porrier Posted September 19, 2015 Share Posted September 19, 2015 Hello! I notice a strange thing with the .htaccess file. Apache honours that file in the admin directory, but the entry about the login to the admin is ignored. ##### OSCOMMERCE ADMIN PROTECTION - BEGIN ##### AuthType Basic AuthName "osCommerce Online Merchant Administration Tool" AuthUserFile /my/path/to/admin/.htpasswd_oscommerce Require valid-user ##### OSCOMMERCE ADMIN PROTECTION - END ##### Even if set an own entry like AuthType Basic AuthName "Service" AuthUserFile /mypath/andreas.pwd Require user andreas it is ignored. Same when i copy this .htaccess file to the root of the shop www.mydomain.de/shop. If I copy the .htaccess file to any other directory in www.mydomain.de it works, I must authenticate. This is very strange and I don't understand, what's going on. Why are the directories of the shop not protected by this .htaccess file and every others are? The admin is not secured this way ;( Regards Andreas Link to comment Share on other sites More sharing options...
BrockleyJohn Posted September 19, 2015 Share Posted September 19, 2015 Are you sure you are actually changing the .htaccess files in those directories? Maybe you have existing files which are read-only and your ftp is not overwriting them. Check by using an editor in the server or hosting file manager to inspect the files. Contact me for work on updating existing stores - whether to Phoenix or the new osC when it's released. Looking for a payment or shipping module? Maybe I've already done it. Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x Link to comment Share on other sites More sharing options...
porrier Posted September 19, 2015 Author Share Posted September 19, 2015 Are you sure you are actually changing the .htaccess files in those directories? Maybe you have existing files which are read-only and your ftp is not overwriting them. Check by using an editor in the server or hosting file manager to inspect the files. I found the culprit tonight. Since I was installing the new shop on a OS with Apache 2.4.10, I had to deal with the new feature "Require" instead of the old "allow/deny" mechanism. Because I want to block some bots visiting the site I had set <FilesMatch "(.*)"> <RequireAll> Require all granted Require not env bad_bot </RequireAll> </FilesMatch> This disables the Auth base of the directory and subdirectories completly. I found no solution for this behavoir right now. I want to keep the env checking and don't want to loose the authentication mechanism. Regards Andreas Link to comment Share on other sites More sharing options...
BrockleyJohn Posted September 19, 2015 Share Posted September 19, 2015 I've not tried any of this but I think you can put the admin directory access protection in the top level htaccess file. At least, that's my reading of this page, and the authorization container example might give you some pointers http://httpd.apache.org/docs/trunk/mod/mod_authz_core.html Contact me for work on updating existing stores - whether to Phoenix or the new osC when it's released. Looking for a payment or shipping module? Maybe I've already done it. Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.