dailce Posted March 23, 2006 Posted March 23, 2006 Hello, My entire .htaccess file looks like this: AuthType Basic AuthName "Please Login" AuthUserFile /home/html/admin/.htpasswd <Limit GET POST> require user joeblow </Limit> <files ".htaccess"> order allow,deny deny from all </files> IF I type http://www.mywebsite.com/admin/ or https://www.mywebsite.com/admin/ THEN I can't get in and it works fine, and I get the error: ========================================= Authorization Required This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required. -------------------------------------------------------------------------------- Apache/1.3.33 Server at www.kicktrading.ca Port 443 ========================================= HOWEVER IF I type something like http://www.mywebsite.com/admin/index.php or https://www.mywebsite.com/admin/customers.php, THEN it does not work properly. The Login box will popup and if I press cancel I can still access the php page, the only thing not working in the php pages are the images, but you can still modify or change setting and viw information. Is this a bug or do I need to add something to the .htaccess file?
custodian Posted March 23, 2006 Posted March 23, 2006 AuthType Basic AuthName "Please Login" AuthUserFile /home/html/admin/.htpasswd <Limit GET POST> require user joeblow </Limit> <files ".htaccess"> order allow,deny deny from all </files> Try something a little more simplified AuthType Basic AuthName "Please Login" AuthUserFile /home/html/admin/.htpasswd Require user joeblow btw is /home/html/admin/ really your full path? or is it something like /home/dailce/admin/.htpasswd ? BTW: for added security, place the password file one directory higher than your public web dir Example My web doc root would be /home/henry/public_html this is where my catalog index.php would be /home/henry/public_html/admin this is where my admin files would be including my .htaccess file In this .htaccess file my password file would be set to AuthUserFile /home/henry/passwords NO one in the world can see anything higher than my public_html folder (in your case the html folder), so they'd never be able to access it - unless the hack into the actual server (in which case they don't need the password file anyway) So in your .htaccess file in your admin folder would be something like this AuthType Basic AuthName "Please Login" AuthUserFile /home/htpasswd Require user joeblow and then in your /home/ directory you would have your htpasswd file. Also note that you do not need a . in front of the password file, some people do that in order to hide the file and other do it to relate it to the .htaccess file. - but if it is in a no webspace directory (like /home/ ) the . serves no purpose My Contributions Henry Smith
Avec Posted March 23, 2006 Posted March 23, 2006 I would say that your AuthUserFile path is not correct. The path gotten from a script like path.php does not give the correct path for .htaccess and .htpasswd use, it does not go deep enough. For example, using path.php I get /home/httpd/vhosts/mydomain.com/httpdocs but the path needed in .htaccess is /usr/local/psa/home/vhosts/mydomain.com/httpdocs/ Check this first, then see if it is securing correctly.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.