Hi,
I'm trying to password protect one of my web accessable directories and I can't get .htaccess to work in a Centos 5.1 box Here's what I did
I created an .htaccess file with the contents:
AuthName "Restricted Area" AuthType Basic AuthUserFile /home/mysite/.htpasswd AuthGroupFile /dev/null require valid-user
and I uploaded it to the dir I want to protect. Then I created my password outside of my web dir with the command: htpasswd -c .htpasswd pam then followed password prompts, created my password.
So then I go to the site, and am not seeing any password required box, I can see site without a login.
So then I figured it's not turned on in apache, and went to httpd.conf and changed AllowOverride None to AllowOverride AuthConfig
When I reload, apache will not reload.
What am I doing wrong? _________________________________________________________________ Pack up or back up–use SkyDrive to transfer files or keep extra copies. Learn how. http://www.windowslive.com/skydrive/overview.html?ocid=TXT_TAGLM_WL_Refresh_...
On Fri, 18 Apr 2008, Pam Astor wrote:
Hi,
I'm trying to password protect one of my web accessable directories and I can't get .htaccess to work in a Centos 5.1 box Here's what I did
I created an .htaccess file with the contents:
AuthName "Restricted Area" AuthType Basic AuthUserFile /home/mysite/.htpasswd AuthGroupFile /dev/null require valid-user
and I uploaded it to the dir I want to protect. Then I created my password outside of my web dir with the command: htpasswd -c .htpasswd pam then followed password prompts, created my password.
So then I go to the site, and am not seeing any password required box, I can see site without a login.
So then I figured it's not turned on in apache, and went to httpd.conf and changed AllowOverride None to AllowOverride AuthConfig
When I reload, apache will not reload.
What am I doing wrong?
The syntax for auth stuff changed between Apache 2.0 and 2.2 (which is used in CentOS 5). In particular, you'll need a AuthBasicProvider declaration:
http://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbasicprovider
The syntax for auth stuff changed between Apache 2.0 and 2.2 (which is used in CentOS 5). In particular, you'll need a AuthBasicProvider declaration:
http://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbasicprovider
Hi,
Thanks much, I read the URL, it is a bit too cryptic for me, can you or someone point me to a bit clearer step by step for setting this up correctly? _________________________________________________________________ Get in touch in an instant. Get Windows Live Messenger now. http://www.windowslive.com/messenger/overview.html?ocid=TXT_TAGLM_WL_Refresh...
On Saturday 19 April 2008 03:35:52 Paul Heinlein wrote:
The syntax for auth stuff changed between Apache 2.0 and 2.2 (which is used in CentOS 5). In particular, you'll need a AuthBasicProvider declaration:
http://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbasicprovider
Thans Paul, That's new news to me :)
For the OP, I believe it would be: <Location /secure> AuthType basic AuthName "private area" AuthBasicProvider file AuthDBMType file AuthDBMUserFile /home/mysite/.htpasswd Require valid-user </Location>
CMIIW,
The syntax for auth stuff changed between Apache 2.0 and 2.2 (which is used in CentOS 5). In particular, you'll need a AuthBasicProvider declaration:
http://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbasicprovider
Thans Paul, That's new news to me :)
For the OP, I believe it would be: <Location /secure> AuthType basic AuthName "private area" AuthBasicProvider file AuthDBMType file AuthDBMUserFile /home/mysite/.htpasswd Require valid-user
</Location>
Thanks,
OK I tried that and it still would not work, I am not prompted for a username or password on the site I want to protect.
Do I also need to add a new entry in httpd.conf or load a new apache module?
_________________________________________________________________ Use video conversation to talk face-to-face with Windows Live Messenger. http://www.windowslive.com/messenger/connect_your_way.html?ocid=TXT_TAGLM_WL...
On Sat, Apr 19, 2008 at 6:37 AM, Pam Astor pamastor@hotmail.com wrote:
OK I tried that and it still would not work, I am not prompted for a username or password on the site I want to protect.
Do I also need to add a new entry in httpd.conf or load a new apache module?
Not by default, no.
There are several AllowOverrides statements in the default httpd.conf. Which did you modify?
The one you wanted should be around line 327, looking like this:
Options Indexes FollowSymLinks
# # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None
# # Controls who can get stuff from this server. # Order allow,deny Allow from all
</Directory>
Change the AllowOverride to AuthConfig, and that should be just about it.
You don't want to use the AuthDBMType unless you're using htdbm instead of htpasswd to generate your password file lists.
You also need to make sure that apache has access to the area where you're putting your .htaccess.
If you're stuffing this in your home directory like it looks above, apache doesn't have permissions in here unless you've modified your homedir to 711 from 700. Selinux can also cause some issues in here as well if you have it enabled and haven't changed contexts.
Without fully seeing the config that you're using and some info about the dir you're trying to restrict, it'll be a little harder to offer more help.
Do I also need to add a new entry in httpd.conf or load a new apache module?
Not by default, no.
There are several AllowOverrides statements in the default httpd.conf. Which did you modify?
The one you wanted should be around line 327, looking like this:
Options Indexes FollowSymLinks
# # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None
# # Controls who can get stuff from this server. # Order allow,deny Allow from all
</Directory>
Change the AllowOverride to AuthConfig, and that should be just about it.
You don't want to use the AuthDBMType unless you're using htdbm instead of htpasswd to generate your password file lists.
You also need to make sure that apache has access to the area where you're putting your .htaccess.
If you're stuffing this in your home directory like it looks above, apache doesn't have permissions in here unless you've modified your homedir to 711 from 700. Selinux can also cause some issues in here as well if you have it enabled and haven't changed contexts.
Without fully seeing the config that you're using and some info about the dir you're trying to restrict, it'll be a little harder to offer more help.
I reset AllowOverride to AuthConfig and it's still not working.
OK the dir I am trying to password protect (named www) is the home or main or root directory of www.mydomain.com - it is owned by apache The permissions on www were set to 755. .htaccess is located inside www and is also owned by apache. .htpasswd is just below, or outside of www and outside of web access and is also owned by apache.
I do have selinux enabled I believe.
For my httpd.conf, I have one main configuration file in /etc/httpd/conf and for each virtual domain, I have individual www.mydomain.com.conf files with associated virtual host tags inside, and located in /etc/httpd/conf.d directory.
I also tried placing the AllowOverride AuthConfig directive inside the individual conf.d virtual domain
files but then apache would not reload, so I took them out and reloaded again.
Are the individual conf.d files causing the problem?
_________________________________________________________________ Going green? See the top 12 foods to eat organic. http://green.msn.com/galleries/photos/photos.aspx?gid=164&ocid=T003MSN51...
Do I also need to add a new entry in httpd.conf or load a new apache
module?
Not by default, no.
There are several AllowOverrides statements in the default httpd.conf. Which did you modify?
The one you wanted should be around line 327, looking like this:
Options Indexes FollowSymLinks
# # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None
# # Controls who can get stuff from this server. # Order allow,deny Allow from all
</Directory>
Change the AllowOverride to AuthConfig, and that should be just about it.
You don't want to use the AuthDBMType unless you're using htdbm instead of htpasswd to generate your password file lists.
You also need to make sure that apache has access to the area where you're putting your .htaccess.
If you're stuffing this in your home directory like it looks above, apache doesn't have permissions in here unless you've modified your homedir to 711 from 700. Selinux can also cause some issues in here as well if you have it enabled and haven't changed contexts.
Without fully seeing the config that you're using and some info about the dir you're trying to restrict, it'll be a little harder to offer more help.
I reset AllowOverride to AuthConfig and it's still not working.
OK the dir I am trying to password protect (named www) is the home or main or root directory of www.mydomain.com - it is owned by apache The permissions on www were set to 755. .htaccess is located inside www and is also owned by apache. .htpasswd is just below, or outside of www and outside of web access and is also owned by apache.
I do have selinux enabled I believe.
For my httpd.conf, I have one main configuration file in /etc/httpd/conf and for each virtual domain, I have individual www.mydomain.com.conf files with associated virtual host tags inside, and located in /etc/httpd/conf.d directory.
I also tried placing the AllowOverride AuthConfig directive inside the individual conf.d virtual domain
files but then apache would not reload, so I took them out and reloaded again.
Are the individual conf.d files causing the problem?
In addition to the above, I have tried all three of the two below contents inside of my .htaccess file as suggested:
<Location /secure> AuthType basic AuthName "private area" AuthBasicProvider file AuthDBMUserFile /home/maindir/.htpasswd Require valid-user </Location>
<Location /secure>
AuthType basic
AuthName "private area"
AuthBasicProvider file Require valid-user
</Location>
AuthUserFile /home/maindir/.htpasswd AuthType Basic AuthName "My Secret Folder" Require valid-user
Going green? See the top 12 foods to eat organic.
_________________________________________________________________ Use video conversation to talk face-to-face with Windows Live Messenger. http://www.windowslive.com/messenger/connect_your_way.html?ocid=TXT_TAGLM_WL...
On Sat, Apr 19, 2008 at 8:56 AM, Pam Astor pamastor@hotmail.com wrote:
For my httpd.conf, I have one main configuration file in /etc/httpd/conf
and for each virtual domain, I have individual
www.mydomain.com.conf files with associated virtual host tags inside, and
located in /etc/httpd/conf.d directory.
Okay. These are vhost configs only. You *can* set them globally in httpd.conf, but they can be overwritten later, so it's best to do it vhost by vhost.
I also tried placing the AllowOverride AuthConfig directive inside the
individual conf.d virtual domain
files but then apache would not reload, so I took them out and reloaded
again.
This depends on where within the vhost config you put them. Apache should tell you exactly what line of the config the error is on, and what exactly is wrong with it.
Are the individual conf.d files causing the problem?
Only because they aren't formatted properly.
<Location /secure> AuthType basic AuthName "private area" AuthBasicProvider file AuthDBMUserFile /home/maindir/.htpasswd Require valid-user
</Location>
This one is wrong because you're pointing a DBM statement to a flat user file which isn't in dbm format.
<Location /secure> AuthType basic AuthName "private area" AuthBasicProvider file Require valid-user
</Location>
This one sets the auth type outside everything else, and provides multiple names.
AuthUserFile /home/maindir/.htpasswd AuthType Basic AuthName "My Secret Folder" Require valid-user
Here's a statement that I know works, from my nagios setup at home, altered for what you're looking to do.
<Directory "/change/this"> Options None AuthName "Nagios Access" AuthType Basic AuthUserFile /etc/httpd/htpasswd.users Require valid-user </Directory>
For my httpd.conf, I have one main configuration file in /etc/httpd/conf
and for each virtual domain, I have individual
www.mydomain.com.conf files with associated virtual host tags inside, and
located in /etc/httpd/conf.d directory.
Okay. These are vhost configs only. You *can* set them globally in httpd.conf, but they can be overwritten later, so it's best to do it vhost by vhost.
OK so do/set what vhost by vhost? Place the AllowOverride AuthConfig directive vhost by vhost? If that's what yo u meant, I tried again inserting the
<Directory /> Options FollowSymLinks AllowOverride AuthConfig </Directory>
and the
<Directory /> AllowOverride AuthConfig </Directory>
directives inside the individual vhost file and am still not getting a login prompt on the site. However this time, apache did reload for both directives. The reason why It did not reload last time, was because all I did earlier was insert the AllowOverride AuthConfig statement inside the vhost file, without the directory tags, so at least there is some progress there ;)
I also tried placing the AllowOverride AuthConfig directive inside the
individual conf.d virtual domain
files but then apache would not reload, so I took them out and reloaded
again.
This depends on where within the vhost config you put them. Apache should tell you exactly what line of the config the error is on, and what exactly is wrong with it.
I did not get indication from apache what line the syntax error was or what file either, all I got was:
Reloading httpd: not reloading due to configuration syntax error [FAILED] But I guess that point is moot now since at least httpd is reloading. I have however got line-syntax indications for other apache errors, just don't know why I was not getting them for this error.
