Find the answer to your Linux question:
Results 1 to 4 of 4
Like Tree1Likes
  • 1 Post By cnamejj
Hello, i used Dynamic Drive: .htaccess password generator to generate code for .htaccess and .htpasswd and i pasted it into my folder but its not protected, no password prompt htaccess ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux User postcd's Avatar
    Join Date
    Apr 2011
    Posts
    315

    .htaccess password protection does not show up


    Hello,

    i used Dynamic Drive: .htaccess password generator to generate code for .htaccess and .htpasswd

    and i pasted it into my folder

    but its not protected, no password prompt

    htaccess
    Code:
    AuthName "Restricted Area" 
    AuthType Basic 
    AuthUserFile /home/mysite/.htpasswd 
    AuthGroupFile /dev/null 
    require valid-user
    htpasswd
    Code:
    sss:iijBraotwn1Mg

    /home/mysite/.htpasswd i made double sure its correct folder.

    here it is
    Code:
    [root@vps munin]# pwd
    /var/www/munin
    [root@vps munin]# ls -la
    total 40
    drwxr-xr-x 4 munin munin 4096 Apr  2 20:16 .
    drwxr-xr-x 8 munin munin 4096 Apr  2 19:21 ..
    -rw-r--r-- 1 munin munin  127 Apr  2 20:16 .htaccess
    -rw-r--r-- 1 munin munin   20 Apr  2 20:16 .htpasswd
    drwxr-xr-x 2 munin munin 4096 Apr  2 19:01 cgi
    -rw-r--r-- 1 munin munin 2555 Apr  2 19:00 definitions.html
    -rw-r--r-- 1 munin munin 1464 Apr  2 20:15 index.html
    drwxr-xr-x 2 munin munin 4096 Apr  2 19:00 localhost
    -rw-r--r-- 1 munin munin  473 Apr  2 19:00 logo.png
    -rw-r--r-- 1 munin munin 3538 Apr  2 19:05 style.css
    its there, but not show up any password window on that page..
    "Avoid the Gates of Hell. Use Linux affordable VPS."

  2. #2
    Linux Engineer
    Join Date
    Dec 2013
    Posts
    1,191
    I don't know if it has anything to do with it but usually Require is capitalized. I don't know if caps count. Have you looked in your logs or run apachectl configtest?

  3. #3
    Linux Newbie
    Join Date
    Jun 2012
    Location
    SF Bay area
    Posts
    167
    I'm not sure why your config isn't resulting in a user/password challenge screen either. But I have a couple of suggestions that might help you get to a working configuration.

    First, read this page and see if it clears anything up.

    Apache HTTP Server Tutorial: .htaccess files - Apache HTTP Server

    And a couple of key points from that page I'll call out... First, using an ".htaccess" file for configuring an Apache server is generally your fallback when there's some reason you can add the logic to the Apache configuration files. And that's probably more important with authentication than any other sorts of configs.

    So I'd recommend moving the authentication stuff into the appropriate "<Directory>" section in the Apache config instead of putting it in a ".htaccess" file.

    But if there's a reason you have to use ".htaccess", here's a couple of things to consider.

    First, you have to make sure the Apache configuration allows ".htaccess" files to be used and specifically that they allow authentication. Check the page I link for info, but it means looking for "Override" statements in the Apache config. If the ".htaccess" file isn't allowed to override the authentication settings in the Apache config, it will never work.

    And second, your config line say the AuthUserFile file is in "/home/mysite/.htpasswd" but the "pwd" in your screen capture shows "/var/www/munin" as the directory. So unless the home directory for "munin" is "/var/www/munin" then they don't match.

    And finally, it's a bad idea to have the AuthUserFile in your document root. It shouldn't be someplace where people could request it from the webserver.
    postcd likes this.

  4. #4
    Linux User postcd's Avatar
    Join Date
    Apr 2011
    Posts
    315
    It was indeed that httpd.conf did not allowed any .htaccess to set any rules. (AllowOverride None)

    Code:
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    
    <Directory "/var/www/html">
        Options FollowSymLinks
        Order allow,deny
        Allow from all
    </Directory>
    as you see in /var/www/html, i assume Override is allowed (when not forbidden)
    but in any other folders like /var/www/munin its not allowed to execute any rules from .htaccess..


    so i added this:
    Code:
    <Directory /var/www/munin>
        Options FollowSymLinks
        AllowOverride All
    </Directory>
    and auth started working.
    "Avoid the Gates of Hell. Use Linux affordable VPS."

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •