Link to home
Create AccountLog in
Avatar of Steve Tinsley
Steve TinsleyFlag for United Kingdom of Great Britain and Northern Ireland

asked on

.htaccess password help

I am trying to create a password protected directory.
I have an SSL cert on the domain.
Below is my code....

I have 2 questions...
- Why doesn't my custom Error 401 page work? I get the default one!!!
- Is there anything else I can add to the script to improve it?

.htaccess for https
# This points to your logging script, doesn't have to be php
ErrorDocument 401  /home4/stevetin/public_html/test/secure/log-htpasswd.php

AuthName "Restricted Area1"
AuthUserFile /home4/stevetin/public_html/test/secure/.htpasswd 
AuthType Basic 
require valid-user


# Set REMOTE_USER env variable on 401 ErrorDocument
RewriteEngine On
RewriteBase /
RewriteCond %{ENV:REDIRECT_STATUS} ^401$
RewriteRule .* - [E=REMOTE_USER:%{ENV:REDIRECT_REMOTE_USER}]

Options -Indexes

Open in new window



Error 401 / logging file
<?php
define('LOGINS_LOG','/home4/user/public_html/secure/log-htpasswd2.log');
 
if(isset($_ENV['REDIRECT_REMOTE_USER']) && !empty($_ENV['REDIRECT_REMOTE_USER'])){
   $fp = fopen(LOGINS_LOG, 'a+');
   fwrite($fp, $_ENV['REDIRECT_REMOTE_USER']);
   fclose($fp);
}
 
ob_start();
header("HTTP/1.1 401 Authorization Required",1);
header("Status: 401 Authorization Required",1);
echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head><title>401 Authorization Required</title></head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesnt understand how to supply
the credentials required.dsadsa</p>';

?>

Open in new window




.htaccess for http
Options -Indexes

RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://http://www.domain.com/secure$1 [R=permanent]

Open in new window

Avatar of arnold
arnold
Flag of United States of America image

The URL for the ERRORDOCUMENT should be used an not an external path which the remote client can not access.
http://httpd.apache.org/docs/2.2/custom-error.html
Avatar of Steve Tinsley

ASKER

Are you saying it should be like this:
ErrorDocument 401  /log-htpasswd.php
Yes provided http://www.yourdomain.com/log-htpasswd.php
What happened before?
This is where my files are:
root/secure/.htaccess
root/secure/log-htpasswd.php

It currently goes to the default 401 page rather than my one.

Confused
ASKER CERTIFIED SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
I hadn't got to the bottom of the issue but didn't need to ask any more questions. I didn't just want to leave the question open. Looking at the info above I should have given a B.