.htaccess help?
Hello
Fighting with setup .htpaccess restriction and i need to give access to
the folder
>"https://mta-sts.caloro.ch/.well-known/mta-sts.txt"; to public
this folder living on my system on following folder /var/www/mta-sts,
the Home-
page are on folder /var/www/wordpress/index
if disable the folowing line "RewriteRule ^(.*)$ https://www.caloro.ch/
[R,L]"
i have access to this mta-sts.txt. please how i can concentrate to open only
the hompege and this mta-sts folder, so that are visible to public:
on etc/apache i have the mta-sts.conf
/etc/apache2/sites-available# cat mta-sts-ssl.conf
ServerName mta-sts.caloro.ch
DocumentRoot /
ErrorDocument 403 "403 Forbidden - This site is used to specify the
MTA-STS policy for this domain, please see '/.well-known/mta-sts.txt'.
If you were not expecting to see this, please use href=\"https://caloro.ch\"; rel=\"noopener\">https://caloro.ch instead."
DocumentRoot "/var/www/mta-sts"
Options -Indexes +FollowSymLinks
# AllowOverride AuthConfig
AllowOverride None
# Tachtler (enable for unlimited access)
Require all granted
Alias /.well-known/mta-sts.txt /var/www/mta-sts/mta-sts.txt
DirectoryIndex mta-sts.txt
RewriteEngine On
RewriteOptions IgnoreInherit
RewriteRule !^/.well-known/mta-sts.txt - [L,R=403]
SSLCertificateFile
/etc/letsencrypt/live/mta-sts.caloro.ch/fullchain.pem
SSLCertificateKeyFile
/etc/letsencrypt/live/mta-sts.caloro.ch/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
--
/var/www# cat .htaccess
RewriteEngine On
RewriteCond %{SERVER_PORT} 443
# RewriteRule ^(.*)$ https://www.caloro.ch/ [R,L]
# RewriteRule ^(.*)$ https://mta-sts.caloro.ch/.well-known/ [R,L]
# No access to Folder-Structures
Options All -Indexes
# No access to the install.php
Order allow,deny
Deny from all
# No access to the wp-config.php
Order allow,deny
Deny from all
## No access to .htaccess and .htpasswd
Order deny,allow
Deny from all
## No access to includes folder
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
## No access to usernames
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} .*author=(.+.?) [NC]
RewriteRule (.*) /blog/?author= [NC,L,R=301]
# No ETags
# Header unset ETag
# FileETag None
thanks for possible help
regards
Re: Works on .htaccess but not in sites-available
Hello, On 10/30/2012 10:02 PM, Jorge wrote: > In /var/www/www.etxea.org/htdocs/.htaccess I've got the following > content ... [..] > RewriteCond $1 !^(index\.php|images|robots\.txt|user_guide) > RewriteRule ^(.*)$ /index.php/$1 [L] [..] > > RewriteCond $1 !^(index\.php|images|robots\.txt|user_guide) > RewriteRule ^(.*)$ /index.php/$1 [L] Matches in VirtualHost context start with /, i.e. you have to use !^/(index\.php|images|robots\.txt|user_guide) See http://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriterule (the box "What is matched?") Cheers Wolfgang -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/50938336.3000...@karall-edv.at
Works on .htaccess but not in sites-available
Good evening. I've got apache2 on squeeze. In /var/www/www.etxea.org/htdocs/.htaccess I've got the following content ... IndexIgnore * RewriteEngine on # Any HTTP request other than those for index.php, images, and robots.txt is treated as a request for your index.php file RewriteCond $1 !^(index\.php|images|robots\.txt|user_guide) RewriteRule ^(.*)$ /index.php/$1 [L] ... and It really works. But I want not to use .htaccess, I mean, to copy this content to /etc/apache2/sites-available/www.etxea.org, just to (after enabling with a2ensite www.etxea.org and /etc/init.d/apache2 restart) make it work just the same. The www.etxea.org file content is the following ... ServerAdmin webmas...@etxea.org ServerName www.etxea.org ServerAlias etxea.org # Indexes + Directory Root. DirectoryIndex index.php index.html DocumentRoot /var/www/www.etxea.org/htdocs/ AllowOverride All IndexIgnore * RewriteEngine on # Any HTTP request other than those for index.php, images, and robots.txt is treated as a request for your index.php file RewriteCond $1 !^(index\.php|images|robots\.txt|user_guide) RewriteRule ^(.*)$ /index.php/$1 [L] # CGI Directory ScriptAlias /cgi-bin/ /var/www/www.etxea.org/cgi-bin/ Options +ExecCGI # Logfiles ErrorLog /var/www/www.etxea.org/logs/error.log CustomLog /var/www/www.etxea.org/logs/access.log combined But I regret It doesn't work. What's the problem? Is the IfModule located where it must be or I've missunderstood the place? Thank you. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/50904061.3090...@gmail.com
Re: Apache2 does not enable htaccess
On 25/10/2012 14:26, Gorka wrote:
On 25/10/2012 13:19, Gorka wrote:
On 25/10/2012 12:48, Lars Nooden wrote:
On Thu, 25 Oct 2012, Gorka wrote:
I've put my .htaccess under /var/www with this lonely line ...
