Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

how to setup password on apache

Status
Not open for further replies.

akcrxnj

Technical User
Sep 28, 2003
8
US
I am sharing out files off of my web page but would like to password protect the actual page they reside on but still would like to keep my home page password free. I am very new to apache and need help.

<-- password free
<-- need password

Thanks
 
Check .htaccess under the FAQs for Apache.

Newposter
&quot;Good judgment comes from experience. Experience comes from bad judgment.&quot;
 
Newposter thanks. I have looked at the .htaccess file and I had confgured it but all I get is a forbidden page and it states that I cannot gain acces. I have placed my .htpasswd file in a directory called passwd it looks like this

#/passwd/.htpasswd
it contains the usernae and encrypt password which I created by using

#htpasswd -c .htaccess willy

I then created an htaccess file and saved it within the directory in which it is loacted.

#/var/apache/htdocs/mp3

I remembered to call it .htaccess below id the actual output from my .htaccess file.

# more .htaccess
AuthUserFile /passwd/.htpasswd
AuthGroupFile /dev/null
AuthName PasswordProtectedSite
AuthType Basic

<Limit GET>
require user willy
</Limit>

What is the problem that I am having. The part that is killing me is that all the documentation on .htaccess pretty much states that there is about a 1001 ways to use it. All I am looking to do is to password protect only one or two directories off of my website thats it. Hope you can help.

Thanks



 
Your problem may be here :

AuthUserFile /passwd/.htpasswd

AuthUserFile uses OS paths, not apache virtual paths so may you need to actually specify that directory.

Your error log should have something like this in it:

[Mon Sep 29 09:26:43 2003] [error] [client 10.0.0.10] (2)No such file or directory: Could not open password file: /passwd/.htpasswd

So, Apache is looking at system level paths since passwd files are generally kept out of web accessible space.

Hope this helps!
 
Siberian,

I have the .htpasswd file is in the directory stated above it is the relative path for the .htpasswd file. I have been playing and I have changed the .htpasswd file to /var/apache I made the neccessary changes in .htaccess and tried to get into the site again but I keep getting the forbidden error. Here is the log file of the message I am getting.

[Wed Oct 1 08:26:35 2003] [error] [client 192.168.2.1] (13)Permission denied: cannot read directory for multi: /var/apache/htdocs/mp3/

ps. I am running solaris 9 with the apache that is already bundled with it.
 
I know what the problem was for the directory it had no permissions set. I changed the permission but I do not get any pop-up it goes straight into that web-page where the mp3 directory is located. I think it may have something to do with the wasy I layed out the .htaccess file. Can annyone help. heres what I got.

I put .htpasswd in (relative path to root) /passwd/.htpasswd (i used the htpasswd -c .htaccess willy command)

I then put the following in .htaccess which is located in the page that I would like to protect. /var/apache/htdocs/mp3/.htaccess

Here is what it looks like. I used a #cat -vet so you can see spaces tabs ect.


# cat -vet .htaccess
AuthUserFile /passwd/.htpasswd$
AuthGroupFile /dev/null$
AuthName &quot;Password Required&quot;$
AuthType Basic$
$
<Limit GET>$
require user andy$
</Limit>$
#


 
<Directory &quot;/var/apache/htdocs/mp3/&quot;>
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Allow from xxx.xxx.xxx.*
AuthType Basic
AuthName &quot;Please log in to view these pages&quot;
AuthUserFile /passwd/.htpasswd
AuthAuthoritative on
require valid-user
Satisfy all
</Directory>

Try using it this way in the httpd.conf file with a simple .htaccess file without the

# cat -vet .htaccess
AuthUserFile /passwd/.htpasswd$
AuthGroupFile /dev/null$
AuthName &quot;Password Required&quot;$
AuthType Basic$
$
<Limit GET>$
require user andy$
</Limit>$
#

Create the .htaccess file with just the names and passwords in it.


The first line starting with <Directory tells what directory you want to have password protected (/var/apache/htdocs/mp3/).

Allow from xxx.xxx.xxx.* doesn't need to be in there unless you are restricting by IP addresses.

AuthName &quot;Please log in to view these pages&quot; - this is what will show up on the login dialog box.

I haven't heard of using it the way you have it used in the .htaccess file but as you stated, there are many ways to do this. This the way I have always has success.

I hope this helps
Good luck
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top