Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

entry in htaccess is ignored


porrier

Recommended Posts

Hello!

 

I notice a strange thing with the .htaccess file. Apache honours that file in the admin directory, but the entry about the login to the admin is ignored.

 

##### OSCOMMERCE ADMIN PROTECTION - BEGIN #####

AuthType Basic

AuthName "osCommerce Online Merchant Administration Tool"

AuthUserFile /my/path/to/admin/.htpasswd_oscommerce

Require valid-user

##### OSCOMMERCE ADMIN PROTECTION - END #####

 

Even if set an own entry like

 

AuthType Basic

AuthName "Service"

AuthUserFile /mypath/andreas.pwd

Require user andreas

 

it is ignored. Same when i copy this .htaccess file to the root of the shop www.mydomain.de/shop.

 

If I copy the .htaccess file to any other directory in www.mydomain.de it works, I must authenticate.

This is very strange and I don't understand, what's going on.

 

Why are the directories of the shop not protected by this .htaccess file and every others are?

 

The admin is not secured this way ;(

 

Regards

 

Andreas

Link to comment
Share on other sites

Are you sure you are actually changing the .htaccess files in those directories? Maybe you have existing files which are read-only and your ftp is not overwriting them. Check by using an editor in the server or hosting file manager to inspect the files.

Contact me for work on updating existing stores - whether to Phoenix or the new osC when it's released.

Looking for a payment or shipping module? Maybe I've already done it.

Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x

Link to comment
Share on other sites

Are you sure you are actually changing the .htaccess files in those directories? Maybe you have existing files which are read-only and your ftp is not overwriting them. Check by using an editor in the server or hosting file manager to inspect the files.

I found the culprit tonight. Since I was installing the new shop on a OS with Apache 2.4.10, I had to deal with the new feature "Require" instead of the old "allow/deny" mechanism.

 

Because I want to block some bots visiting the site I had set

 

<FilesMatch "(.*)">

<RequireAll>

Require all granted

Require not env bad_bot

</RequireAll>

</FilesMatch>

 

This disables the Auth base of the directory and subdirectories completly. I found no solution for this behavoir right now.

I want to keep the env checking and don't want to loose the authentication mechanism.

 

Regards

 

Andreas

Link to comment
Share on other sites

I've not tried any of this but I think you can put the admin directory access protection in the top level htaccess file.

 

At least, that's my reading of this page, and the authorization container example might give you some pointers

http://httpd.apache.org/docs/trunk/mod/mod_authz_core.html

Contact me for work on updating existing stores - whether to Phoenix or the new osC when it's released.

Looking for a payment or shipping module? Maybe I've already done it.

Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...