Avatar of doctorbill
doctorbill
Flag for United Kingdom of Great Britain and Northern Ireland asked on

.htaccess files

The following .htaccess files is in the following directory and is working correctly:

C:\xampp\htdocs

AuthName "TickTockIT Int Protected"
AuthType Basic
AuthUserFile C:/xampp/apache/bin/passwordfile
# require valid-user
Require user admin
Order Deny,Allow
Deny from all
Allow from ::1
Satisfy Any

The above is only accessed by admin

I want to allow access to another sub directory to other specific users:
Directory: C:\xampp\htdocs\newsite\site
Access for users a and b
How do I do this - with a separate .htaccess file or a redirect from the .htaccess file above
If I use a separate .htaccess file how do I stop authentication being required by the parent .htaccess file (c:\xampp\htdocs) above?
Basically what is the best way to do this
PHPApache Web Server

Avatar of undefined
Last Comment
doctorbill

8/22/2022 - Mon
Dave Baldwin

Basically you can't do what you want.  Apache reads the .htaccess in the path and follows the directives in the path order.  To allow separate access, you need to move the 'admin' functions to it's own subdirectory along with the '.htaccess' file for it.
doctorbill

ASKER
Can you show me please as an example
doctorbill

ASKER
Then how can I protect all the htdocs directories but allow a sub directory with a different access file
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
doctorbill

ASKER
Or redirect a particular user to a sub directory using the htaccess file
David Favor

To expand on Dave Baldwin's comment...

To do what you're trying to do requires you wrap each directory, which has a different root, in a different Apache Directory config container... as in this example pulled off one of my servers...

 
   <Directory /sites/david-favor/clients.davidfavor.com/htdocs/projects/foo>
       Options +Indexes +FollowSymLinks +MultiViews
       AllowOverride AuthConfig
       AuthType Basic
       AuthName "Authentication Required"
       AuthUserFile /etc/apache2/apache2.users
       Require valid-user foo
   </Directory>

Open in new window


So in your Apache config you'll have a directory container for each directory.

I avoid doing this at the .htaccess level as there are subtle differences between doing this at the server level + inside specific directories.

Start by adding this to Apache config, then if you think you really must, try moving the Directory container into .htaccess file(s).

You'll have to refer to Apache docs + experiment to see if this will even work.
doctorbill

ASKER
What is the format of these files:

AuthName "Authentication Required"
       AuthUserFile /etc/apache2/apache2.users
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
David Favor

Format should be ignored, as sometimes this will change.

Better to use the Apache tool for modifying this file, so something like...

htpasswd -B -C 10 -b /etc/apache2/apache2.users foo aIcp0Rom10B6t52U

Open in new window


This means using htpasswd allows your authentication to work as expected.

Note: The file format is user:hash where hash can be many types of hashed password, depending on other options passed to htpasswd + also Apache config file settings.

Note: Best to just use htpasswd, rather than playing games hand rolling your own hashification approach, which may or may not work, across all future Apache releases.
doctorbill

ASKER
This is what I have in the conf file:

<Directory ../htdocs/jquery/test.php>
       Options +Indexes +FollowSymLinks +MultiViews
       AllowOverride AuthConfig
       AuthType Basic
       AuthName "Authentication Required"
       AuthUserFile ../../bin/passwordfiles/passwordfile
       Require valid-user guest
   </Directory>

The url when tested as local host does not ask for any password or username
http://localhost/jquery
The link goes straight in
David Favor

Directory ../htdocs/jquery/test.php will cause impossible to debug problems.

Only use absolute path inside <Directory> containers.

You have no idea what your CWD will be at any given moment in Apache or what CWD might be in any future versions of Apache.

AuthUserFile ../../bin/passwordfiles/passwordfile is exact same problem.

Use absolute paths for all your links in Apache config files.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
David Favor

If you aren't prompted for a password, this simply means your relative paths are incorrect, based on whatever CWD Apache has set when config file directives are processed.

Changing to absolute paths in your Apache config file (not .htaccess, actual config file) will likely resolve your problem.
doctorbill

ASKER
Still not working:

<Directory C:\xampp\htdocs\query\test.php>
       Options +Indexes +FollowSymLinks +MultiViews
       AllowOverride AuthConfig
       AuthType Basic
       AuthName "Authentication Required"
       AuthUserFile C:\xampp\apache\bin\passwordfiles\passwordfile
       Require valid-user guest
   </Directory>
David Favor

First try editing each file via the absolute path, just to make sure all's well.

Then be sure to restart Apache.

You can also try adding some syntax error to your <Directory> container, which should cause your Apache restart to fail.

If your restart works, this means the config file isn't being picked up as you expect.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
doctorbill

ASKER
Still no good
Syntax error stops the server from starting so the file is being read
file paths are ok

Would this be confusing the issue - it is also in the conf file:
DocumentRoot "C:/xampp/htdocs"
<Directory "C:/xampp/htdocs">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks Includes ExecCGI

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   AllowOverride FileInfo AuthConfig Limit
    #
    AllowOverride All

    #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>
doctorbill

ASKER
Any ideas on this please
doctorbill

ASKER
I am also testing on a local network:
http://localhost/
Your help has saved me hundreds of hours of internet surfing.
fblack61
David Favor

Unsure.

Difficult to say without access to a machine to debug.

Also, using Windows adds another layer of complexity, as running LAMP on Windows always means using some oddball install method...

Compared to Linux Distros which provide LAMP software as standard packages.

Likely the problem is something minor in you overall config + with Windows this can be a bear to figure out.

Eyeballing your config, everything looks correct.
Dave Baldwin

I thought that Basic Auth in Apache applied to directories and not files.  ??
doctorbill

ASKER
What could I try instead
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
doctorbill

ASKER
Managed to find this:

AuthName "TickTockIT Int Protected"
AuthType Basic
AuthUserFile C:/xampp/apache/bin/passwordfile
require valid-user
Order Deny,Allow
Deny from all
Allow from ::1
Satisfy Any
<FilesMatch "results_invoices_IDsel_Client\.php$">
Satisfy Any
Allow from all
</FilesMatch>

This should do it as it works for the file referenced in the above
ASKER CERTIFIED SOLUTION
doctorbill

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
doctorbill

ASKER
Thanks all