htaccess problem

htaccess problem

Post by Pound Pupp » Fri, 06 Aug 1999 04:00:00



I cannot seem to restrict access via htaccess.  I have used this method
with other servers with no trouble.  This is my first experience with
Apache.  I am using apache_1.3.6-rs6000-ibm-aix4.2 on AIX 4.2.1.0 and I
downloaded this precompiled binary from apache.org.  Otherwise the
server is up, and running fine.  But I am never asked to enter a userid
and password, and I am taken immediately to the directory I want to
restrict.

Here are (what I think are) the relevant lines from my httpd.conf:

#    AllowOverride None
AllowOverride All

# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>

Here is my .htaccess file:

AuthUserFile /usr/local/apache/htdocs/secure/.htpasswd
AuthGroupFile /usr/local/apache/htdocs/secure/.htgroup
AuthName ByPassword
AuthType Basic

require group ems

Here is my htgroups file:

ems: hfarkas

I used htpasswd to create a new password file.

I will check this group, but it would be very helpful to get the

be both helpful and appreciated.

Thank you!

 
 
 

htaccess problem

Post by Joshua Sliv » Sat, 07 Aug 1999 04:00:00



> I cannot seem to restrict access via htaccess.  I have used this method
> with other servers with no trouble.  This is my first experience with
> Apache.  I am using apache_1.3.6-rs6000-ibm-aix4.2 on AIX 4.2.1.0 and I
> downloaded this precompiled binary from apache.org.  Otherwise the
> server is up, and running fine.  But I am never asked to enter a userid
> and password, and I am taken immediately to the directory I want to
> restrict.
> Here are (what I think are) the relevant lines from my httpd.conf:
> #    AllowOverride None
> AllowOverride All
> # Controls who can get stuff from this server.
> #
> Order allow,deny
> Allow from all
> </Directory>

Everything looks right on first blush.  However, since it seems your
.htaccess file isn't being read, you likely have the AllowOverride
directive in the wrong scope in your config file.  Why don't you just
put the auth directives in a <Directory> section of the main config,
and not bother with .htaccess?

--
Joshua Slive

http://finance.commerce.ubc.ca/~slive/

 
 
 

htaccess problem

Post by Henry LeRoy Miller, Jr » Tue, 10 Aug 1999 04:00:00


Joshua -

Your response intrigued me.



> > Here are (what I think are) the relevant lines from my httpd.conf:

> > #    AllowOverride None
> > AllowOverride All

> > # Controls who can get stuff from this server.
> > #
> > Order allow,deny
> > Allow from all
> > </Directory>

> Everything looks right on first blush...
> Why don't you just
> put the auth directives in a <Directory> section of the main config,
> and not bother with .htaccess?

A reason that I have run across recently is that I wish to run several
versions
of the Apache server - one as the "release" version, which is working in
ways
I mostly understand, and another that is my "testing" version, as I try to
compile
in the various modules (such as mod_perl, ssl, suexec, etc.).

I also have 3 web trees to which I refer, wwwRelease, wwwTest, and
wwwConstruction.
These allow me to keep my service accessible, while testing with one server
or
constructing some new branches on a tree.

Instead of having to edit all the per directory directives in each new
httpd.conf file,
including auth directives, I've thought to use the .htaccess methodology to
create the access permissions on a more permanent basis, requiring only that
I
point to the top of web tree (DirectoryRoot) and enable AllowOveride All.

Do you see any problems or inherent dumbness to this scenario?  I'm fairly
new
to running Apache, and trying to keep myself from constantly spending time
reviewing config files and fixing what I've broken while attempting to learn
more
about Apache.

Thanks for your attention,
Henry Miller

 
 
 

htaccess problem

Post by Joshua Sliv » Tue, 10 Aug 1999 04:00:00




>> Why don't you just
>> put the auth directives in a <Directory> section of the main config,
>> and not bother with .htaccess?
> Instead of having to edit all the per directory directives in each new
> httpd.conf file,
> including auth directives, I've thought to use the .htaccess methodology to
> create the access permissions on a more permanent basis, requiring only that
> I
> point to the top of web tree (DirectoryRoot) and enable AllowOveride All.
> Do you see any problems or inherent dumbness to this scenario?  I'm fairly
> new
> to running Apache, and trying to keep myself from constantly spending time
> reviewing config files and fixing what I've broken while attempting to learn
> more
> about Apache.

