Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    New to the CF scene
    Join Date
    Jul 2004
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question .htaccess password protection problems

    1-Okay....I am attempting to use .htaccess to password protect a certain page on my website. I have both the .htaccess and .htpasswd files uploaded to the same directory, which also holds the test.html file I would like to protect. When I load the test.html page it does pull up the Password dialog box with the username already in place but when I type in the password and hit enter it just pops right back up at me. Does anyone know what I am doing wrong?

    2-When doing some research on htaccess I found that for security issues you should not put these files in a directory but above the root directory...

    "For security, you should not upload the htpasswd file to a directory that is web accessible (yoursite.com/.htpasswd), it should be placed above your www root directory...."

    and also... "and the other is through an htaccess series of commands that prevents itself from being accessed by a browser."

    How exactly do I put these above the root directory?

    Thanks!
    -Brent

  • #2
    New to the CF scene
    Join Date
    Jul 2004
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hello

    With the facts that you have described, I have these assumtions:
    1) your .htpasswd file is corrupted. Let me remind you: .htpasswd file has to have the form:

    <user>:<passwd>
    ...

    where <user> is username and <passwd> is encrypted password (for Apache for Unix/Linux with Crypt Algorithm, for Apache for Windows with MD5)

    2) You do not have appropriate Require directive.
    You should have one ofthe following in your .htaccess file:
    Require user joe
    or
    Require group people
    or simply:
    Require valid-user

    Cheers

  • #3
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,040
    Thanks
    10
    Thanked 92 Times in 90 Posts
    you say you uploaded your .htpasswd , if you created it on win32 then it probably sill not work on *NIX server (as they use a different algorithm to encrypt) , even from 1 *NIX server to another can have the same issues where both are configured to use different encryption routines.

    so create your .htpasswd using the .htpasswd program on your live machine , if you do not have shell access it may be possible to use PHP's exec() to pass the command
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)

  • #4
    New to the CF scene
    Join Date
    Jul 2004
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Well thanks guys for your input! I'm still having trouble though. Here's what I have:

    htpasswd file:
    brent:79UsD3f1mSTrA

    htaccess:
    AuthUserFile /test/.htpasswd
    AuthGroupFile /dev/null
    AuthName EnterPassword
    AuthType Basic

    require user brent

    Am I doing something wrong or is it what was mentioned above? If it is the above responses, how do I correct them?

    "so create your .htpasswd using the .htpasswd program on your live machine , if you do not have shell access it may be possible to use PHP's exec() to pass the command"

    How do I do this?

  • #5
    New to the CF scene
    Join Date
    Jul 2004
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    AuthUserFile /test/.htpasswd

    Is this the full path to your test directory? Because it has to be the full path from the root of the partition, not relativelly from the root of your web site.

    As for the propper encryption, it would help if you would tell which OS and web server you are using.

    Cheers

  • #6
    New to the CF scene
    Join Date
    Jul 2004
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    hoselouis-

    AuthUserFile /test/.htpasswd---->This is from www.boughtataprice.com/test/.htpasswd

    What is the root of the partition mean?

    Also...
    I am using WinXP on my laptop if that is what you mean. As for the server...I'm honestly not sure what's being run on it. When I get an error page it says "Apache/2.0.40 (Red Hat Linux)" at the bottom. I have hosting through www.websytz.com.

    Thanks!
    Last edited by bhoup; 07-16-2004 at 03:49 PM.

  • #7
    New to the CF scene
    Join Date
    Jul 2004
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    hm, that is what is actually wrong
    /test/.htpasswd is not valid path to your .htpasswd file. You should state the full path to your .htpasswd file.
    This means that you would have to ask your web hosting provider to tell you the full path to your web site's home dir. When they give it to you you will append the /test/.htpasswd to that, so you will have for example:

    AuthUserFile /home/sites/yourwebsite.com/wwwroot/test/.htpasswd

    Everything above is valid only in case that your web site is hosted on linux/unix Apache server.

    On your laptop, you can not use .htaccess if you do not have Apache installed. If you want to use .htaccess with IIS, you will need IISPassword.

    Cheers

  • #8
    New to the CF scene
    Join Date
    Jul 2004
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Cool

    Thanks for your response. I have made several attempts to fix this but was still unsuccessful. While in SmartFTP uploading I noticed the following directory structure:

    |boughtatprice.com
    ......|bin
    ......|cgi-bin
    ......|httpdocs
    ............|test


    I've tried:
    AuthUserFile /www/httpdocs/test
    AuthUserFile /www/boughtataprice.com/httpdocs/test
    AuthUserFile /httpdocs/test
    AuthUserFile /boughtataprice.com/httpdocs/test

    None of these have worked. Do you think that my root directory is still not correct?

    Thanks!
    Brent
    Last edited by bhoup; 07-21-2004 at 06:36 PM.

  • #9
    New to the CF scene
    Join Date
    Jul 2004
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Just bumping this to the top!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •