Help - Search - Members - Calendar
Full Version: .htaccess Protection
Linuxhelp > Support > Technical Support
ctchong
I have found the below help file
----------------------------------------------------------------
Setting Up htaccess by Joey.
Created on September 19th, 2003.
Last updated on September 19th, 2003.

htaccess can be used in co-ordination with the Apache web server to password protect certain files and directories on your web server.

This document assumes that you have Apache already set up and running correctly. If this is not the case please visit http://www.linuxhelp.ca/guides/apache/ for help with installing and configuring Apache.

For my own sanity I'm going to assume that you followed the Apache Setup Guide on our site and that you have apache installed at /usr/local/apache and your HTML documents are located in /usr/local/apache/htdocs. Now let's say you have a directory called admin in /usr/local/apache/htdocs and you would like to password protect it and give certain users access. The first thing you need to do is open up your httpd.conf file and find the section that looks similar to this:

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>

Once you've found the similar lines in your httpd.conf you can add the following section underneath it:

<Directory "/usr/local/apache/htdocs/admin">
AllowOverride AuthConfig
Options Indexes FollowSymLinks Includes
Order allow,deny
Allow from all
</Directory>

Once you've added the new section, save the httpd.conf file and restart apache. You can normally do this by running killall -HUP httpd as root. Now that the admin directory is properly configured for htaccess you'll need to set up the .htaccess and .htpassword files.

Change into the directory you want to protect (for this guide we are using /usr/local/apache/htdocs/admin) and create a file called .htaccess. To do this you can run touch .htaccess in the directory. Now open up the file with a text editor (nano, pico, vi, joe etc) and enter in the following lines:

AuthUserFile /usr/local/apache/htdocs/admin/.htpasswd
AuthName "Authorization Required"
AuthType Basic
require valid-user

The AuthUserFile directive containts the path to the password file that users will be authenticated against.

AuthName is the message that will appear on the login prompt. The default is Authorization Required but you can change this to whatever you like.

AuthType selects the type of user authentication that will be used. You can leave this as Basic

require let's all the valid users in the .htpasswd file access the directory.

Once your .htaccess file is set up, save and exit the file. You must now create the .htpasswd file. To do this you can use the htpasswd program that comes Apache. If you followed the Apache Guide, htpasswd should be located in /usr/local/apache/bin. If not you can run updatedb as root and then type locate htpasswd to find it.

To create the initial .htpasswd file you must use the -c flag. As root run:

htpasswd -c /usr/local/apache/htdocs/admin/.htpasswd username

Don't forget to change the directory .htpasswd will be located in. The above is set up for securing /usr/local/apache/htdocs/admin. As well change username to whatever username you want to use to log in. It will then prompt you for a password. The next time you add a user you can drop the -c flag since it is only used for the inital creation of the file.

If you haven't already restarted your Apache web server now is the time to do so. Once that has been taken care of, open up a web browser and try to access http://www.yourdomain.com/admin/ and see if it prompts you for a password. If something goes wrong check the Apache error log file.

Having trouble? Got questions? Require further assistance? If so please feel free to visit our Help Forums and ask the experts!

------------------------------------------------------------------------------------------------------------------------

I have follow all the way that the above help, and found that my apache server run ok, I can create username & passwd by the way its mension, I can find .htaccess & .htpasswd files in my dircetory

when the first time I point to http://192.168.100.11/cgi-bin/test/index.php
(my DocumentRoot is "/var/www")
it prompted me to key in username & password as normal. but after I have keyin & press ok
the browser gave me "Internal server error"

I look for the error.log in apache, It told me "Permission deined,......exec of /var/www/cgi-bin/test/index.php failed" , "Permature end of script headers /var/www/cgi-bin/test/index.php"

any one could tell me whats happenning?

Regards,

C.T.Chong
DS2K3
Sounds like maybe the permissions on the file are not letting Apache read it.

Make sure that either, Apache (httpd?) is the file's owner, or that the file is world-readable.

Is PHP installed as a CGI? if not, it's probably best to keep PHP scripts outside the cgi-bin

D
cagey cretin
I still have Joey's tutorial for this; I found it very clear and helpful.

Are you sure you have the correct path to cgi-bin in httpd.conf?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.