Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

.htaccess help required


iucvivivi

Recommended Posts

I'm trying to secure the admin but I'm having a problem. I have uploaded .htaccess and .htpasswd and have chmod them correctly. When I try to visit http://www.mysite.com/admin/ the password box pops up and works correctly but when I visit http://www.mysite.com/admin/index.php (and other php files) the password box pops up but the admin still loads in the background. If I keep clicking cancel eventually the password box stops coming up and I'm able to access the admin without entering a password, however if I click a link in the admin the password box comes up and I can just keep clicking cancel to browse through the admin.

 

Can anybody help me fix this problem? I have searched and searched but cannot find any fix. I need to stop access to the files not just the directory. My webhost doesn't have a control panel so I'm writing it with Notepad and a uploading it via FTP.

 

My .htaccess looks like this:

 

AuthName "Admin"

AuthType Basic

AuthUserFile /s101/home4/mysite/admin/.htpasswd

Require user mysite

Link to comment
Share on other sites

  • 2 weeks later...

Hey guys, I am posting this information as it worked for me to password protect a directory on my E-Smith Server.

-------------------------------------------------------------------------------------

 

Password files:

1. Create the directory you want to password protect (example: private)

 

2.Create a file /home/e-smith/files/ibays/ibaysname/html/private/.htaccess in that directory that looks something like this using pico:

 

AuthName "Add your login message here."

AuthType Basic

AuthUserFile /home/e-smith/files/ibays/ibaysname/html/private/.htpasswd

AuthGroupFile /dev/null

<Limit GET POST>

require user name-of-user

</Limit>

 

*Note: In this case the "name-of-user" is the login name you wish to use for accessing the web site.

 

3.Create the password file /home/e-smith/files/ibays/ibaysname/html/private/.htpasswd using the program htpasswd:

 

htpasswd -c .htpasswd name-of-user

 

Apache configuration file:

 

Here is where the httpd.conf file is located on YES server: /etc/httpd/conf/httpd.conf

 

Default: This disables the processing of .htaccess files for the system.

 

<Directory />

AllowOverride None

</Directory>

 

or for a specified directory:

 

<Directory /home/e-smith/files/ibays/ibaysname/html>

AllowOverride None

</Directory>

 

Change to and/or specify directory to protect:

 

<Directory /home/e-smith/files/ibays/ibaysname/html/private>

AllowOverride All

</Directory>

 

OR

<Directory /home/e-smith/files/ibays/ibaysname/html/private>

AllowOverride AuthConfig

</Directory>

 

AllowOverride parameters: AuthConfig FileInfo Indexes Limits Options

 

I used this in my httpd.conf:

<Directory /home/e-smith/files/ibays/ibaysname/html/private>

AllowOverride All

</Directory>

 

And then there was Success!!!!!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...