Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

htaccess question


Guest

Recommended Posts

I have got the htaccess working like a charm - but I am missing a feature and I would like to add it in - never had a call for this before so my knowledge is a little raw.

 

After 3 bad log in attempts, you get the following:

 

Authorization Required

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

 

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

 

NOTE the last line there, ErrorDocument - where would I set that document up to provide a theme fitting error page rather than the basic text page.

 

Is it in the htaccess file itself?

 

Thank you again for sharing your master knowledge.

Link to comment
Share on other sites

Lots of ways to do this. Here's one.

 

Add this to your .htaccess file all on one continuous line. NOTE that there is NO ending " at the end of the line. This one will give a customized screen when the user cancels out of the authorization prompt (401 code).

 

ErrorDocument 401 "<body bgcolor='#6666FF' text=white><p align=center><font size='+1' ><br><br><br><br><br><br>You have been denied access to this particular page.</font></p><p align=center><font size='+1' >Please contact xxxxx if you have any questions. </font></p></body>

 

HTH

Link to comment
Share on other sites

  • 3 months later...

I am having a situation where authentication isn't working for some reason with .htaccess/.htpasswd.

 

After reading the post immediately above mine, I put the recommended line into my .htaccess file. I figured that way, I'd get a different error than the regular system error I was getting and that would show me that at least my .htaccess file wasn't being ignored.

 

Sure enough, after three attempts to validate, I got the page specified in the .htaccess file.

 

I'm using the default .htaccess that came with the osCommerce download I used from yesterday. It contains "adjustments" for the SSL protocol.

 

I added the following lines, in addition to the one mentioned above:

 

AuthType Basic
AuthName "The Unspun Zone(tm) Store Administration Area"
AuthUserFile /theres/no/place/like/home/.htpasswd
Require rickeroo

 

(The AuthUserFile path has been changed here to protect the innocent.)

 

I'm also not sure at all that my SSL is configured correctly, since I'm still trying to learn how to do that.

 

I don't want to leave the admin directory open to the world. Any ideas on what's going wrong with my .htaccess/.htpasswd access?

 

Thanks, in advance. This looks like a terrific program, if I can ever get it to work.

Link to comment
Share on other sites

Hi, Rick,

 

Looks like you have half the battle won.

 

FYI - The .htpasswd file should not be in /home (your Website root directory). It should be right above it. For example, if your Website root is

/theres/no/place/like/home/ then .htpasswd should be in /theres/no/place/like/.

 

In .htpasswd you should have something like this:

 

rickeroo:1$nYxLpTMQ84I

 

Your .htaccess looks correct.

 

Cheers,

 

Ray

Link to comment
Share on other sites

Thanks, Ray!

 

I think I found out why I can't get osCommerce working the way I want.

 

My websites all live on the same server. I'm using Virtual Hosting based on website names with Apache.

 

Apparently SSL won't work in such a scenario, because the SSL connection is established before the website name is passed.

 

Now I don't know what to do about that.

 

On the other hand, it MIGHT not matter, since initially I was planning to use osCommerce with PayPal until I determine that my volume is high enough to justify getting my own merchant account for credit cards with my bank.

 

I guess I need to finish reading the osCommerce documentation.

 

On the plus side, I own the servers; they sit in my office. Now I just have to figure out how to configure and maintain them.

Link to comment
Share on other sites

  • 3 months later...

SSL will work on virtual domains but you do have to have an IP address for each domain and configure Apache for IP virtual hosting.

 

I too run my own servers. I had an IP in my block I was not using so I configured DNS to point to that IP. I configured NAT in my router to send requests on ports 80 and 443 to a new internal IP (i.e. 192.168.1.121). I configured my OS to include that IP on the existing NIC. In my case that was an ifconfig command. And finally, I setup Apache for IP based virtual hosting to answer on the xxx.xxx.xxx.121 address. It worked like a charm.

 

You do have to have a unique public IP and a unique private IP to make this work. Also in Apache, you need two virutal hosts: one for port 80 and one for port 443.

 

Good Luck

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...