Guest Posted December 29, 2004 Posted December 29, 2004 I have been trying to secure my admin section with htaccess but I cannot make it work properly. When trying to enter the admin section I am asked for user name and password, which I enter, but I always get error messages after three attempts. In my apache server I have set allowoverride to all. Do I have to put anything else in my apache server? maybe the directory which I store the password?? In my .htaccess file I put in AuthName "closed section" AuthType Basic AuthUserFile /passwords/sitename/.htpasswd Require valid-user the password folder is directly in my c: I made my .htpasswd in notepad, saved it as .htpasswd (the name of the file, which is also a htpasswd file) In my .htpasswd file it put in encrypted user:password which I generated properly. What am I doing wrong here. I have been trying this for a while now and have been going in circles... Please, there must be someone who is willing to help me out with this one.
OceanRanch Posted December 29, 2004 Posted December 29, 2004 Did you restart apache after making the httpd.conf changes? Also change the authuserfile entry to include the c: drive. Tom
Guest Posted December 29, 2004 Posted December 29, 2004 Yes I did restart my apache server, I also tried including the full path in the htacces file, c:/passwords/sitename/.htpasswd still not working
OceanRanch Posted December 29, 2004 Posted December 29, 2004 I'm not sure if this is necessary (i don't have a windows based apache) c:/passwords/sitename/.htpasswd change to c:\passwords\sitename\.htpasswd Tom
Guest Posted December 29, 2004 Posted December 29, 2004 Nope, still not working :( also tried without c: not working either
OceanRanch Posted December 29, 2004 Posted December 29, 2004 I assume that the pop-up authentication window is showing the domain of "closed section". If not then something isn't correct in the apache http.conf because it isn't reading the .htaccess file. However if the pop-up is correct then the problem must be with the password file. Try re-creating it with the standard apache htpasswd.exe in the bin directory. Rememebr case sensitive passwords..... Sometimes getting .htacess stuff IS a real pain. If all else fails you can always install a contribution (admin access with levels) and bypass .htaccess. At least you'll be protected and can leisurely debug and get .htaccess stuff working. Tom
Guest Posted December 29, 2004 Posted December 29, 2004 thank you for your time. the pop up is correct. i have been trying out the htpasswd.exe without any results, i might try it some more. i have also tried some of the admin contributions wihout having them to work.
user99999999 Posted December 30, 2004 Posted December 30, 2004 You have to use htpasswrd.exe in the bin dir because it uses MD5. .htaccess file AuthName "closed section" AuthType Basic AuthUserFile c:/passwords/sitename/.htpasswd Require valid-user From the dos prompt c:\passwords\sitename>c:\apache\bin\htpasswd -bc .htpasswd username password
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.