• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 238
  • Last Modified:

htaccess setup

I need to set up different logins on a parent directory and on a subdirectory to that parent directory. When I add .htaccess and .htpasswd files to both directories I get prompted for both logins when going to the subdirectory. I need to know how to set this up so that I only get prompted for the individual login for each directory. Can someone tell me how this is achieved?
0
jzilberberg
Asked:
jzilberberg
1 Solution
 
themrrobertCommented:
You mean that when you type:

http://myserver.com/protected1/protected2

It asks you for 2 sets of authorization user/pw combos?
0
 
jzilberbergAuthor Commented:
Correct. I need "protected2" to only prompt me for that directory's login not both. So I need to know how to write both htaccess files to achieve this.
0
 
lords1979Commented:
If you can set the other directory as a subsite of the domain, this will allow you to have .htaccess file for each individually.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
jzilberbergAuthor Commented:
I can't do that.
0
 
jzilberbergAuthor Commented:
So, given I cant' set up the subdirectory as a subsite of the domain, is there another option? Is this not a standard set up that is achievable in apache via htaccess? Can the parent directory be set up to be only applied to itself and ignore subdirectories?
0
 
xtermCommented:
This is perfectly achievable.  You just need to tell Apache to allow lower level htaccess to be able to override higher ones, so you do in httpd.conf (you can probably find the switch for your existing webroot and change it from None to All, or create a new one for just the directory you want to allow overrides in)

<Directory /foo>
    AllowOverride All
</Directory>

This does require a restart (or sig HUP) of Apache to take effect.

$>  cat /foo/protected1/.htaccess

AuthUserFile /path/to/htpasswd1
AuthName "Enter Username and Password"
AuthType Basic
<Limit GET>
require valid-user
</Limit>

$> cat /foo/protected1/protected2/.htaccess

AuthUserFile /path/to/htpasswd2
AuthName "Enter Username and Password"
AuthType Basic
<Limit GET>
require valid-user
</Limit>

Now when you hit /foo/protected1 in a browser you'll have to auth using an entry from htpasswd1, but if you go to /foo/protected1/protected2, it will prompt you to authenticate again using an entry from htpasswd2.  Similarly, after you've authenticated there, and try to go back to /foo/protected1, you will need to re-auth off htpasswd1

If you're using IP-based permissions, the same will apply.

Enjoy!
0
 
jzilberbergAuthor Commented:
Thank you for this. I don't have server access so I cannot affect httpd.conf. Is there a solution only through affecting .htaccess files?
0
 
xtermCommented:
The AllowOverride switch really just turns on the use of .htaccess files (see http://httpd.apache.org/docs/2.0/howto/htaccess.html)

So in essence, if you're getting prompted for a username and password now, then the system config file must already override either All or AuthConfig.

Thus, if your .htaccess files look like mine, they should work as I describe above.
0
 
jzilberbergAuthor Commented:
So, according to your instruction I should not have to change anything on the server and just change the root level .htaccess file, correct?

Here is what I have created. This .htaccess file lives on the root and there is a .htpassword file on the root and one on in the child directory. This only prompts for one set of credentials, but the one it requires for either directory is the child directory's credentials. Can you please let me know what I am not doing right here?

AuthUserFile /mnt/target05/347173/www.mydomain.com/web/content/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic
<Limit GET>
require valid-user
</Limit>

AuthUserFile /mnt/target05/347173/www.mydomain.com/web/content/admin/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic
<Limit GET>
require valid-user
</Limit>
0
 
xtermCommented:
So if you go to the server root in a browser you can only authenticate with a user contained in /admin/.htpasswd?
And the same is true if you go to serverroot/childdirectory in the browser?

Both of them prompt and will only accept a username/password found in the child directory's .htpassword, which is /mnt/target05/347173/www.mydomain.com/web/content/admin/.htpasswd ?

If you go to the server root, and attempt to authenticate with a username/password in  /mnt/target05/347173/www.mydomain.com/web/content/.htpasswd, what happens?

That seems impossible to me - there's no way the main root .htaccess can even KNOW about the .htpasswd file in the content/admin directory.  Please confirm this to be the case.
0
 
jzilberbergAuthor Commented:
Correct, I can only authenticate with the user contained in /admin/.htpasswd for both directories.

Correct, both of them prompt and will only accept a username/password found in the child directory's .htpassword, which is /mnt/target05/347173/www.mydomain.com/web/content/admin/.htpasswd ?

If I go to the server root, and attempt to authenticate with a username/password in /mnt/target05/347173/www.mydomain.com/web/content/.htpasswd, I just keep getting prompted for valid credentials unless I use the credentials for /admin.

