PDA

View Full Version : Password protected directory help



devospice
02-24-2007, 09:26 AM
I installed Web Password Administration so I can password protect some directories. The directories are on other sites that I've set up on my account. The domain is working fine otherwise.

Let's call the directory I want to protect "dir". When setting up the password protection I typed in:
http://www.thefump.com/dir

And got the following error:

"The domain you entered does not exist in your Apache configuration file. Please go back and enter a URL you have authority for. "

After checking the Apache config file and confirming that thefump.com was set up properly it occurred to me that maybe I have to do it without the www. So I typed in:
http://thefump.com/dir

That worked. The domain showed up listed below with one user.

However, when testing access to the directory I was not prompted for a password.

Both
http://www.thefump.com/dir/somefile and
http://thefump.com/dir/somefile

gave me full access to the file. It never prompted me for a password.

What am I doing wrong?

- Tom

wildjokerdesign
02-24-2007, 10:14 AM
Check and see if there is a .htaccess file in the directory. If not see if perhaps your main domain has a directory of the same name with a .htaccess file.

devospice
02-27-2007, 08:38 AM
There IS an .htaccess file in the folder. However, looking at its contents I see there may be a problem.

AuthUserFile /home/virtual/site50/fst/var/www/.htpasswd
AuthGroupFile /home/virtual/site50/fst/var/www/.htgroup
AuthName "purchased FuMPs"
AuthType Basic
<Limit GET POST>
require group customers
</Limit>

The path /home/virtual/site50/fst/var/www/.htpasswd doesn't exist as far as I can tell. The path to the folder I'm trying to protect is /var/www/vhosts/thefump/protecteddir.

(protecteddir isn't the real name of the folder but I don't want to post it on a public forum.)

And there is no .htgroup file in that folder. My home directory has 2 folders in it, "fidim" and "www." That's it. No "virtual" anywhere.

Any ideas?

- Tom

wildjokerdesign
02-28-2007, 07:44 AM
Have you asked WH support about this? It might be worth submiting a ticket on this since they well be able to actually look at your account and the directories in question. I have not used the program for some time now so I can't remember where the .htpasswd and .htgroup files are written to with the main domain but that would be a clue to what might be happening.

rolling
02-28-2007, 01:00 PM
The file .htpasswd contains a list of users and their passwords of the form
username:encrypted_password

The file .htgroup contains a list of groups with members separated by a space. For example:
groupname: username1 username2

You create the password file by running the command htpasswd as detailed here (http://httpd.apache.org/docs/1.3/programs/htpasswd.html)

jalal
02-28-2007, 01:07 PM
There IS an .htaccess file in the folder. However, looking at its contents I see there may be a problem.

Any ideas?

- Tom

Maybe Apache isn't looking for the .htaccess file?
You need to have
AllowOverride Authconfig
in the httpd.conf for that site.

devospice
03-14-2007, 12:18 PM
I just found the solution in the other thread. I'm reposting it here for anyone else in the same situation.

1. Download the httpd.conf file which can be found in the /etc/httpd/conf directory.
2. Search for this line:
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>

3. Change the None to All so it looks like this:
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>

4. Re-upload this file.
5. Restart Apache, or your VPM.

That's all it took for me.

->Later.....Spice

wildjokerdesign
03-15-2007, 07:51 AM
Where did you find that? I would not think that would be such a great idea! Better to allow this just for the "web root" of the site in question.

WestHost - DWinans
04-22-2007, 05:35 AM
Devospice,

WebPassword creates .htaccess files which it inputs into the directories you specify upon creation. However Apache is not configured by default to look in all directories for .htaccess files and read them. While the fix suggested will work, you will probably want to configure apache to read .htaccess files only on the specific directories you need them on. Which is more secure.

Sincerely,

David Winans
Technical Support
WestHost Inc.

When you expect more from your web host
http://www.westhost.com/