No, there is no serious problem with this.  It may be slightly slower
since .htaccess files are read at request time instead of when the
daemon is started.  I tend to suggest not using .htaccess because it
seems many people assume (because of the filename or beause they are
sticking close to the examples) that all access directives MUST be put
in .htaccess, even when they have no good reason for it.  In the
general case, it seems simpler to just put everything in the
httpd.conf.  Then you can easily see all your config directives, and
you don't have to worry about correct settings of AllowOverride.  If
you have some reason for using .htaccess (the most common being that
you want to give individual users control over their own directory
structures), then there is no reason to avoid it.

On the other hand, your problem could also be solved by having one
DirectoryAccess.conf file which you "Include" (see the Include
directive) in each httpd.conf.  I think you get all the same
advantages without the performance hit of .htaccess.

--
Joshua Slive

http://finance.commerce.ubc.ca/~slive/

 
 
 

htaccess problem

Post by andre.. » Wed, 11 Aug 1999 04:00:00


Hi,

I'm trying to about the same, however my need is
to give individual users control over what they
protect. Could anyone shed some light on how to
accomplish this?  My http.conf has the following
relevant lines:

<Directory /*/public_html>
        Options Indexes FollowSymLinks
        AllowOverride All
</Directory>

The .htaccess file is as follows:

AuthUserFile /home/userxxx/.htpasswd
AuthGroupFile /dev/null
AuthName Test
AuthType Basic
<Limit GET>
        require user xxx
</Limit>

The .htpasswd was created with htpasswd.  I'm
using linux 2.2.36 with apache 1.3.6.  The server
simply does not authenticate anything.  Thanks for
any help!  Please e-mail your response as well.

Andre'

Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.

 
 
 

htaccess problem

Post by Joshua Sliv » Wed, 11 Aug 1999 04:00:00



> <Directory /*/public_html>

In Directory blocks, "*" does not match "/", so you probably want
something closer to <Directory /home/*/public_html>.

Quote:> <Limit GET>
>    require user xxx
> </Limit>

The <Limit GET> and </Limit> lines are unnecessary and a possible
security hazard.  Do you really want to allow full access for PUT,
DELETE, POST, etc?  Just leave them out to block all methods.

--
Joshua Slive

http://finance.commerce.ubc.ca/~slive/

 
 
 

htaccess problem

Post by Henry LeRoy Miller, Jr » Wed, 11 Aug 1999 04:00:00


Thanks Joshua!



> > Do you see any problems or inherent dumbness to this scenario?  ...

> No, there is no serious problem with this.  It may be slightly slower
> since .htaccess files are read at request time instead of when ....

> On the other hand, your problem could also be solved by having one
> DirectoryAccess.conf file which you "Include" (see the Include
> directive) in each httpd.conf.  I think you get all the same
> advantages without the performance hit of .htaccess.

I think this is just the elegant solution that I was looking for!  I was a little
concerned
about the time hit with the .htaccess method, and in general, prefer maintaining
one file with 10 sections over maintaining 10 files with 1 section each.

Henry Miller

 
 
 

1. htaccess problems

Hi All,

After building numerous Apaches (1.3.19) on my test server (solaris 2.6)
I finally went into production only to discover that my prod build
htaccess isn't working, but is on my 2 test servers.  After much sweat I
can't figure out why.  My conf is the default with only minor changes.
Here are the applicable parts:

<Directory "/prd/ema2/apache/share/htdocs">

#
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
    Options Indexes FollowSymLinks MultiViews

#
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
#
#AllowOverride all
        AllowOverride All

#
# Controls who can get stuff from this server.
#
    Order allow,deny
    Allow from all
</Directory>

#
# AccessFileName: The name of the file to look for in each directory
# for access control information.
#
AccessFileName .htaccess

And the contents of my .htaccess file is:

AuthType Basic
AuthName "test"
AuthUserFile /prd/ema2/apache/etc/test.users
Require user joeblow

Any help is *very* appreciated.

Thanks!
Kris

2. Problems installing glibc -- I'm almost there, but not quite

3. htaccess problem

4. Exchange server for linux

5. .htaccess problem

6. USR Modem

7. .htaccess problem?

8. Can I execute PHP-script from different server?

9. .htaccess Problem...

10. .htaccess problem: numerical ips work, names do not

11. .htaccess problems (Server error 500)

12. Q: Apache and .htaccess problems

13. NCSA 1.4.2 - .htaccess problem