IndexIgnore *
... also there is in /etc/apache2/sites-available/default the
following
content ...
ServerAdmin webmaster@localhost
DocumentRoot /var/www
Options FollowSymLinks
AllowOverride None
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn,
error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
... As you can see, I've already changed AllowOverride from None to
All
But .htaccess doesn't seem to work yet. When I point to the url it
lists the
whole content of /var/www
What's the matter? Any idea?
Put what you would have put inside .htaccess inside the appropriate
Directory directive inside the web server's configuration file.
Remember
to reload. .htaccess is only for when you don't actually have write
access to the web server's configuration.
Regards,
/Lars
Actually I'd like to be able to get it work so. There must be an
explanation for this, but I can't see what's wrong with the way I'm
doing.
Just the same problem with ...
php_value upload_max_filesize 100M
... in .htaccess
phpinfo() keeps on showing ...
upload_max_filesize 2M 2M
... for both local and master. In fact phpinfo() only changes if I
change this value directly on php.ini, but I would like to know why my
.htaccess is not working. Any idea over there?
Solved. By the time I created .htaccess file I was using Eclipse.
Eclipse aded the .php extension to the file and I didn't notice. Such a
big rookie mistake! I beg you pardon for the inconveniences. Thank you
anyway.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/508a2fa4.7000...@yahoo.es
Re: Apache2 does not enable htaccess
On 25/10/2012 13:19, Gorka wrote:
On 25/10/2012 12:48, Lars Nooden wrote:
On Thu, 25 Oct 2012, Gorka wrote:
I've put my .htaccess under /var/www with this lonely line ...
IndexIgnore *
... also there is in /etc/apache2/sites-available/default the following
content ...
ServerAdmin webmaster@localhost
DocumentRoot /var/www
Options FollowSymLinks
AllowOverride None
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn,
error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
... As you can see, I've already changed AllowOverride from None to All
But .htaccess doesn't seem to work yet. When I point to the url it
lists the
whole content of /var/www
What's the matter? Any idea?
Put what you would have put inside .htaccess inside the appropriate
Directory directive inside the web server's configuration file. Remember
to reload. .htaccess is only for when you don't actually have write
access to the web server's configuration.
Regards,
/Lars
Actually I'd like to be able to get it work so. There must be an
explanation for this, but I can't see what's wrong with the way I'm
doing.
Just the same problem with ...
php_value upload_max_filesize 100M
... in .htaccess
phpinfo() keeps on showing ...
upload_max_filesize 2M 2M
... for both local and master. In fact phpinfo() only changes if I
change this value directly on php.ini, but I would like to know why my
.htaccess is not working. Any idea over there?
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/5089300d.6030...@yahoo.es
Re: Apache2 does not enable htaccess
On 25/10/2012 12:48, Lars Nooden wrote:
On Thu, 25 Oct 2012, Gorka wrote:
I've put my .htaccess under /var/www with this lonely line ...
IndexIgnore *
... also there is in /etc/apache2/sites-available/default the following
content ...
ServerAdmin webmaster@localhost
DocumentRoot /var/www
Options FollowSymLinks
AllowOverride None
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
... As you can see, I've already changed AllowOverride from None to All
But .htaccess doesn't seem to work yet. When I point to the url it lists the
whole content of /var/www
What's the matter? Any idea?