Are the individual conf.d files causing the problem?
Only because they aren't formatted properly.
<Location /secure> AuthType basic AuthName "private area" AuthBasicProvider file AuthDBMUserFile /home/maindir/.htpasswd Require valid-user
</Location>
This one is wrong because you're pointing a DBM statement to a flat user file which isn't in dbm format.
<Location /secure> AuthType basic AuthName "private area" AuthBasicProvider file Require valid-user
</Location>
This one sets the auth type outside everything else, and provides multiple names.
AuthUserFile /home/maindir/.htpasswd AuthType Basic AuthName "My Secret Folder" Require valid-user
Here's a statement that I know works, from my nagios setup at home, altered for what you're looking to do.
<Directory "/change/this"> Options None AuthName "Nagios Access" AuthType Basic AuthUserFile /etc/httpd/htpasswd.users Require valid-user
</Directory>
OK, just to make sure I am doing this exactly correct, do I substitute "Nagios Access" to whatever login name I used when I created my .htpasswd file?
Also, for Directory "/change/this", do I set this to the directory where my .htpasswd file is located? Or is this the path to the dir I am trying to protect?
Or, for AuthUserFile /etc/httpd/htpasswd.users, is this the path and filename of the .htpasswd file?
_________________________________________________________________ Get in touch in an instant. Get Windows Live Messenger now. http://www.windowslive.com/messenger/overview.html?ocid=TXT_TAGLM_WL_Refresh...
Jim Perrin wrote on Sat, 19 Apr 2008 10:16:54 -0400:
<Directory "/change/this">
Jim, you forget that he's using .htaccess, the above cannot work there. He has to leave that out.
Pam: if you can access the directory just fine this does *not* mean that you misconfigured your .htaccess file (although it looked like that as well), it means it is not getting used at all. An .htaccess file that is not allowed by server config or that contains wrong configuration throws a 500 Internal Server Error. You have also been told a while back I think that you should look in the logs. Did you do that? I don't remember having seen any response from you about that. Do the following: place a single fake command like "this is a fake command" in your .htaccess file and then access the directory. If you don't get a 500 error, the file is not getting used. Which means next step is to check your logs and your configuration why it's not getting used and also double-check that it's in the correct directory and you access the correct directory (as I don't know what content you have there this content may either be identifying it uniquely or not).
You should also read the Apache documentation at httpd.apache.org, it may help you find that probably tiny mistake that you make, but we can't tell you as we don't see all of the picture. You should also read up on how you can achieve the password protection without an .htaccess file. This file is completely unnecessary if you have access to the apache conf, anyway.
Kai
Jim, you forget that he's using .htaccess, the above cannot work there. He > has to leave that out.> > Pam: if you can access the directory just fine this does *not* mean that > you misconfigured your .htaccess file (although it looked like that as > well), it means it is not getting used at all. An .htaccess file that is > not allowed by server config or that contains wrong configuration throws a > 500 Internal Server Error. You have also been told a while back I think > that you should look in the logs. Did you do that? I don't remember having > seen any response from you about that.> Do the following: place a single fake command like "this is a fake > command" in your .htaccess file and then access the directory. If you > don't get a 500 error, the file is not getting used. Which means next step > is to check your logs and your configuration why it's not getting used and > also double-check that it's in the correct directory and you access the > correct directory (as I don't know what content you have there this > content may either be identifying it uniquely or not).> > You should also read the Apache documentation at httpd.apache.org, it may > help you find that probably tiny mistake that you make, but we can't tell > you as we don't see all of the picture. You should also read up on how you > can achieve the password protection without an .htaccess file. This file > is completely unnecessary if you have access to the apache conf, anyway.
OK, I put the fake command in and now I'm getting an error via web page:
Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request.
