Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

using htaccess/htpasword on windows server


maxx

Recommended Posts

Sorry to be longwinded, but I wanna be thorough with everything I've done so that I can get precise help...

 

I've read all the posts and followed different instructions. Think I must have uploaded my .htaccess and .htpassword files to my /admin folder more than 15 times!

 

But still, I type in mydomain/catalog/admin and get straight in -- no password required!

 

This is the final text I have in my htaccess file:

 

AuthUserFile C:/path/mydomain.com/www/catalog/admin/.htpasswd

AuthGroupFile /dev/null

AuthName "Password Protected Area"

AuthType Basic

 

<limit GET POST>

require valid-user

</limit>

 

And this is in my htpassword:

myuserid:mypassword

 

I've put in a straightforward text password as I read that Windows may not accept crypted ones.

 

Could it be that my server does not support .htaccess? :(

 

Can I rename my admin folder to some cryptic name and hope for the best, or will this screw up all other files? :unsure:

Link to comment
Share on other sites

When you put configuration directives in a .htaccess file, and you don't get the desired effect the most common problem is that AllowOverride is not set such that your configuration directives are being honored. Make sure that you don't have a AllowOverride None in effect for the file scope in question. A good test for this is to put garbage in your .htaccess file and reload. If a server error is not generated, then you almost certainly have AllowOverride None in effect in your main configuration file.

Link to comment
Share on other sites

Sorry Maxx I have assumed you where running apache on a windows server. If you are running your cart using IIS rather than apache the .htaccess stuff has no meaning. There are ways to protect files and folders in IIS but you need access to the IIS Management console which you probably wont have if your site is being hosted by a third party.

Link to comment
Share on other sites

Hmm. I don't even know if I'm on apache or IIS. But yeah. Nothing I put in my .htaccess affects my pages. Damn.

 

I've bugged my tech help guy so many times, he's decided to move me to a different server (but he still hasn't helped me with my problems!)

 

What are my other options to secure admin?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...