We help IT Professionals succeed at work.

protecting a directory with .htaccess & mysql

mark2326
mark2326 asked
on
My goal is to have a directory password protected, and have the usernames and passwords stored in mysql.
After a little reading mod_authn_dbd sounded like what I needed.
I enabled the module and other associated with it.
I configured my .htaccess as follows.. and put it into the directory I'm trying to protect...

# mod_dbd configuration
DBDriver mysql
DBDParams "host=10.0.1.211 port=3306 dbname=test user=root password=my_password"

DBDMin 1
DBDKeep 8
DBDMax 20
DBDExptime 300

<Directory /Volumes/MacHD/webSite/Subscriber/>
# core authentication and mod_auth_basic configuration
# for mod_authn_dbd
AuthType Basic
AuthName "subscriber"
AuthBasicProvider dbd

# core authorization configuration
Require valid-user

# mod_authn_dbd SQL query to authenticate a user
AuthDBDUserPWQuery \
"SELECT password FROM password WHERE user = %s"
</Directory>


when I go to that directory in a web browser I get a Server error 500. My Apache error logs give me this error ".htaccess: DBDriver not allowed here"

According to http://httpd.apache.org/docs/2.2/mod/mod_dbd.html#dbdriver I need the driver "apr_dbd_mysql.so.".
I'm assuming all the necessary APR's came with Apache??

I'm running an Xserve OS 10.6.3 server, Apache 2.2.14,  mysql 5.0.88

Any ideas? Thank you.

Comment
Watch Question

Top Expert 2010

Commented:
Hi, the mySQL DB Driver entries need to go in the Apache httpd.conf not your .htaccess

Author

Commented:
Thanks for responding
If I enter ...

# mod_dbd configuration
DBDriver mysql
DBDParams "host=10.0.1.211 port=3306 dbname=test user=root password=my_password"

DBDMin 1
DBDKeep 8
DBDMax 20
DBDExptime 300

into my httpd.conf it kills my site. Is there a specific place for it to go?

I also tried entering the <Directory> into httpd.conf, but still got the same errors.


Top Expert 2010

Commented:
What's in you Apache error log e.g.  

tail -30 /var/log/apache2/error.log

I take it you also have the necessary LoadModule commands in your httpd.conf e.g.

LoadModule dbd_module                   modules/mod_dbd.so
LoadModule authn_dbm_module       modules/mod_authn_dbm.so
LoadModule authz_dbm_module       modules/mod_authz_dbm.so

And that you re-started apache after making the changes e.g.

/etc/init.d/apache* restart

Note: You can test a change before restarting e.g. /etc/init.d/apache* test


I take it you've seen: http://www.apachelounge.com/viewtopic.php?t=2210



Author

Commented:
After reading the page you linked, I'm confused about what exactly should be entered into httpd.conf, and what should be in .htaccess (if anything)

Yes those modules are enabled, and I always restart Apache after I change httpd.conf

When I enter ...

# mod_dbd configuration
DBDriver mysql
DBDParams "host=10.0.1.211 port=3306 dbname=test user=root password=my_password"

DBDMin 1
DBDKeep 8
DBDMax 20
DBDExptime 300

and it breaks my site I get the following error in my apache logs.
[error] disk_cache: Cannot cache files to disk without a CacheRoot specified.



Top Expert 2010

Commented:
If you have access to the httpd.conf you don't need a .htaccess file, as you can stick the same stuff in a <Directory> block within the .conf file.

Will have a think about the error.
Top Expert 2010

Commented:
Hi

Just had a play, the following works in one of my httpd.conf files (notice the slightly different DBDParams  + AuthDBDUserPWQuery):

<IfModule mod_dbd.c>
  DBDriver mysql
  DBDParams "host=10.0.1.211 dbname=test user=root pass=my_password"
  DBDMin 1
  DBDKeep 8
  DBDMax 20
  DBDExptime 300
</IfModule>

<Directory /xxxxxxxx/Subscriber/>
  Options -FollowSymLinks Indexes MultiViews
  AuthType Basic
  AuthName "subscriber"
  AuthBasicProvider dbd
  AuthDBDUserPWQuery "SELECT Password FROM test.Apache_Users WHERE User_ID = %s"
  Require valid-user
  AllowOverride None
  Order allow,deny
  Allow from all
</Directory>

Can you give the above a go and let us know what appears in the Apache Error log, if unsuccessful.

Author

Commented:
I received the same error...

[error] disk_cache: Cannot cache files to disk without a CacheRoot specified.