Here are the last two log file entries for that httpd request:
12.34.567.89 - - [19/Apr/2008:13:46:23 -0400] "GET / HTTP/1.1" 500 61612.34.567.89 - - [19/Apr/2008:13:47:12 -0400] "GET / HTTP/1.1" 200 20 I Changed the IP's. I guess there were two seperate errors, the last error - even when I corrected and removed the fake command and reloaded, I could not access the site, so the second error indicates the fake message removed but all else being (supposedly) correct the same in the conf.d file. Then I deleted .htaccess and .htpasswd and now I can again access the site again.
_________________________________________________________________ Use video conversation to talk face-to-face with Windows Live Messenger. http://www.windowslive.com/messenger/connect_your_way.html?ocid=TXT_TAGLM_WL...
Pam Astor wrote on Sat, 19 Apr 2008 13:54:17 -0400:
That you got a server error is good.
Here are the last two log file entries for that httpd request:
you want to look in the *error* log if you look for errors!
I could not access the site,
which means exactly what? ;-)
Kai
That you got a server error is good.> > > Here are the last two log file entries for that httpd request:> > you want to look in the *error* log if you look for errors!> > > > I could not access the site,> > which means exactly what? ;-)
OK, starting from scratch this morning, here is the .htaccess file I am using which is inside of the /home/LinuxAccountName/www directory:
<Directory "/home/LinuxAccountName/www">Options NoneAuthName "UserNameIUsedToCreatePasswordWith"AuthType BasicAuthUserFile /home/LinuxAccountName/.htpasswdRequire valid-user</Directory> www above refers to the root or web directory - the lowest or first or base directory that is web accessable. And, this is the error I am getting from my httpd error log for this domain:
[Sun Apr 20 07:47:40 2008] [alert] [client 75.46.110.14] /home/LinuxAccountName/.htaccess: <Directory not allowed here
When I point my web browser to the domain name that the above .htaccess is written for, I get the below error in my web browser:
Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, help@mydomain.com and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log.
Apache/2.2.3 (CentOS) Server at www.mydomain.com Port 80 + _________________________________________________________________ Pack up or back up–use SkyDrive to transfer files or keep extra copies. Learn how. http://www.windowslive.com/skydrive/overview.html?ocid=TXT_TAGLM_WL_Refresh_...
Pam Astor wrote:
That you got a server error is good.> > > Here are the last two log file entries for that httpd request:> > you want to look in the *error* log if you look for errors!> > > > I could not access the site,> > which means exactly what? ;-)
OK, starting from scratch this morning, here is the .htaccess file I am using which is inside of the /home/LinuxAccountName/www directory:
<Directory "/home/LinuxAccountName/www">Options NoneAuthName "UserNameIUsedToCreatePasswordWith"AuthType BasicAuthUserFile /home/LinuxAccountName/.htpasswdRequire valid-user</Directory> www above refers to the root or web directory - the lowest or first or base directory that is web accessable. And, this is the error I am getting from my httpd error log for this domain:
[Sun Apr 20 07:47:40 2008] [alert] [client 75.46.110.14] /home/LinuxAccountName/.htaccess: <Directory not allowed here
Remove the <Directory> tag.. a .htaccess file is placed inside a <Directory> tag for the folder it is in automatically..
Consequentially, your .htaccess looks like this to apache: <Directory /home/user/www> <Directory /home/user/www> ... </Directory> </Directory>
That you got a server error is good.> > > Here are the last two log file entries for that httpd request:> > you want to look in the *error* log if you look for errors!> > > > I could not access the site,> > which means exactly what? ;-)
OK, starting from scratch this morning, here is the .htaccess file I am using which is inside of the /home/LinuxAccountName/www directory:
<Directory "/home/LinuxAccountName/www">Options NoneAuthName "UserNameIUsedToCreatePasswordWith"AuthType BasicAuthUserFile /home/LinuxAccountName/.htpasswdRequire valid-user</Directory> www above refers to the root or web directory - the lowest or first or base directory that is web accessable. And, this is the error I am getting from my httpd error log for this domain:
[Sun Apr 20 07:47:40 2008] [alert] [client 75.46.110.14] /home/LinuxAccountName/.htaccess: <Directory not allowed here
Remove the <Directory> tag.. a .htaccess file is placed inside a <Directory> tag for the folder it is in automatically..
Consequentially, your .htaccess looks like this to apache: <Directory /home/user/www> <Directory /home/user/www> ...
</Directory> </Directory>
Thanks,
OK I removed the directory tag & got a different error, now the contents of .htaccess file is this:
Options None AuthName "UserNameCreatedFor.htpasswd" AuthType Basic AuthUserFile /home/user/.htpasswd Require valid-user
Error log for my request is here:
[Sun Apr 20 19:57:05 2008] [alert] [client 12.34.567.89] /home/user/www/.htaccess: Options not allowed here
And error I got in web browser is here:
Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request.
_________________________________________________________________ Use video conversation to talk face-to-face with Windows Live Messenger. http://www.windowslive.com/messenger/connect_your_way.html?ocid=TXT_TAGLM_WL...
325D7E3D9AFA5814F1ABE8C8E10@phx.gbl> X-Rcpt-To: centos@centos.org
Pam Astor wrote on Sun, 20 Apr 2008 20:03:16 -0400:
Options not allowed here
Please, by now you should know what this means, even after obstinately neglecting to look in the documentation.
Kai
pls click below URL
http://openwebmail.org/openwebmail/download/redhat/howto/htaccess/HOWTO.HTML
On Mon, Apr 21, 2008 at 2:01 PM, Kai Schaetzl maillists@conactive.com wrote:
325D7E3D9AFA5814F1ABE8C8E10@phx.gbl> X-Rcpt-To: centos@centos.org
Pam Astor wrote on Sun, 20 Apr 2008 20:03:16 -0400:
Options not allowed here
Please, by now you should know what this means, even after obstinately neglecting to look in the documentation.
Kai
-- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Date: Mon, 21 Apr 2008 14:12:20 +0530 From: indunil75@gmail.com To: centos@centos.org Subject: Re: [CentOS] Can't get .htaccess to work
pls click below URL
http://openwebmail.org/openwebmail/download/redhat/howto/htaccess/HOWTO.HTML
Thank you Indunil Jayasooriya _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
IT WORKS! Thanks so much Indunil! Been trying to get this to work for days, worked on my Centos 5.1 box (by substituting in my correct directory paths) Success finally!
Pam
_________________________________________________________________ Make i'm yours. Create a custom banner to support your cause. http://im.live.com/Messenger/IM/Contribute/Default.aspx?source=TXT_TAGHM_MSN...
Date: Mon, 21 Apr 2008 14:12:20 +0530 From: indunil75@gmail.com To: centos@centos.org Subject: Re: [CentOS] Can't get .htaccess to work
pls click below URL
http://openwebmail.org/openwebmail/download/redhat/howto/htaccess/HOWTO.HTML
On Mon, Apr 21, 2008 at 2:01 PM, Kai Schaetzl maillists@conactive.com wrote:
325D7E3D9AFA5814F1ABE8C8E10@phx.gbl> X-Rcpt-To: centos@centos.org
Pam Astor wrote on Sun, 20 Apr 2008 20:03:16 -0400:
Options not allowed here
Please, by now you should know what this means, even after obstinately neglecting to look in the documentation.
Kai
-- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
IT WORKS! Thanks so much Indunil! Been trying to get this to work for days, worked on my Centos 5.1 box (by substituting in my correct directory paths) Success finally!
Pam
_________________________________________________________________ Spell a grand slam in this game where word skill meets World Series. Get in the game. http://club.live.com/word_slugger.aspx?icid=word_slugger_wlhm_admod_april08
Kai Schaetzl wrote:
Options not allowed here
Please, by now you should know what this means, even after obstinately neglecting to look in the documentation.
But oddly enough, the documentation does say that the Options directive is permitted in .htaccess context: http://httpd.apache.org/docs/2.2/mod/core.html#options
Les Mikesell wrote on Mon, 21 Apr 2008 07:39:24 -0500:
But oddly enough, the documentation does say that the Options directive is permitted in .htaccess context:
Yes, I was wondering about that myself, I think it is not correct. But "None" is not an Option, anyway. He/She should just remove that line.
