|
Home > Archive > Apache Server configuration support > February 2006 > .htpasswd and .htaccess password problems
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
.htpasswd and .htaccess password problems
|
|
| jmroach 2006-02-26, 11:24 am |
| Ok, i have tried a ton of stuff, but can't seem to get password
protection working on a website.
here's what i have so far:
/Library/WebServer/Documents/web/.htaccess
---
AuthName "Login"
AuthType Basic
AuthUserFile /Library/WebServer/Documents/.htpasswd
AuthGroupfile /dev/null
require user friends
---
/Library/WebServer/Documents/.htpasswd
---
friends:MSg7LpjK8YMIg
---
httpd.conf
---
....
<Directory /Library/WebServer/Documents/web>
AllowOverride All
</Directory>
....
---
jmroach.conf (which is also being read for some reason when i start
apache)
---
<Directory "/Library/WebServer/Documents">
AllowOverride All
</Directory>
AccessFileName .htaccess
---
apachectl start yields:
Processing config directory: /private/etc/httpd/users/*.conf
Processing config file: /private/etc/httpd/users/jmroach.conf
i have edited all .conf files there (and grep'd to make sure) with:
AllowOverride All
I get no popup window asking for a password at any point. I should get
one when i try to access webpages located in ".../web", right?
any help on this would be greatly appreciated as i'm frusterated as
hell!
thanks,
-john
| |
| Robert Ionescu 2006-02-26, 11:24 am |
| jmroach wrote:
> httpd.conf
> ---
> ....
> <Directory /Library/WebServer/Documents/web>
Why don't you place your directives here inside this directory section
rater than using .htaccess files? Placing directives into the httpd.conf
is more efficient than checking and reading .htaccess files for each
request.
> AllowOverride All
Which means that now every module, which allows overriding directives in
..htaccess files, will check for .htaccess files. I don't understand
(from the performance point of view) why .htaccess files should be
preferred, if you can access the server config files...
> I get no popup window asking for a password at any point. I should get
> one when i try to access webpages located in ".../web", right?
The directives seems to be fine (but I would remove AuthGroupfile since
it's unused), and you don't have any 'Satisfy any' or ErrorDocument 401
http://example.com/some/file in place?
You must use
ErrorDocument 401 /some/file
instead, otherwise a 302 redirect but not a 401 authorization header
would be sent.
--
Robert
|
|
|
|
|