Yes I put the full path to the folder, my password, and the name of the table "members"

<IfModule mod_dbd.c>
  DBDriver mysql
  DBDParams "host=127.0.0.1 dbname=test user=root pass=my_password"
  DBDMin 1
  DBDKeep 8
  DBDMax 20
  DBDExptime 300
</IfModule>

<Directory /Volumes/ServerHD/OwyheeWebSight/Subscriber>
  Options -FollowSymLinks Indexes MultiViews
  AuthType Basic
  AuthName "subscriber"
  AuthBasicProvider dbd
  AuthDBDUserPWQuery "SELECT Password FROM members WHERE User_ID = %s"
  Require valid-user
  AllowOverride None
  Order allow,deny
  Allow from all
</Directory>

Top Expert 2010

Commented:
Hi, as far as I'm aware the "disk_cache" module is totally unrelated to the "dbd" and "authn_dbd" modules, so you shouldn't be seeing those errors, with just the changes above, anyway you may be able to prove me wrong try adding the block below (from: http://www.macosxhints.com/article.php?story=20010117003458918) to your httpd.conf, to see if it makes a difference:

    #
    # To enable the cache as well, edit and uncomment the following lines:
    # (no cacheing without CacheRoot)
    #
    CacheRoot "/Library/WebServer/ProxyCache"
    CacheSize 5
    CacheGcInterval 4
    CacheMaxExpire 24
    CacheLastModifiedFactor 0.1
    CacheDefaultExpire 1

Author

Commented:
That breaks my site too. Same error "[error] disk_cache: Cannot cache files to disk without a CacheRoot specified."

Author

Commented:
I got rid of that error...

<IfModule mod_disk_cache.c>
CacheEnable disk /
CacheRoot "Library/Path"
</IfModule>

But as you predicted, it had no effect on the problem.
Top Expert 2010

Commented:
Can you please answer  these 3 questions:

1) What is returned from a:

sudo apachectl configtest

2) What's if anything appears in the error log now?  

3) Does the server start?

Author

Commented:
Here is the error (that explains it)

server_setup: entered
folder_setup: entered
server_setup: entered
Syntax error on line 1445 of /private/etc/apache2/httpd.conf:
DBD: No driver for mysql

The server starts, but pages do not load.


How do I find and install a driver?


Top Expert 2010

Commented:
Guessing your missing the Apache Portable Runtime (APR) mysql driver, i'm not a MAC expert but there are binary and source pacages and instructions out there e.g.


http://mac.softpedia.com/get/Developer-Tools/Apache-Portable-Runtime.shtml
http://wiki.secondlife.com/wiki/Compiling_the_viewer_libraries_%28Mac_OS_X%29#Apache_Portable_Runtime
Top Expert 2010

Commented:
This may be the correct version:

http://apr-util.darwinports.com/ 

Author

Commented:
I downloaded apr-1.4.2 and ran buildconf per http://apr.apache.org/compiling_unix.html
I get this error

buildconf: checking installation...
/Volumes/path/apr-1.4.2/build/buildcheck.sh: line 6: build/PrintPath: No such file or directory
buildconf: python not found.
           You need python installed
           to build APR from SVN.
logout

I've installed Python and keep getting the same error.
Top Expert 2010

Commented:
Try the apr-util package on the Darwin ports site: http://apr-util.darwinports.com/

Author

Commented:
I looked at that, the download links are broken. Also they do not support my OS (Snow Leopard, 10.6)
After Googling, I'll look at macports.org when I get a chance this weekend.

Author

Commented:
I'm at a stand still. What do you think of this module "mod_auth_mysql"?  Seem simpler.
http://support.modwest.com/content/1/161/en/how-do-i-protect-a-directory-with-mod_auth_mysql.html

I'm having problems building it..


"Note: The option -D APACHE2 for Apache 2.x is no longer required.  The module
determines the correct version from the Apache header files

If the mysql.h header file cannot be found, add the -I option to specify the
directory where mysql.h can be found.

If the mysqlclient library cannot be found, add the -L option to specify the
directory where libmysqlclient.so can be found.  

Example:

apxs -c -L/usr/lib/mysql -I/usr/include/mysql -lmysqlclient -lm -lz mod_auth_mysql.c
 "

How do I take the example and configure it to my system?

1) why are there 2 different paths to mysql? The path to my mysql is /usr/local/mysql
2) Do I not have to enter a path to the mod_auth_mysql.c file?
Top Expert 2010

Commented:
Hi

The Darwinports site details the apr-util build process, so if your sure their biary package won't run on 10.6 the instructions may point you in the correct direction for compiling the module form source, after you have the necessary dependencies installed.

Else I'd suggest posting a "Where do I get OR how do I build the apr_util, with mysql support, on Mac OS 10.6" to the appropriate zones here, or elsewhere, which I suspect you already have http://discussions.apple.com/thread.jspa?threadID=2471937 
Commented:
I could not resolve this issue.
I took a different rout. http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_26287920.html

Thank you arober11 for your help