Posted by: czwief Jun 2 2009, 10:16 AM
Hi everyone,
I'm trying to password protect a couple of webpages on my server. I'm creating a sample website where I work to give advertisers an easy place to look at stuff we've done for them. Can someone help me figure out what I'm doing wrong here? The website is here: http://www.tc.umn.edu/~zwief005
Here are the codes for a couple of the pages...
Under the "qwest" directory, here's the .htaccess:
CODE
AuthType Basic
AuthName "restricted area"
AuthUserFile \protect\qwest\.htpasswd
require qwest
And the qwest .htpasswd:
CODE
qwest:qwest
Dodge's .htaccess:
CODE
AuthType Basic
AuthName "restricted area"
AuthUserFile \~zwief005\protect\dodge\.htpasswd
require valid-user
Dodge's .htpasswd:
CODE
dodge:dodge
If you need any more information, please let me know. Thanks in advance!
Posted by: pandy Jun 2 2009, 10:43 AM
The Dodge's one looks correct, except you should use the absolute path to the pw file and the slashes are slanted in the wrong direction.
The absolute path on Linux could (but mustn't) look something like /home/sites/you/somedirectory/.htpasswd . It's the path from the root, same as C:\... on Windows.
Also, the passwords should be encrypted in the .htpasswd file.
This walkthrough looks as good as any. There's a link to an encryption tool to.
http://www.javascriptkit.com/howto/htaccess3.shtml
Posted by: czwief Jun 2 2009, 11:25 AM
QUOTE(pandy @ Jun 2 2009, 10:43 AM)
The Dodge's one looks correct, except you should use the absolute path to the pw file and the slashes are slanted in the wrong direction.
The absolute path on Linux could (but mustn't) look something like /home/sites/you/somedirectory/.htpasswd . It's the path from the root, same as C:\... on Windows.
Also, the passwords should be encrypted in the .htpasswd file.
This walkthrough looks as good as any. There's a link to an encryption tool to.
http://www.javascriptkit.com/howto/htaccess3.shtml
Thanks, that was helpful. However, it still isn't working -- I think I found the absolute path to the file in Dreamweaver, but it's still not exactly working. Here's what I've edited it to (only doing Qwest's for convenience sake):
CODE
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/z/zwief005/web-docs/protect/qwest/.htpasswd
AuthGroupFile /dev/null
require valid-user
That's .htaccess. Here's .htpasswd:
CODE
west:rAmVmwS842YPE
Is it possible that's not the absolute path? I found that path in Dreamweaver when I expanded to show both the local and remote sites. Once you see "/protect/qwest/.htpasswd," that's the directory I created for it.
Once again, you can test this out http://www.tc.umn.edu/~zwief005
Posted by: pandy Jun 2 2009, 12:50 PM
Looks like a likely path. To be sure, copy the below to a new document, name it something.shtml and upload it to the same folder where you have the .htpasswd. It's accessible from the web, right? Then call the new file up in your browser and you should see the server path on the last line. I included the the lines on top just so you can see what each SSI directive does.
CODE
<html>
<head>
<title></title>
</head>
<body>
DOCUMENT_ROOT: <!--#echo var="DOCUMENT_ROOT" --><br>
DOCUMENT_URI: <!--#echo var="DOCUMENT_URI" -->
<br><br>
DOCUMENT_ROOT+DOCUMENT_URI:<br>
<!--#echo var="DOCUMENT_ROOT" --><!--#echo var="DOCUMENT_URI" -->
</body>
</html>
Posted by: czwief Jun 2 2009, 02:06 PM
QUOTE(pandy @ Jun 2 2009, 12:50 PM)
Looks like a likely path. To be sure, copy the below to a new document, name it something.shtml and upload it to the same folder where you have the .htpasswd. It's accessible from the web, right? Then call the new file up in your browser and you should see the server path on the last line. I included the the lines on top just so you can see what each SSI directive does.
CODE
<html>
<head>
<title></title>
</head>
<body>
DOCUMENT_ROOT: <!--#echo var="DOCUMENT_ROOT" --><br>
DOCUMENT_URI: <!--#echo var="DOCUMENT_URI" -->
<br><br>
DOCUMENT_ROOT+DOCUMENT_URI:<br>
<!--#echo var="DOCUMENT_ROOT" --><!--#echo var="DOCUMENT_URI" -->
</body>
</html>
I did that and found out the paths were different. However it still didn't work -- the username/password popup worked just fine but when I entered in either username/password combo it didn't work (dodge/dodge and qwest/qwest). Any ideas? Could it be the University's server I'm hosting it on?
Here's the code for .htaccess now:
CODE
AuthType Basic
AuthName "restricted area"
AuthUserFile /var/opt/apache/docs/~zwief005/protect/dodge/.htpasswd
require valid-user
Posted by: pandy Jun 2 2009, 02:21 PM
Don't know, but I don't think so. If you weren't allowed to use it I don't think you would get the prompt.
BTW I move this to the Web Server Configuration forum.
Posted by: imort Jun 18 2016, 07:45 AM
QUOTE(czwief @ Jun 2 2009, 09:16 PM)
Dodge's .htpasswd:
CODE
dodge:dodge
If you need any more information, please let me know. Thanks in advance!
Hey
You need to provide the user password hash in the .htpasswd file instead of plain text password.
Take a look here for the usable tool: http://www.htaccesstools.com/htpasswd-generator/
You also need to use the absolute path to the file and make sure that apache has read permissions to this file too.
Check which user the apache process is running by and check file permissions.
You can also change the file owner to that user to keep it simple.