Help - Search - Members - Calendar
Full Version: Trying to password protect webpages
HTMLHelp Forums > Programming > Web Server Configuration
czwief
Jun 2 2009, 10:16 AM
Hi everyone,

I'm trying to password protect a couple of webpages on my server. I'm creating a sample website where I work to give advertisers an easy place to look at stuff we've done for them. Can someone help me figure out what I'm doing wrong here? The website is here: http://www.tc.umn.edu/~zwief005

Here are the codes for a couple of the pages...

Under the "qwest" directory, here's the .htaccess:
CODE
AuthType Basic
AuthName "restricted area"
AuthUserFile \protect\qwest\.htpasswd
require qwest


And the qwest .htpasswd:
CODE
qwest:qwest


Dodge's .htaccess:
CODE
AuthType Basic
AuthName "restricted area"
AuthUserFile \~zwief005\protect\dodge\.htpasswd
require valid-user


Dodge's .htpasswd:
CODE
dodge:dodge


If you need any more information, please let me know. Thanks in advance!
pandy
Jun 2 2009, 10:43 AM
The Dodge's one looks correct, except you should use the absolute path to the pw file and the slashes are slanted in the wrong direction.
The absolute path on Linux could (but mustn't) look something like /home/sites/you/somedirectory/.htpasswd . It's the path from the root, same as C:\... on Windows.

Also, the passwords should be encrypted in the .htpasswd file.

This walkthrough looks as good as any. There's a link to an encryption tool to.
http://www.javascriptkit.com/howto/htaccess3.shtml
czwief
Jun 2 2009, 11:25 AM
QUOTE(pandy @ Jun 2 2009, 10:43 AM) *

The Dodge's one looks correct, except you should use the absolute path to the pw file and the slashes are slanted in the wrong direction.
The absolute path on Linux could (but mustn't) look something like /home/sites/you/somedirectory/.htpasswd . It's the path from the root, same as C:\... on Windows.

Also, the passwords should be encrypted in the .htpasswd file.

This walkthrough looks as good as any. There's a link to an encryption tool to.
http://www.javascriptkit.com/howto/htaccess3.shtml


Thanks, that was helpful. However, it still isn't working -- I think I found the absolute path to the file in Dreamweaver, but it's still not exactly working. Here's what I've edited it to (only doing Qwest's for convenience sake):

CODE
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/z/zwief005/web-docs/protect/qwest/.htpasswd
AuthGroupFile /dev/null
require valid-user

That's .htaccess. Here's .htpasswd:
CODE
west:rAmVmwS842YPE


Is it possible that's not the absolute path? I found that path in Dreamweaver when I expanded to show both the local and remote sites. Once you see "/protect/qwest/.htpasswd," that's the directory I created for it.

Once again, you can test this out here.
pandy
Jun 2 2009, 12:50 PM
Looks like a likely path. To be sure, copy the below to a new document, name it something.shtml and upload it to the same folder where you have the .htpasswd. It's accessible from the web, right? Then call the new file up in your browser and you should see the server path on the last line. I included the the lines on top just so you can see what each SSI directive does. wink.gif

CODE

<html>

<head>
<title></title>
</head>


<body>

DOCUMENT_ROOT: <!--#echo var="DOCUMENT_ROOT" --><br>
DOCUMENT_URI: <!--#echo var="DOCUMENT_URI" -->
<br><br>
DOCUMENT_ROOT+DOCUMENT_URI:<br>
<!--#echo var="DOCUMENT_ROOT" --><!--#echo var="DOCUMENT_URI" -->

</body>
</html>
czwief
Jun 2 2009, 02:06 PM
QUOTE(pandy @ Jun 2 2009, 12:50 PM) *

Looks like a likely path. To be sure, copy the below to a new document, name it something.shtml and upload it to the same folder where you have the .htpasswd. It's accessible from the web, right? Then call the new file up in your browser and you should see the server path on the last line. I included the the lines on top just so you can see what each SSI directive does. wink.gif

CODE

<html>

<head>
<title></title>
</head>


<body>

DOCUMENT_ROOT: <!--#echo var="DOCUMENT_ROOT" --><br>
DOCUMENT_URI: <!--#echo var="DOCUMENT_URI" -->
<br><br>
DOCUMENT_ROOT+DOCUMENT_URI:<br>
<!--#echo var="DOCUMENT_ROOT" --><!--#echo var="DOCUMENT_URI" -->

</body>
</html>



I did that and found out the paths were different. However it still didn't work -- the username/password popup worked just fine but when I entered in either username/password combo it didn't work (dodge/dodge and qwest/qwest). Any ideas? Could it be the University's server I'm hosting it on?

Here's the code for .htaccess now:

CODE
AuthType Basic
AuthName "restricted area"
AuthUserFile /var/opt/apache/docs/~zwief005/protect/dodge/.htpasswd
require valid-user
pandy
Jun 2 2009, 02:21 PM
Don't know, but I don't think so. If you weren't allowed to use it I don't think you would get the prompt.


BTW I move this to the Web Server Configuration forum.
imort
Jun 18 2016, 07:45 AM
QUOTE(czwief @ Jun 2 2009, 09:16 PM) *

Dodge's .htpasswd:
CODE
dodge:dodge

If you need any more information, please let me know. Thanks in advance!


Hey

You need to provide the user password hash in the .htpasswd file instead of plain text password.
Take a look here for the usable tool: http://www.htaccesstools.com/htpasswd-generator/

You also need to use the absolute path to the file and make sure that apache has read permissions to this file too.
Check which user the apache process is running by and check file permissions.
You can also change the file owner to that user to keep it simple.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2024 Invision Power Services, Inc.