We help IT Professionals succeed at work.

Check out this week's podcast, "Dairy Farms to Databases: Community's Hand in Technology"Listen Now

x

.htaccess files

doctorbill
doctorbill asked
on
154 Views
Last Modified: 2019-01-02
The following .htaccess files is in the following directory and is working correctly:

C:\xampp\htdocs

AuthName "TickTockIT Int Protected"
AuthType Basic
AuthUserFile C:/xampp/apache/bin/passwordfile
# require valid-user
Require user admin
Order Deny,Allow
Deny from all
Allow from ::1
Satisfy Any

The above is only accessed by admin

I want to allow access to another sub directory to other specific users:
Directory: C:\xampp\htdocs\newsite\site
Access for users a and b
How do I do this - with a separate .htaccess file or a redirect from the .htaccess file above
If I use a separate .htaccess file how do I stop authentication being required by the parent .htaccess file (c:\xampp\htdocs) above?
Basically what is the best way to do this
Comment
Watch Question

Dave BaldwinFixer of Problems
CERTIFIED EXPERT
Most Valuable Expert 2014

Commented:
Basically you can't do what you want.  Apache reads the .htaccess in the path and follows the directives in the path order.  To allow separate access, you need to move the 'admin' functions to it's own subdirectory along with the '.htaccess' file for it.

Author

Commented:
Can you show me please as an example

Author

Commented:
Then how can I protect all the htdocs directories but allow a sub directory with a different access file

Author

Commented:
Or redirect a particular user to a sub directory using the htaccess file
David FavorFractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
To expand on Dave Baldwin's comment...

To do what you're trying to do requires you wrap each directory, which has a different root, in a different Apache Directory config container... as in this example pulled off one of my servers...

 
   <Directory /sites/david-favor/clients.davidfavor.com/htdocs/projects/foo>
       Options +Indexes +FollowSymLinks +MultiViews
       AllowOverride AuthConfig
       AuthType Basic
       AuthName "Authentication Required"
       AuthUserFile /etc/apache2/apache2.users
       Require valid-user foo
   </Directory>

Open in new window


So in your Apache config you'll have a directory container for each directory.

I avoid doing this at the .htaccess level as there are subtle differences between doing this at the server level + inside specific directories.

Start by adding this to Apache config, then if you think you really must, try moving the Directory container into .htaccess file(s).

You'll have to refer to Apache docs + experiment to see if this will even work.

Author

Commented:
What is the format of these files:

AuthName "Authentication Required"
       AuthUserFile /etc/apache2/apache2.users
David FavorFractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Format should be ignored, as sometimes this will change.

Better to use the Apache tool for modifying this file, so something like...

htpasswd -B -C 10 -b /etc/apache2/apache2.users foo aIcp0Rom10B6t52U

Open in new window


This means using htpasswd allows your authentication to work as expected.

Note: The file format is user:hash where hash can be many types of hashed password, depending on other options passed to htpasswd + also Apache config file settings.

Note: Best to just use htpasswd, rather than playing games hand rolling your own hashification approach, which may or may not work, across all future Apache releases.

Author

Commented:
This is what I have in the conf file:

<Directory ../htdocs/jquery/test.php>
       Options +Indexes +FollowSymLinks +MultiViews
       AllowOverride AuthConfig
       AuthType Basic
       AuthName "Authentication Required"
       AuthUserFile ../../bin/passwordfiles/passwordfile
       Require valid-user guest
   </Directory>

The url when tested as local host does not ask for any password or username
http://localhost/jquery
The link goes straight in
David FavorFractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Directory ../htdocs/jquery/test.php will cause impossible to debug problems.

Only use absolute path inside <Directory> containers.

You have no idea what your CWD will be at any given moment in Apache or what CWD might be in any future versions of Apache.

AuthUserFile ../../bin/passwordfiles/passwordfile is exact same problem.

Use absolute paths for all your links in Apache config files.
David FavorFractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
If you aren't prompted for a password, this simply means your relative paths are incorrect, based on whatever CWD Apache has set when config file directives are processed.

Changing to absolute paths in your Apache config file (not .htaccess, actual config file) will likely resolve your problem.

Author

Commented:
Still not working:

<Directory C:\xampp\htdocs\query\test.php>
       Options +Indexes +FollowSymLinks +MultiViews
       AllowOverride AuthConfig
       AuthType Basic
       AuthName "Authentication Required"
       AuthUserFile C:\xampp\apache\bin\passwordfiles\passwordfile
       Require valid-user guest
   </Directory>
David FavorFractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
First try editing each file via the absolute path, just to make sure all's well.

Then be sure to restart Apache.

You can also try adding some syntax error to your <Directory> container, which should cause your Apache restart to fail.

If your restart works, this means the config file isn't being picked up as you expect.

Author

Commented:
Still no good
Syntax error stops the server from starting so the file is being read
file paths are ok

Would this be confusing the issue - it is also in the conf file:
DocumentRoot "C:/xampp/htdocs"
<Directory "C:/xampp/htdocs">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks Includes ExecCGI

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   AllowOverride FileInfo AuthConfig Limit
    #
    AllowOverride All

    #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>

Author

Commented:
Any ideas on this please

Author

Commented:
I am also testing on a local network:
http://localhost/
David FavorFractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Unsure.

Difficult to say without access to a machine to debug.

Also, using Windows adds another layer of complexity, as running LAMP on Windows always means using some oddball install method...

Compared to Linux Distros which provide LAMP software as standard packages.

Likely the problem is something minor in you overall config + with Windows this can be a bear to figure out.

Eyeballing your config, everything looks correct.
Dave BaldwinFixer of Problems
CERTIFIED EXPERT
Most Valuable Expert 2014

Commented:
I thought that Basic Auth in Apache applied to directories and not files.  ??

Author

Commented:
What could I try instead

Author

Commented:
Managed to find this:

AuthName "TickTockIT Int Protected"
AuthType Basic
AuthUserFile C:/xampp/apache/bin/passwordfile
require valid-user
Order Deny,Allow
Deny from all
Allow from ::1
Satisfy Any
<FilesMatch "results_invoices_IDsel_Client\.php$">
Satisfy Any
Allow from all
</FilesMatch>

This should do it as it works for the file referenced in the above
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks all

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.