The good news is I don't get a double prompt like originally, but now there is this issue of improper authentication.
0
 
xtermCommented:
I hate to beat a dead horse, but the basic impossibility of what you are suggesting leads me to call into question your htpasswd or htaccess files - there is simply no way that the server root can authenticate a user which is not referenced in its own .htaccess file.

I suggest that in the server root .htaccess file you put "AuthName EnterRootPassword" and in the child you put "AuthName EnterChildPassword" temporarily.

Then make sure that you have no username overlap in the htaccess files.  Perhaps in the one that feeds the root directory put a single user "foo" and in the one in the /admin (child) directory, put a single user "bar".

For good measure, I'd probably dump client browser cache and restart it too.
0
 
jzilberbergAuthor Commented:
Ok, thanks for sticking with me on this.

I made the changes to the AuthName line you suggested and tried again. Same result.

Regarding this instruction: "Then make sure that you have no username overlap in the htaccess files.  Perhaps in the one that feeds the root directory put a single user "foo" and in the one in the /admin (child) directory, put a single user "bar". - I am not sure what you mean by "put a single user "foo". Can you please be explicit about how I should do this?
0
 
xtermCommented:
Yes, create them as such:

$>cat  /mnt/target05/347173/www.mydomain.com/web/content/.htpasswd
foo:.J9xG620h1puU

$> cat /mnt/target05/347173/www.mydomain.com/web/content/admin/.htpasswd
bar:fFaB/ikx068JE

User foo's password is bar.  User bar's password is foo.  With those two htpasswd files in place you should only be able to auth as foo/bar in the server root directory, and as bar/foo in the child directory.

Make sense?
0
 
jzilberbergAuthor Commented:
Yes, this is already what I had set up in the individual .htpasswd files in the parent and child directories as you outlined in your last message, but with my actual user names and passwords. Just for certainty, I changed them to foo/bar and bar/foo respectively and tried again. Only bar/foo works for both directories.
0
 
xtermCommented:
If you DELETE (or just move elsewhere or rename) the .htaccess file in the child directory that references /mnt/target05/347173/www.mydomain.com/web/content/admin/.htpasswd, what happens?

This should only leave the .htaccess file in the root referring to /mnt/target05/347173/www.mydomain.com/web/content/.htpasswd which should ONLY allow the authentication of foo/bar.

I guess let's get this working one directory at a time, starting with the root.
0
 
jzilberbergAuthor Commented:
I don't have an .htaccess file in the child directory, so my set up has been just as you prescribe in your last message.

So, just to see I removed the second block from the root .htaccess file:

AuthUserFile /mnt/target05/347173/www.mywesternathleticclub.com/web/content/admin/.htpasswd
AuthGroupFile /dev/null
AuthName EnterChildPassword
AuthType Basic
<Limit GET>
require valid-user
</Limit>

Now when I try to login to either directory both require the root credentials instead of the child credentials as before. Very strange since there is no directive to prompt for the child directory at all at that point.
0
 
xtermCommented:
Wait a minute, I think we're on to something here - you didn't ever HAVE a .htaccess file in the child folder?  You need one!  I didn't realize you'd pupt both "blocks" into one file.  See my original post, those are two separate .htaccess files, one in the root, one in the child folder.

Notice I have one in /protected1 and one in /protected1/protected2?

Anyway, just substitute that for /, and /protected1 and you'll be golden.

Each .htaccess file references its own .htpasswd file.

Phew, that shouldn've have been so tough :)  
0
 
jzilberbergAuthor Commented:
Ok, sorry I missed that. So now they are in 2 files in the respective directories. No double prompt, but now the root credentials are the only ones that work for both directories.
0
 
xtermCommented:
Okay, please paste the child .htaccess file and it's associated htpasswd file (you can munge the usernames if you want to protect the privacy of these)
0
 
jzilberbergAuthor Commented:
AuthUserFile /mnt/target05/347173/www.mydomain.com/web/content/admin/.htpasswd
AuthGroupFile /dev/null
AuthName EnterChildPassword
AuthType Basic
<Limit GET>
require valid-user
</Limit>

saleskit:BHP7lJ7qIqyG
0
 
jzilberbergAuthor Commented:
Oh wait!!! We're there! I uploaded the last revisions to the wrong server. Just uploaded to the correct server and retried and it works. Very simple solution when implemented correctly. Thanks for working with me on this!!!
0
 
xtermCommented:
Great, because I was out of ideas :)  Enjoy!
0
 
jzilberbergAuthor Commented:
THANK YOU!!
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now