Kai
Kai Schaetzl wrote:
Les Mikesell wrote on Mon, 21 Apr 2008 07:39:24 -0500:
But oddly enough, the documentation does say that the Options directive is permitted in .htaccess context:
Yes, I was wondering about that myself, I think it is not correct. But "None" is not an Option, anyway. He/She should just remove that line.
Again, oddly enough, the stock Centos http.conf contains in one place: # Possible values for the Options directive are "None", "All",
and in another: # <Directory "/var/www/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory>
Isn't there an old joke that when the documentation and code differ they are probably both wrong?
Les Mikesell wrote on Mon, 21 Apr 2008 10:00:48 -0500:
Isn't there an old joke that when the documentation and code differ they are probably both wrong?
;-)
Kai
Jim, you forget that he's using .htaccess, the above cannot work there. He > has to leave that out.> > Pam: if you can access the directory just fine this does *not* mean that > you misconfigured your .htaccess file (although it looked like that as > well), it means it is not getting used at all. An .htaccess file that is > not allowed by server config or that contains wrong configuration throws a > 500 Internal Server Error. You have also been told a while back I think > that you should look in the logs. Did you do that? I don't remember having > seen any response from you about that.> Do the following: place a single fake command like "this is a fake > command" in your .htaccess file and then access the directory. If you > don't get a 500 error, the file is not getting used. Which means next step > is to check your logs and your configuration why it's not getting used and > also double-check that it's in the correct directory and you access the > correct directory (as I don't know what content you have there this > content may either be identifying it uniquely or not).> > You should also read the Apache documentation at httpd.apache.org, it may > help you find that probably tiny mistake that you make, but we can't tell > you as we don't see all of the picture. You should also read up on how you > can achieve the password protection without an .htaccess file. This file > is completely unnecessary if you have access to the apache conf, anyway.
OK, I put the fake command in and now I'm getting an error via web page:
Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request.
Here are the last two log file entries for that httpd request:
12.34.567.89 - - [19/Apr/2008:13:46:23 -0400] "GET / HTTP/1.1" 500 61612.34.567.89 - - [19/Apr/2008:13:47:12 -0400] "GET / HTTP/1.1" 200 20 I Changed the IP's. I guess there were two seperate errors, the last error - even when I corrected and removed the fake command and reloaded, I could not access the site, so the second error indicates the fake message removed but all else being (supposedly) correct the same in the conf.d file. Then I deleted .htaccess and .htpasswd and now I can again access the site again.
_________________________________________________________________ Get in touch in an instant. Get Windows Live Messenger now. http://www.windowslive.com/messenger/overview.html?ocid=TXT_TAGLM_WL_Refresh...
On Sat, Apr 19, 2008 at 12:31 PM, Kai Schaetzl maillists@conactive.com wrote:
Jim Perrin wrote on Sat, 19 Apr 2008 10:16:54 -0400:
<Directory "/change/this">
Jim, you forget that he's using .htaccess, the above cannot work there. He has to leave that out.
I didn't really forget, I was thinking more of having it included directly in the vhost config inside conf.d/ since I consider .htaccess bad anyway. however I really didn't make that clear at all, as I was mixing info.
Good catch, and thanks for trying to keep my ramblings sane :-P
Pam Astor wrote:
The syntax for auth stuff changed between Apache 2.0 and 2.2 (which is used in CentOS 5). In particular, you'll need a AuthBasicProvider declaration:
http://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbasicprovider
Thans Paul, That's new news to me :)
For the OP, I believe it would be: <Location /secure> AuthType basic AuthName "private area" AuthBasicProvider file AuthDBMType file AuthDBMUserFile /home/mysite/.htpasswd Require valid-user
</Location>
Thanks,
OK I tried that and it still would not work, I am not prompted for a username or password on the site I want to protect.
Do I also need to add a new entry in httpd.conf or load a new apache module?
Are you sure your Location entry matched the URL path you use to reach it, not the path to the directory? You do need to restart httpd after putting this into httpd.conf.