htaccess problems - any gurus out there?

[andrewp394]

Hi all,
I'm having real problems getting password protection working, and have spent two days searching forums etc with no success. Can anyone help? the problem I'm getting is that the .htaccess is being ignored - no username/password box, no errors, nothing unusual in the error or access log.

It's a dedicated server, so I'm sure that no-one else has tweaked with it.

I've checked that:
1. the accessfilename is set to .htaccess
2. I am using .htaccess to set the protection
3. permissions on .htaccess are 664
4. AllowOverride None is set for the root folder, but AllowOverride AuthConfig is set for the folder in question.


Here is the bulk of my httpd.conf, followed by the .htaccess content - excuse the length, but I don't want to miss anything out. I've remove alot of the extaneous comments, however. I've also removed my IP address, domain name, and email address where noted, and I've made bold the directory in question.

-------------------- HTTPD.CONF ------------------------

# ## Section 1: Global Environment

ServerType standalone
# ExtendedStatus On

# ## Section 2: 'Main' server configuration

Port 80
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MaxClients 150
MaxRequestsPerChild 0
PidFile /var/run/httpd.pid
# ResourceConfig conf/srm.conf
# AccessConfig conf/access.conf
Timeout 300
ScoreBoardFile /var/run/httpd.scoreboard
ServerRoot "/etc/httpd"
HostnameLookups off
# Listen 3000
# Listen 12.34.56.78:80
# BindAddress *

LoadModule perl_module /usr/ins/intel/apache/libexec/libperl.so
LoadModule frontpage_module /usr/ins/intel/apache/libexec/mod_frontpage.so
LoadModule php4_module /usr/ins/intel/apache/libexec/libphp4.so
LoadModule ssl_module /usr/ins/intel/apache/libexec/libssl.so
LoadModule rewrite_module /usr/ins/intel/apache/libexec/mod_rewrite.so


# iASP Setting
LoadModule iasp_module "/usr/lib/iasp-1.0.9/bin/apache/linux/1.3.12/mod_iasp.so"

ServerAdmin root@localhost
NameVirtualHost my.ip.addr.ess

ServerName localhost

ErrorLog "|/usr/ins/intel/bin/webspy"
TransferLog "|/usr/ins/intel/bin/webspy"
ScriptAlias /mailman/ "/home/mailman/cgi-bin/"
# SSLDisable

User nobody
Group nobody

<IfModule mod_mime_magic.c>
MIMEMagicFile /etc/httpd/conf/magic
</IfModule>
LockFile /var/lock/httpd.lock
Listen 80
Listen 443

UserDir public_html


# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.

# <Directory /home/*/public_html>
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# <Limit GET POST OPTIONS PROPFIND>
# Order allow,deny
# Allow from all
# </Limit>
# <LimitExcept GET POST OPTIONS PROPFIND>
# Order deny,allow
# Deny from all
# </LimitExcept>
# </Directory>

DirectoryIndex default.asp index.html index.htm index.asp index.shtml index.wml index.php default.htm default.html index.cgi

# AccessFileName: The name of the file to look for in each directory
# for access control information.

AccessFileName .htaccess

# CacheNegotiatedDocs

UseCanonicalName On

TypesConfig /etc/mime.types

DefaultType text/plain

LogLevel warn

LogFormat &quot;%h %l %u %t \&quot;%r\&quot; %>s %b \&quot;%{Referer}i\&quot; \&quot;%{User-Agent}i\&quot;&quot; combined
LogFormat &quot;%h %l %u %t \&quot;%r\&quot; %>s %b&quot; common
LogFormat &quot;%{Referer}i -> %U&quot; referer
LogFormat &quot;%{User-agent}i&quot; agent
CustomLog /var/log/httpd/access_log common
# CustomLog /var/log/httpd/referer_log referer
# CustomLog /var/log/httpd/agent_log agent
CustomLog /var/log/httpd/access_log combined
ServerSignature Off

Alias /icons/ &quot;/home/httpd/icons/&quot;
Alias /pipermail/ &quot;/home/mailman/archives/public/&quot;
Alias /updates/ &quot;/home/updates/&quot;


-- I've skipped loads of lines on directory indexing, icons, and languages


AddType application/x-httpd-php .php
# AddType application/x-httpd-php .php3
# AddType application/x-httpd-php-source .phps
AddType application/x-tar .tgz

AddHandler cgi-script .cgi
AddHandler cgi-script .pl
# AddType text/html .shtml
# AddHandler server-parsed .shtml
# AddHandler send-as-is asis
# AddHandler imap-file map
# AddHandler type-map var

-- ErrorDocument section - none defined

BrowserMatch &quot;Mozilla/2&quot; nokeepalive
BrowserMatch &quot;MSIE 4\.0b2;&quot; nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch &quot;RealPlayer 4\.0&quot; force-response-1.0
BrowserMatch &quot;Java/1\.0&quot; force-response-1.0
BrowserMatch &quot;JDK/1\.0&quot; force-response-1.0
LogFormat &quot;%h %l %u %t \&quot;%r\&quot; %>s %b \&quot;%{Referer}i\&quot; \&quot;%{User-Agent}i\&quot;&quot;

# CacheRoot &quot;/usr/ins/intel/proxy&quot;
# CacheSize 5
# CacheGcInterval 4
# CacheMaxExpire 24
# CacheLastModifiedFactor 0.1
# CacheDefaultExpire 1
# NoCache a_domain.com another_domain.edu joes.garage_sale.com

# </IfModule>
# End of proxy directives.



# ## Section 3: Virtual Hosts

FrontpageDisable

Alias /iasp &quot;/usr/lib/iasp-1.0.9&quot;
IaspConfig server &quot;/usr/lib/iasp-1.0.9/properties/server.properties&quot;
IaspConfig rules &quot;/usr/lib/iasp-1.0.9/properties/rules.properties&quot;



<Directory />
Options FollowSymlinks
AllowOverride None
</Directory>


<Directory &quot;/home/httpd/html&quot;>
Options MultiViews Indexes FollowSymlinks
AllowOverride AuthConfig FileInfo Indexes Limit Options
Order allow,deny
Allow from all
</Directory>

#<Files ~>
# AllowOverride AuthConfig FileInfo Indexes Limit Options
# Order allow,deny
# Deny from all
#</Files>

<Directory &quot;/

http://www1/icons&quot;>

Options MultiViews Indexes
AllowOverride None
Order allow,deny
Allow from all
</Directory>

<Directory &quot;/home/httpd/html/cgi-bin&quot;>
AllowOverride None
Order allow,deny
Allow from all
</Directory>


<VirtualHost my.ip.add.ress:80>
# This host entry is to catch invalid VHost names
# It should always be the first VirtualHost entry for a given IP
# It should NOT be deleted
ServerName __CatchInvalidVHostNames__
DocumentRoot /home/domain/.error
ErrorDocument 404 /index.html
</VirtualHost>

<VirtualHost my.ip.add.ress:80>
ServerAdmin andrew_seam@mydomain.com
ServerName

http://www.mydomain.com

DocumentRoot /home/domain/domain31/web
ErrorLog &quot;|/usr/ins/intel/bin/webspy /home/domain/domain31/logs/error_log&quot;
TransferLog &quot;|/usr/ins/intel/bin/webspy /home/domain/domain31/logs/access_log&quot;
ScriptAlias /cgi-bin/ /home/domain/domain31/web/cgi-bin/
<Location />
Options +Includes
</Location>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^213.171.194.3280)?$
RewriteCond %{HTTP_HOST} !^

http://www.mydomain.com(:80)?$

RewriteRule ^/(.*)

http://www.mydomain.com/$1

[L,R]
RewriteOptions inherit
AliasMatch ^/~([^/]+)(/(.*))? /home/domain/domain31/users/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /home/domain/domain31/users/$1/web/$3
AddHandler server-parsed .shtml
AddType text/html .shtml
ServerAlias mydomain.com
<Directory /home/domain/domain31/web/downloads/cbenhancer>
AllowOverride AuthConfig FileInfo Indexes Limit Options
</Directory>
</VirtualHost>

<IfModule mod_ssl.c>
SSLMutex file:/var/log/httpd/ssl_mutex
SSLSessionCache dbm:/var/log/httpd/ssl_scache
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
</IfModule>


-------------------- /HTTPD.CONF ------------------------

Here is the .htaccess - note that I've replaced the full path with &quot;folder/folder&quot; in the AuthUserFile. Again, I've checked the file exists, and is in the correct folder. Permissions on .htpasswd are 664, and there is one username/password within it.

-------------------- .HTACCESS ------------------------
AuthUserFile /home/domain/domain31/folder/folder/.htpasswd
AuthGroupFile /dev/null
AuthName &quot;Clickbank Enhancer Download&quot;
AuthType Basic

<Limit GET POST>
order deny,allow
deny from all
require valid-user
</Limit>


-------------------- .HTACCESS ------------------------


Well, I think that's all that's relevant. So - can anyone out there help? Do you need more information?


Many thanks in advance,
Andy Peacock

 

[mocha]

okay the first thing is that make sure your.htaccess and .htpasswd are in the same directory that you are trying to protect.....
Secondly...there is a line that you need to add in you http.conf file in the .htaccess section(not the directory in question but the .htaccess section)...

AllowOveride AuthConfig

restart Apache and restart your comp...
Hope this helps...
regards

 

[andrewp394]

Mocha,
I'm not sure what you mean by &quot;in the .htaccess section&quot; - can you cut and paste the section you are talking about, and insert the line you say I need?

Thanks,
Andy

 

[rninja]

Actually, it is not neccessary to place the htfiles (.htpassword, .htpassword) in the same directory as you are trying to protect.

As for the line &quot;AllowOveride AuthConfig&quot;, you can place that in the httpd.conf file under your main directoryRoot section. The part of your httpd.conf file that has the main directory for web documents (by default : /usr/local/apache/htdocs).


Rninja

 

[tekagami]

YOu are breaking your head with nonsense! all you need is access to your shell and to know some 'nix knowhow.

1- create a text file called &quot;.htaccess&quot; , it shoul contain:

AuthUserFile /path/to/urwebsite.com/members/.htpasswd
AuthGroupFile /dev/null
AuthType Basic
AuthName &quot;User area&quot;

<LIMIT GET POST>
require valid-user
</LIMIT>

2- telnet to ur account and type the following:

htpasswd /path/to/urwebsite.com/members/.htpasswd membername

it will promt you with the password and will add the password (already encripted to your .htpasswd file. to erase people just erase the entry line with the username of your dislike.

make the changes in your paths and of course change the membername you want to add to the .htpasswd file

thats it!

if you have any troubles let me know...