.htaccess files

doctorbill
doctorbill used Ask the Experts™
on
The following .htaccess files is in the following directory and is working correctly:

C:\xampp\htdocs

AuthName "TickTockIT Int Protected"
AuthType Basic
AuthUserFile C:/xampp/apache/bin/passwordfile
# require valid-user
Require user admin
Order Deny,Allow
Deny from all
Allow from ::1
Satisfy Any

The above is only accessed by admin

I want to allow access to another sub directory to other specific users:
Directory: C:\xampp\htdocs\newsite\site
Access for users a and b
How do I do this - with a separate .htaccess file or a redirect from the .htaccess file above
If I use a separate .htaccess file how do I stop authentication being required by the parent .htaccess file (c:\xampp\htdocs) above?
Basically what is the best way to do this
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:
Basically you can't do what you want.  Apache reads the .htaccess in the path and follows the directives in the path order.  To allow separate access, you need to move the 'admin' functions to it's own subdirectory along with the '.htaccess' file for it.

Author

Commented:
Can you show me please as an example

Author

Commented:
Then how can I protect all the htdocs directories but allow a sub directory with a different access file
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

Author

Commented:
Or redirect a particular user to a sub directory using the htaccess file
David FavorFractional CTO
Distinguished Expert 2018

Commented:
To expand on Dave Baldwin's comment...

To do what you're trying to do requires you wrap each directory, which has a different root, in a different Apache Directory config container... as in this example pulled off one of my servers...

 
   <Directory /sites/david-favor/clients.davidfavor.com/htdocs/projects/foo>
       Options +Indexes +FollowSymLinks +MultiViews
       AllowOverride AuthConfig
       AuthType Basic
       AuthName "Authentication Required"
       AuthUserFile /etc/apache2/apache2.users
       Require valid-user foo
   </Directory>

Open in new window


So in your Apache config you'll have a directory container for each directory.

I avoid doing this at the .htaccess level as there are subtle differences between doing this at the server level + inside specific directories.

Start by adding this to Apache config, then if you think you really must, try moving the Directory container into .htaccess file(s).

You'll have to refer to Apache docs + experiment to see if this will even work.

Author

Commented:
What is the format of these files:

AuthName "Authentication Required"
       AuthUserFile /etc/apache2/apache2.users
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Format should be ignored, as sometimes this will change.

Better to use the Apache tool for modifying this file, so something like...

htpasswd -B -C 10 -b /etc/apache2/apache2.users foo aIcp0Rom10B6t52U

Open in new window


This means using htpasswd allows your authentication to work as expected.

Note: The file format is user:hash where hash can be many types of hashed password, depending on other options passed to htpasswd + also Apache config file settings.

Note: Best to just use htpasswd, rather than playing games hand rolling your own hashification approach, which may or may not work, across all future Apache releases.

Author

Commented:
This is what I have in the conf file:

<Directory ../htdocs/jquery/test.php>
       Options +Indexes +FollowSymLinks +MultiViews
       AllowOverride AuthConfig
       AuthType Basic
       AuthName "Authentication Required"
       AuthUserFile ../../bin/passwordfiles/passwordfile
       Require valid-user guest
   </Directory>

The url when tested as local host does not ask for any password or username
http://localhost/jquery
The link goes straight in
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Directory ../htdocs/jquery/test.php will cause impossible to debug problems.

Only use absolute path inside <Directory> containers.

You have no idea what your CWD will be at any given moment in Apache or what CWD might be in any future versions of Apache.

AuthUserFile ../../bin/passwordfiles/passwordfile is exact same problem.

Use absolute paths for all your links in Apache config files.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
If you aren't prompted for a password, this simply means your relative paths are incorrect, based on whatever CWD Apache has set when config file directives are processed.

Changing to absolute paths in your Apache config file (not .htaccess, actual config file) will likely resolve your problem.

Author

Commented:
Still not working:

<Directory C:\xampp\htdocs\query\test.php>
       Options +Indexes +FollowSymLinks +MultiViews
       AllowOverride AuthConfig
       AuthType Basic
       AuthName "Authentication Required"
       AuthUserFile C:\xampp\apache\bin\passwordfiles\passwordfile
       Require valid-user guest
   </Directory>
David FavorFractional CTO
Distinguished Expert 2018

Commented:
First try editing each file via the absolute path, just to make sure all's well.

Then be sure to restart Apache.

You can also try adding some syntax error to your <Directory> container, which should cause your Apache restart to fail.

If your restart works, this means the config file isn't being picked up as you expect.

Author

Commented:
Still no good
Syntax error stops the server from starting so the file is being read
file paths are ok

Would this be confusing the issue - it is also in the conf file:
DocumentRoot "C:/xampp/htdocs"
<Directory "C:/xampp/htdocs">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks Includes ExecCGI

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   AllowOverride FileInfo AuthConfig Limit
    #
    AllowOverride All

    #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>

Author

Commented:
Any ideas on this please

Author

Commented:
I am also testing on a local network:
http://localhost/
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Unsure.

Difficult to say without access to a machine to debug.

Also, using Windows adds another layer of complexity, as running LAMP on Windows always means using some oddball install method...

Compared to Linux Distros which provide LAMP software as standard packages.

Likely the problem is something minor in you overall config + with Windows this can be a bear to figure out.

Eyeballing your config, everything looks correct.
Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:
I thought that Basic Auth in Apache applied to directories and not files.  ??

Author

Commented:
What could I try instead

Author

Commented:
Managed to find this:

AuthName "TickTockIT Int Protected"
AuthType Basic
AuthUserFile C:/xampp/apache/bin/passwordfile
require valid-user
Order Deny,Allow
Deny from all
Allow from ::1
Satisfy Any
<FilesMatch "results_invoices_IDsel_Client\.php$">
Satisfy Any
Allow from all
</FilesMatch>

This should do it as it works for the file referenced in the above
Commented:
Thanks all

Author

Commented:
Thanks all

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial