Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

htaccess, no prompt for password

Status
Not open for further replies.
GoldenEternity

GoldenEternity

Technical User
May 4, 2001
159
US
I'm going nuts on this access control issue... Apache is running along happily, except that I can't set .htaccess restrictions on a directory.

What am I doing wrong here...? I've even tried rebuilding it a few different ways. Anything else I should try?

in httpd.conf:
--
AccessFileName .htaccess
...
<Directory /var/ order deny,allow
deny from all
Options Indexes MultiViews
AllowOverride AuthConfig
</Directory>
--

in /var/--
AuthUserFile /var/AuthName &quot;OMNI&quot;
AuthType Basic

Require valid-user
--

in /var/--
omni:<blah>
--

in config.status:
--
./configure &quot;--with-layout=Apache&quot; &quot;--activate-module=src/modules/php4/libphp4.a&quot; &quot;--prefix=/var/ &quot;$@&quot;
--
 
Sort by date Sort by votes
When the deny triggers, it doesn't prompt me to override with a username/password.

error_log shows:
[Fri Apr 5 12:08:36 2002] [error] [client 192.168.1.64] client denied by server configuration: /var/
 
Upvote 0 Downvote
The deny from all line automatically turns anyone away.
 
Upvote 0 Downvote
Why do you &quot;Deny From All&quot; on this directory? You should Allow From All, and Deny From All only on file types of ^.ht, so that your .htaccess and .htpassword files can't be seen. The routine works for me using Apache and Win2K

In your htttpd.conf, near where you define your root directory:

Options All MultiViews

#
# This controls which options the .htaccess files in directories can
# override. Can also be &quot;All&quot;, or any combination of &quot;Options&quot;, &quot;FileInfo&quot;,
# &quot;AuthConfig&quot;, and &quot;Limit&quot;
#
AllowOverride Authconfig

#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>

then:


AccessFileName .htaccess
#
# The following lines prevent .htaccess files from being viewed by
# Web clients. Since .htaccess files often contain authorization
# information, access is disallowed for security reasons. Comment
# these lines out if you want Web visitors to see the contents of
# .htaccess files. If you change the AccessFileName directive above,
# be sure to make the corresponding changes here.
#
# Also, folks tend to use names such as .htpasswd for password
# files, so this will protect those as well.
#
<Files ~ &quot;^\.ht&quot;>
Order allow,deny
Deny from all
</Files>

.htaccess and .htpassword look OK
 
Upvote 0 Downvote
Doh! Thank you...

I saw some docs that had it set up like that, so I figured it would override it...
 
Upvote 0 Downvote
No problem, I'm a novice to this and have received MUCH valuable help from ifincham and Wullie in particular. They helped me set up this security on my sites.
 
Upvote 0 Downvote
Having .htaccess problems myself, 'bout to start pulling out hair with it all. o.o What's most frustrating, is the fact I've gotten .htaccess working on another machine, just not this one, no matter what I've done.

from commonhttpd.conf (Mandrake 8.1):

<Directory />
Options All Multiviews
AllowOverride Authconfig
Order deny,allow
Deny from all
</Directory>

<- snip ->
AccessFileName .htaccess
<- snip ->

<Files ~ &quot;^\.ht&quot;>
Order allow,deny
Deny from all
</Files>

from httpd.conf:
<Directory /var/Options none
AllowOverride AuthConfig Indexes Limit Options
</Directory>

from /var/Order Deny,Allow
Deny from all
Allow from <local domain>

AuthName &quot;<name>&quot;
AuthType Basic
AuthDBUserFile <correct path to db file>
require user <user>

Trying to go to the directory, or the index.html of said directory, I get a 403 Forbidden. Renaming, moving, etc .htaccess from this, and it comes up fine. A look at logs reveals the message: 'client denied by server configuration' for a request from my IP trying to access the directory where the .htaccess file is located. File permissions are all correct, any other ideas on what may be up?
 
Upvote 0 Downvote
Okay, apparently I made a typo posting from commonhttpd.conf: Order allow,deny Allow from all. Makes a wee bit of a difference, sorry... Other than that, however, just about everything from my commonhttpd.conf should match up with what's been mentioned in this thread, with no change from the 403 Forbidden message.

I've also tried different combinations for the <Directory /var/ directive (including trying the one from the original posting with order allow,deny allow from all), again to no avail.

That little typo can make quite the difference, so taking that into consideration, any other ideas...?
 
Upvote 0 Downvote
Okay, apparently I made a typo posting from commonhttpd.conf: Order allow,deny Allow from all. Makes a wee bit of a difference, sorry... Other than that, however, just about everything from my commonhttpd.conf should match up with what's been mentioned in this thread, with no change from the 403 Forbidden message.

I've also tried different combinations for the <Directory /var/ directive (including trying the one from the original posting with order allow,deny allow from all), again to no avail.

That little typo can make quite the difference, so taking that into consideration, any other ideas...?
 
Upvote 0 Downvote
Not to insult your intelligence in any way, as this is an easy mistake to make, but did you restart Apache after fixing the permissions? If not, the change hasn't taken effect.
 
Upvote 0 Downvote
Yes, I've restarted Apache after each and every change (and I've worked tech. support before, so no, I don't take it as an insult.)
 
Upvote 0 Downvote
Hi,

<Directory />
Options All Multiviews
AllowOverride Authconfig
Order deny,allow
Deny from all
</Directory>

should be

<Directory />
Options All Multiviews
AllowOverride Authconfig
Order deny,allow
Allow from all
</Directory>

**************************

from /var/Order Deny,Allow
Deny from all


should be

from /var/Order Deny,Allow
Allow from all

Don't set it to only allow one user until you get the problem sorted..

If that doesn't help, what do your error logs say?? The logs are there for a reason... [wink]

Hope this helps Wullie

 
Upvote 0 Downvote
Well, that change in the .htaccess file seemed to loosen things up. I get the password prompt now, but it won't take the name/password combo. Looking at the error log reveals:

[<date&time>] [error] [client <my IP>] could not open db auth file: <correct path to db file>
[<date&time>] [error] [client <my IP>] DB user <user> not found: /var/
And before the question is asked, db_auth_module has appropriate LoadModule and AddModule entries. Also, the db file itself is rwxr-xr-x root apache, and I even chowned the db file to apache to try it that way, but get the same result. Again, I'm running a test machine that works just fine with the db_auth_module (and NOT the dbm_auth_module), but that one's running Apache 1.3.23, where the one I'm pounding on is 1.3.22. Would the ver. difference be enough to matter, or should I check module vers? Anything else I should be looking for/at?
 
Upvote 0 Downvote
Well, that change in the .htaccess file seemed to loosen things up. I get the password prompt now, but it won't take the name/password combo. Looking at the error log reveals:

[<date&time>] [error] [client <my IP>] could not open db auth file: <correct path to db file>
[<date&time>] [error] [client <my IP>] DB user <user> not found: /var/
And before the question is asked, db_auth_module has appropriate LoadModule and AddModule entries. Also, the db file itself is rwxr-xr-x root apache, and I even chowned the db file to apache to try it that way, but get the same result. Again, I'm running a test machine that works just fine with the db_auth_module (and NOT the dbm_auth_module), but that one's running Apache 1.3.23, where the one I'm pounding on is 1.3.22. Would the ver. difference be enough to matter, or should I check module vers? Anything else I should be looking for/at?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Krus1972
  • Locked
  • Question
Rewrite Rule for .htaccess Help
Replies
0
Views
280
Krus1972
Krus1972
SamBones
  • Locked
  • Question
How Do I Start/Stop Systemd Services as a non-root User?
Replies
2
Views
746
gbaughma
gbaughma
krabban
  • Locked
  • Question
Dirvish for backup
Replies
0
Views
260
krabban
krabban
hobbytech
  • Locked
  • Question
Internet not connecting
Replies
5
Views
348
Stephen_Hawk
Stephen_Hawk
msk69
  • Locked
  • Question
Format Conversion query
Replies
6
Views
297
MBTC
MBTC

Part and Inventory Search

Sponsor

Back
Top