Put what you would have put inside .htaccess inside the appropriate
Directory directive inside the web server's configuration file. Remember
to reload. .htaccess is only for when you don't actually have write
access to the web server's configuration.
Regards,
/Lars
Actually I'd like to be able to get it work so. There must be an
explanation for this, but I can't see what's wrong with the way I'm doing.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/50892027.8070...@yahoo.es
Re: Apache2 does not enable htaccess
On Thu, 25 Oct 2012, Gorka wrote:
> I've put my .htaccess under /var/www with this lonely line ...
>
> IndexIgnore *
>
> ... also there is in /etc/apache2/sites-available/default the following
> content ...
>
>
> ServerAdmin webmaster@localhost
>
> DocumentRoot /var/www
>
> Options FollowSymLinks
> AllowOverride None
>
>
> Options Indexes FollowSymLinks MultiViews
> AllowOverride All
> Order allow,deny
> allow from all
>
>
> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
>
> AllowOverride None
> Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
> Order allow,deny
> Allow from all
>
>
> ErrorLog ${APACHE_LOG_DIR}/error.log
>
> # Possible values include: debug, info, notice, warn, error, crit,
> # alert, emerg.
> LogLevel warn
>
> CustomLog ${APACHE_LOG_DIR}/access.log combined
>
>
> ... As you can see, I've already changed AllowOverride from None to All
> But .htaccess doesn't seem to work yet. When I point to the url it lists the
> whole content of /var/www
> What's the matter? Any idea?
Put what you would have put inside .htaccess inside the appropriate
Directory directive inside the web server's configuration file. Remember
to reload. .htaccess is only for when you don't actually have write
access to the web server's configuration.
Regards,
/Lars
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/alpine.bso.2.02.1210251347060.10...@yeeloong.dhcp.inet.fi
Re: Apache2 does not enable htaccess
On 25/10/2012 12:37, Gorka wrote:
I've put my .htaccess under /var/www with this lonely line ...
IndexIgnore *
... also there is in /etc/apache2/sites-available/default the
following content ...
ServerAdmin webmaster@localhost
DocumentRoot /var/www
Options FollowSymLinks
AllowOverride None
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error,
crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
... As you can see, I've already changed AllowOverride from None to All
But .htaccess doesn't seem to work yet. When I point to the url it
lists the whole content of /var/www
What's the matter? Any idea?
I forgot to say that, of course, I've done ...
a2ensite default
/etc/init.d/apache2 reload (even restart)
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/508917ea.50...@yahoo.es
Apache2 does not enable htaccess
I've put my .htaccess under /var/www with this lonely line ...
IndexIgnore *
... also there is in /etc/apache2/sites-available/default the following
content ...
ServerAdmin webmaster@localhost
DocumentRoot /var/www
Options FollowSymLinks
AllowOverride None
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
... As you can see, I've already changed AllowOverride from None to All
But .htaccess doesn't seem to work yet. When I point to the url it lists
the whole content of /var/www
What's the matter? Any idea?
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/50891664.2070...@yahoo.es
Re: Hacked .htaccess redirect to htttp://reltime2012.ru/frunleh?9
On Wed, 22 Aug 2012 16:32:01 -0300, Dr Beco wrote: > Does anyone knows how to protect against unauthorized change of > .htaccess? Uninstalling WordPress/Joomla/PHP-Nuke and all that "frameworking" stuff? Just kidding, but having this pre-made environments on you server it poses a real risk, you have to care they are always updated and using the latests patches. (...) > http://productforums.google.com/forum/#!topic/webmasters/GsB423gsIlk (...) > I know it is easy to fix. I just wonder if I can prevent that to happen > again. I'm considering to simple put a "cron job" that rewrites my > .htaccess from time to time! :) > > Anyone else saw this problem? At the Google forum there's a link it can help you with this: http://www.mastermindblogger.com/2011/14-ways-to-prevent-your-wordpress-blog-from-being-hacked/ So I guess there has to be a bunch of "how to protect joomla" articles out there. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/k182vj$k87$7...@ger.gmane.org
Re: Hacked .htaccess redirect to htttp://reltime2012.ru/frunleh?9
