools.com/tutorials/windows-apache-and-htaccess-authentication
? It shows how these commands should look. If you use VirtualHosts instead of just one web site, though, I would state that you should put this inside your VirtualHost container instead of the default.
If your httpd.conf file permits overrides, like:
AllowOverride ALL
Did you take a look at:
http://sniptools.com/tutorials/windows-apache-and-htaccess-authentication
? It shows how these commands should look. If you use VirtualHosts instead of just one web site, though, I would state that you should put this inside your VirtualHost container instead of the default.
as periwinkle explained, you have to place your .htaccess in the same directory as admin.php
ASKER
Ok, now it worked to a point wher i have the pop up that asks me for my user name and passed., but the problem is that it is not allowing me to enter the dir even after supplying the correct pw and username.
are you certain that you are entering in the username and password correctly? Generally, .htaccess authentication is case sensitive - that means that John isn't the same as john ...
ASKER
ues i am quite sure. Infact i changed the username and pw a few times but it is still not letting me in.
Try moving the C:\apache\Apache2\htdocs\p urchase_or der\passwd _file outside of the htdocs hierarchy. Adjust the directory in the .htaccess file, and try again.
what do your error_logs report about the failed access?
ASKER
[Wed Apr 12 16:23:51 2006] [error] [client 127.0.0.1] (OS 5)Access is denied. : Could not open password file: C:/apache/Apache2/htdocs/p urchase_or der
[Wed Apr 12 16:23:51 2006] [error] [client 127.0.0.1] user arun not found: /purchase_order
[Wed Apr 12 16:24:00 2006] [error] [client 127.0.0.1] (OS 5)Access is denied. : Could not open password file: C:/apache/Apache2/htdocs/p urchase_or der
[Wed Apr 12 16:24:00 2006] [error] [client 127.0.0.1] user arunj not found: /purchase_order
[Wed Apr 12 16:24:09 2006] [error] [client 127.0.0.1] (OS 5)Access is denied. : Could not open password file: C:/apache/Apache2/htdocs/p urchase_or der
[Wed Apr 12 16:24:09 2006] [error] [client 127.0.0.1] user arun not found: /purchase_order
[Wed Apr 12 16:26:19 2006] [error] [client 127.0.0.1] (OS 5)Access is denied. : Could not open password file: C:/apache/Apache2/htdocs/p urchase_or der
[Wed Apr 12 16:26:19 2006] [error] [client 127.0.0.1] user carun not found: /purchase_order
this are my error logs
[Wed Apr 12 16:23:51 2006] [error] [client 127.0.0.1] user arun not found: /purchase_order
[Wed Apr 12 16:24:00 2006] [error] [client 127.0.0.1] (OS 5)Access is denied. : Could not open password file: C:/apache/Apache2/htdocs/p
[Wed Apr 12 16:24:00 2006] [error] [client 127.0.0.1] user arunj not found: /purchase_order
[Wed Apr 12 16:24:09 2006] [error] [client 127.0.0.1] (OS 5)Access is denied. : Could not open password file: C:/apache/Apache2/htdocs/p
[Wed Apr 12 16:24:09 2006] [error] [client 127.0.0.1] user arun not found: /purchase_order
[Wed Apr 12 16:26:19 2006] [error] [client 127.0.0.1] (OS 5)Access is denied. : Could not open password file: C:/apache/Apache2/htdocs/p
[Wed Apr 12 16:26:19 2006] [error] [client 127.0.0.1] user carun not found: /purchase_order
this are my error logs
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is it working now? If so, congratulations!
ASKER
It is working, thanks a ton.
A
A
http://sniptools.com/tutorials/windows-apache-and-htaccess-authentication
That rather looks like a Linux apache .htaccess password file...