--- On Thu, 8/23/12, shthead wrote: > From: shthead > Subject: Re: Hacked .htaccess redirect to htttp://reltime2012.ru/frunleh?9 > To: debian-user@lists.debian.org > Date: Thursday, August 23, 2012, 1:27 AM > On 23/08/2012 3:32 AM, Dr Beco > wrote: > > One of my sites, that has joomla (and not wordpress) > also got hacked (again). > > Is your Joomla along with all components/skins etc. up to > date? Many of the hacked sites I look at are not up to > date. > You are not alone. Noy long ago my webhost posted an announcement about Joomla and Wordpress sites on their servers getting hacked. Make sure you're updated to the latest version. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1345726481.39670.yahoomailclas...@web163402.mail.gq1.yahoo.com
Re: Hacked .htaccess redirect to htttp://reltime2012.ru/frunleh?9
On 23/08/2012 3:32 AM, Dr Beco wrote: One of my sites, that has joomla (and not wordpress) also got hacked (again). Is your Joomla along with all components/skins etc. up to date? Many of the hacked sites I look at are not up to date. " the sysadmin told me that there was a php script entitled "jos_jpxn.php" running that was rewriting my .htaccess" (lickface) I quite often see Joomla sites that get hacked have a few PHP shells dropped around the place that the attacker then uses to do other things (reset passwords/change htaccess files/phising sites etc.). Also, if it is shared web hosting are your permissions all set correctly? Do you know how PHP is configured on the server? If the permissions are wrong say on the configuration file and another site on the same server gets hacked, they may be able to read your configuration file, get the database details and reset/recover the admin password. Personally I wouldn't trust a Joomla/Wordpress/whatever install once the site has been comprimised like this - who knows what else has been changed. It may be best to reupload the site/database from a backup if you have one. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5035cd63.9000...@shthead.net
Re: Hacked .htaccess redirect to htttp://reltime2012.ru/frunleh?9
On Wed, 22 Aug 2012, Dr Beco wrote: > For this system I don't have root access. It is managed abroad by a > "host farm". I already wrote to them to report the (second) problem. I suggest you take your business elsewhere. You don't want to risk your name/site/domain being associated with criminals because of some el-cheap-o hosting farm can't do their job properly. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120823004420.gb19...@khazad-dum.debian.net
Re: Hacked .htaccess redirect to htttp://reltime2012.ru/frunleh?9
Henrique de Moraes Holschuh, Wed, 22 Aug 2012 16:41:59 -0300: > > If you have root access, try to use chattr to mark that file as > immutable (chattr +i). > > But really, if they keep changing your .htaccess, it means they have > compromised the box, and will remain compromising it until you clean the > box (probably rebuild from scratch) AND close the security holes. Dear Henrique, For this system I don't have root access. It is managed abroad by a "host farm". I already wrote to them to report the (second) problem. I hope they find the main problem now, instead of just giving another quick fix. Also, I cannot ask them to reinstall the system from scratch, as the same server hosts more websites. Thanks! Beco -- Dr. Beco A.I. research, Cognitive Scientist and Philosopher Linux Counter #201942 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CALuYw2yDehk99ygBD+anf+FbJ+WT2J2MJ6KMpMQ=nqophdq...@mail.gmail.com
Re: Hacked .htaccess redirect to htttp://reltime2012.ru/frunleh?9
On Wed, 22 Aug 2012, Dr Beco wrote: > Does anyone knows how to protect against unauthorized change of .htaccess? If you have root access, try to use chattr to mark that file as immutable (chattr +i). But really, if they keep changing your .htaccess, it means they have compromised the box, and will remain compromising it until you clean the box (probably rebuild from scratch) AND close the security holes. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120822194159.ga29...@khazad-dum.debian.net
Hacked .htaccess redirect to htttp://reltime2012.ru/frunleh?9
Dear debianusers,
Does anyone knows how to protect against unauthorized change of .htaccess?
I googled the "htttp://reltime2012.ru/frunleh?9 redirect problem" and
found out that a lot of sites (mainly using wordpress) got hacked and
is redirected to a russian site.
One of my sites, that has joomla (and not wordpress) also got hacked (again).
In the beginning of the .htaccess one can read:
RewriteCond %{HTTP_REFERER}
^.*(google|ask|yahoo|youtube|wikipedia|excite|altavista|msn|aol|goto|infoseek|lycos|search|bing|dogpile|facebook|twitter|live|myspace|linkedin|flickr)\.(.*)
RewriteRule ^(.*)$ htttp://reltime2012.ru/frunleh?9 [R=301,L]
I find some tutorials on how to fix the problem,
http://newmediamike.com/2012/07/reltime-2012-frunleh-redirection/
http://wptrainingonline.com/
But none of them explains how to protect and prevent the problem to
happen again. This google's forum has a post stating that
http://productforums.google.com/forum/#!topic/webmasters/GsB423gsIlk
" the sysadmin told me that there was a php script entitled
"jos_jpxn.php" running that was rewriting my .htaccess" (lickface)
But I found no such script among my files.
(Of course, I changed my password, but I don't really think that is
the problem...)
I know it is easy to fix. I just wonder if I can prevent that to
happen again. I'm considering to simple put a "cron job" that rewrites
my .htaccess from time to time! :)
Anyone else saw this problem?
Thanks,
Beco
--
Dr. Beco
A.I. research, Cognitive Scientist and Philosopher
Linux Counter #201942
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/caluyw2xm0z0ebijgexpjyh0npklxaj11eb4idyatoxvuw6m...@mail.gmail.com
Re: .htaccess , how to bypass authentication for specific IPs ?
On 13/08/12 16:55, Camaleón wrote: >> You need "Order allow,deny". See >> http://httpd.apache.org/docs/2.0/mod/mod_access.html#order for details. > > The order is consistent with the samples given in the link I sent before > but how is that altering the "Allow from" stanza? The .htaccess J.B. provided has "Order deny,allow", they need to be the other way around. Sorry if I'd be quoting a little oddly, I joined in with this thread a bit late on Tom -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5029343c.1010...@deathbycomputers.co.uk
Re: .htaccess , how to bypass authentication for specific IPs ?
On Mon, 13 Aug 2012 16:30:30 +0100, Tom Grace wrote: (careful when quoting...) > On 13/08/12 16:25, Camaleón wrote: >> On Mon, 13 Aug 2012 10:40:51 +0530, J. B wrote: (...) >>> Now I like some IPs to bypass the authentication. Hence I have >>> modified the rule as >>> >>> [...] >>> Order deny,allow >>> Deny from all >>> AuthName "htaccess password prompt" >>> AuthUserFile /home/askapache.com/.htpasswd AuthType Basic Require >>> valid-user >>> Allow from 172.17.10.1 >>> Satisfy Any >>> [] >>> >>> But it just allow all IPs to bypass the authentication. IS there any >>> wrong code in the rule set ? The apache version is - [ Server >>> version: Apache/2.2.16 (Debian) ] > > You need "Order allow,deny". See > http://httpd.apache.org/docs/2.0/mod/mod_access.html#order for details. The order is consistent with the samples given in the link I sent before but how is that altering the "Allow from" stanza? Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/k0b82b$9nn$1...@dough.gmane.org
Re: .htaccess , how to bypass authentication for specific IPs ?
On 13/08/12 16:25, Camaleón wrote: > On Mon, 13 Aug 2012 10:40:51 +0530, J. B wrote: > >> I have the following in my .htaccess to force the authentication >> >> [....] >> AuthName "htaccess password prompt" >> AuthUserFile /home/askapache.com/.htpasswd AuthType Basic >> Require valid-user >> [...] >> >> Now I like some IPs to bypass the authentication. Hence I have modified >> the rule as >> >> [...] >> Order deny,allow >> Deny from all >> AuthName "htaccess password prompt" >> AuthUserFile /home/askapache.com/.htpasswd AuthType Basic >> Require valid-user >> Allow from 172.17.10.1 >> Satisfy Any >> [] >> >> But it just allow all IPs to bypass the authentication. IS there any >> wrong code in the rule set ? The apache version is - [ Server version: >> Apache/2.2.16 (Debian) ] You need "Order allow,deny". See http://httpd.apache.org/docs/2.0/mod/mod_access.html#order for details. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/50291d96.3030...@deathbycomputers.co.uk
Re: .htaccess , how to bypass authentication for specific IPs ?
On Mon, 13 Aug 2012 10:40:51 +0530, J. B wrote: > I have the following in my .htaccess to force the authentication > > [] > AuthName "htaccess password prompt" > AuthUserFile /home/askapache.com/.htpasswd AuthType Basic > Require valid-user > [...] > > Now I like some IPs to bypass the authentication. Hence I have modified > the rule as > > [...] > Order deny,allow > Deny from all > AuthName "htaccess password prompt" > AuthUserFile /home/askapache.com/.htpasswd AuthType Basic > Require valid-user > Allow from 172.17.10.1 > Satisfy Any > [] > > But it just allow all IPs to bypass the authentication. IS there any > wrong code in the rule set ? The apache version is - [ Server version: > Apache/2.2.16 (Debian) ] By "all IPs" you mean all of the IPs coming from your local network range or also from remote? At a first glance I see nothing wrong from the above "Allow from" directive (and you have more configuration samples here): http://wiki.apache.org/httpd/BypassAuthenticationOrAuthorizationRequirements Did you reload the apache2 service after the change? Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/k0b69q$9nn$9...@dough.gmane.org
.htaccess , how to bypass authentication for specific IPs ?
Dear list, I have the following in my .htaccess to force the authentication [] AuthName "htaccess password prompt" AuthUserFile /home/askapache.com/.htpasswd AuthType Basic Require valid-user [...] Now I like some IPs to bypass the authentication. Hence I have modified the rule as [...] Order deny,allow Deny from all AuthName "htaccess password prompt" AuthUserFile /home/askapache.com/.htpasswd AuthType Basic Require valid-user Allow from 172.17.10.1 Satisfy Any [] But it just allow all IPs to bypass the authentication. IS there any wrong code in the rule set ? The apache version is - [ Server version: Apache/2.2.16 (Debian) ] Thanks -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120813104051.71e61...@shiva.selfip.org
Re: .htaccess problem...please provide some hints.
SOLVED:
If someone reads this post, here is how I solved my problem:
RewriteEngine On
RewriteCond %{QUERY_STRING} lang=
RewriteRule (.*) ? [R=302,L]
lubos
On Tue, Jun 21, 2011 at 3:54 PM, Lubos Rendek wrote:
> Hi guys,
>
> I'm unable to get the right redirection using .htaccess file. What I
> have is this
>
> URL http://example.com/?lang=ar&;
> or
> http://example.com/?lang=ar®istration
>
> and I would like this to be redirected to http://example.com/ .
>
> In fact I would like to have all URL's which contain "lang=" to be
> redirected to http://example.com .
>
> any hints?
>
> thank you
>
> lubos
>
--
http://www.linuxconfig.org
http://jobs.linuxcareer.com
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/banlktinslk_esgezmfdrmt6r6cbrepk...@mail.gmail.com
.htaccess problem...please provide some hints.
Hi guys, I'm unable to get the right redirection using .htaccess file. What I have is this URL http://example.com/?lang=ar&; or http://example.com/?lang=ar®istration and I would like this to be redirected to http://example.com/ . In fact I would like to have all URL's which contain "lang=" to be redirected to http://example.com . any hints? thank you lubos -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/BANLkTi=hTXYJmbp=hsktcdob8c0z127...@mail.gmail.com
htaccess basic passwords
Hi,
I'm having trouble getting apache to set a password on a directory. I know I
can do this in the apache config file but wanted to do this as a proof of
concept, The directory is /var/www/basic and the .htaccess is as follows
Hawaiian:/var/www/basic# ls -l .htaccess
-rw-r--r-- 1 root root 77 2010-02-24 00:12 .htaccess
Hawaiian:/var/www/basic# cat .htaccess
AuthType Basic
AuthName "Basic"
AuthUserFile ../../.htpasswd
require user ja
the password file is set with htpasswd -c
Hawaiian:/var# ls -la .htpasswd
-rwxr--r-- 1 root root 17 2010-02-26 21:35 .htpasswd
Hawaiian:/var# cat .htpasswd
ja:QW1U/jiz6SUeg
The config file is as follows
Hawaiian:/var# cat /etc/apache2/apache2.conf
#
# Based upon the NCSA server configuration files originally by Rob McCool.
#
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See http://httpd.apache.org/docs/2.2/ for detailed information about
# the directives.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# The configuration directives are grouped into three basic sections:
# 1. Directives that control the operation of the Apache server process as
a
# whole (the 'global environment').
# 2. Directives that define the parameters of the 'main' or 'default'
server,
# which responds to requests that aren't handled by a virtual host.
# These directives also provide default values for the settings
# of all virtual hosts.
# 3. Settings for virtual hosts, which allow Web requests to be sent to
# different IP addresses or hostnames and have them handled by the
# same Apache server process.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so
"/var/log/apache2/foo.log"
# with ServerRoot set to "" will be interpreted by the
# server as "//var/log/apache2/foo.log".
#
### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation (available
# at http://httpd.apache.org/docs-2.1/mod/mpm_common.html#lockfile>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
ServerRoot "/etc/apache2"
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
#
#
LockFile /var/lock/apache2/accept.lock
#
#
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 15
##
## Server-Pool Size Regulation (MPM specific)
##
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 0
# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
StartServers 2
MinSpareThreads 25
Re: .htaccess?
It's working!!:)) the httpd.conf file is empty, but the /etc/apache2/sites-available/default file had many-many configuration in it, i modified the: AllowOverrie All . . . and it works!! thank you!! 2008/7/23 Bob Cox <[EMAIL PROTECTED]>: > On Wed, Jul 23, 2008 at 07:54:59 +0200, Lóránd Erik ([EMAIL PROTECTED]) > wrote: > > > Why doesn't .htaccess rules work, when i example write this in it: > > > > AuthUserFile /home/username/.htpasswd > > AuthGroupFile /dev/null > > AuthName "Private Area" > > AuthType Basic > > > > require valid-user > > > > > > i just want to secure a folder by password, on apache2 [i just installed > it, > > it works, but i can still see the folder, and it doesn't ask for > password, i > > have .htpasswd in username/.htpasswd] > > > > what am i missing? > > Try it without the "" etc. > > All you should need is: > > AuthUserFile /home/username/.htpasswd > AuthName "Private Area" > AuthType Basic > require valid-user > > Please let us know if that helps. > > -- > Bob Cox. Stoke Gifford, near Bristol, UK. > Registered user #445000 with the Linux Counter - http://counter.li.org/ > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > >
[OT] Re: .htaccess?
On Wed, Jul 23, 2008 at 1:54 AM, Lóránd Erik <[EMAIL PROTECTED]> wrote: > Why doesn't .htaccess rules work, when i example write this in it: > > AuthUserFile /home/username/.htpasswd > AuthGroupFile /dev/null > AuthName "Private Area" > AuthType Basic > > require valid-user > > > i just want to secure a folder by password, on apache2 [i just installed it, > it works, but i can still see the folder, and it doesn't ask for password, i > have .htpasswd in username/.htpasswd] > > what am i missing? A lot. There's more to password protection in Apache than simply dropping a .htaccess file in a directory. This is way, way OT, btw, but what you almost certainly need to do is to AllowOverrideAll for your directory before Apache will allow it to have control over access. It's all in the documentation. Patrick -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: .htaccess?
On Wed, Jul 23, 2008 at 07:54:59 +0200, Lóránd Erik ([EMAIL PROTECTED]) wrote: > Why doesn't .htaccess rules work, when i example write this in it: > > AuthUserFile /home/username/.htpasswd > AuthGroupFile /dev/null > AuthName "Private Area" > AuthType Basic > > require valid-user > > > i just want to secure a folder by password, on apache2 [i just installed it, > it works, but i can still see the folder, and it doesn't ask for password, i > have .htpasswd in username/.htpasswd] > > what am i missing? Try it without the "" etc. All you should need is: AuthUserFile /home/username/.htpasswd AuthName "Private Area" AuthType Basic require valid-user Please let us know if that helps. -- Bob Cox. Stoke Gifford, near Bristol, UK. Registered user #445000 with the Linux Counter - http://counter.li.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
.htaccess?
Why doesn't .htaccess rules work, when i example write this in it: AuthUserFile /home/username/.htpasswd AuthGroupFile /dev/null AuthName "Private Area" AuthType Basic require valid-user i just want to secure a folder by password, on apache2 [i just installed it, it works, but i can still see the folder, and it doesn't ask for password, i have .htpasswd in username/.htpasswd] what am i missing? thank you:S
Re: best pactice - apache, rewrite, ssl, virtualhost or .htaccess
On Mon, Jul 31, 2006 at 10:24:41PM +0200, Ernst-Magne Vindal wrote: > > On Mon, July 31, 2006 19:43, Casey T. Deccio said: > > On Mon, 2006-07-31 at 14:41 +0200, Ernst-Magne Vindal wrote: > >> I have tryed to redir with .htaccess file and by config virtualhosts. Both > >> seams > >> to work ok, but will be happy for some comments for best practice. > > > > According to: > > http://httpd.apache.org/docs/2.0/howto/htaccess.html#when > > > > > > .htaccess files should be used in a case where the content providers > > need to make configuration changes to the server on a per-directory > > basis, but do not have root access on the server system. In the event > > that the server administrator is not willing to make frequent > > configuration changes, it might be desirable to permit individual users > > to make these changes in .htaccess files for themselves. This is > > particularly true, for example, in cases where ISPs are hosting multiple > > user sites on a single machine, and want their users to be able to alter > > their configuration. > > > > However, in general, use of .htaccess files should be avoided when > > possible. Any configuration that you would consider putting in > > a .htaccess file, can just as effectively be made in a > > section in your main server configuration file. > > > > > > Casey > > > > Thanks all, tryed all but no go yet > That is redirect is ofcause OK, its just the rewrite of url I can't get to > work...anyhow, googleing on > > and using section:) > thanks > > -- > /ernst-magne > > If you can't explain it simply, you don't understand it well enough. > (Albert Einstein) Hi, According to the Apache documentation the [R] flag is to prefix the substitution with http://thishost[:thisport]/ to force an external redirection. Also from the mod_rewrite documentation: "When you prefix a substitution field with http://thishost[:thisport], mod_rewrite will automatically strip that out. This auto-reduction on URLs with an implicit external redirect is most useful in combination with a mapping-function which generates the hostname part. Remember: An unconditional external redirect to your own server will not work with the prefix http://thishost because of this feature. To achieve such a self-redirect, you have to use the R-flag." I.e if you specify: RewriteEngine On RewriteRule ^/(.*)$ https://webmail.yourdomain.com/$1 [R,NC] then anybody requesting http://webmail.yourdomain.com/anything should be redirected to the https://webmail.yourdomain.com/anything. For more complex rewriting have a look at http://httpd.apache.org/docs/2.0/misc/rewriteguide.html Simo -- :r ~/.signature signature.asc Description: Digital signature
Re: best pactice - apache, rewrite, ssl, virtualhost or .htaccess
On Mon, July 31, 2006 19:43, Casey T. Deccio said: > On Mon, 2006-07-31 at 14:41 +0200, Ernst-Magne Vindal wrote: >> I have tryed to redir with .htaccess file and by config virtualhosts. Both >> seams >> to work ok, but will be happy for some comments for best practice. > > According to: > http://httpd.apache.org/docs/2.0/howto/htaccess.html#when > > > .htaccess files should be used in a case where the content providers > need to make configuration changes to the server on a per-directory > basis, but do not have root access on the server system. In the event > that the server administrator is not willing to make frequent > configuration changes, it might be desirable to permit individual users > to make these changes in .htaccess files for themselves. This is > particularly true, for example, in cases where ISPs are hosting multiple > user sites on a single machine, and want their users to be able to alter > their configuration. > > However, in general, use of .htaccess files should be avoided when > possible. Any configuration that you would consider putting in > a .htaccess file, can just as effectively be made in a > section in your main server configuration file. > > > Casey > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > Thanks all, tryed all but no go yet That is redirect is ofcause OK, its just the rewrite of url I can't get to work...anyhow, googleing on and using section:) thanks -- /ernst-magne If you can't explain it simply, you don't understand it well enough. (Albert Einstein) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: best pactice - apache, rewrite, ssl, virtualhost or .htaccess
On Mon, 2006-07-31 at 14:41 +0200, Ernst-Magne Vindal wrote: > I have tryed to redir with .htaccess file and by config virtualhosts. Both > seams > to work ok, but will be happy for some comments for best practice. According to: http://httpd.apache.org/docs/2.0/howto/htaccess.html#when .htaccess files should be used in a case where the content providers need to make configuration changes to the server on a per-directory basis, but do not have root access on the server system. In the event that the server administrator is not willing to make frequent configuration changes, it might be desirable to permit individual users to make these changes in .htaccess files for themselves. This is particularly true, for example, in cases where ISPs are hosting multiple user sites on a single machine, and want their users to be able to alter their configuration. However, in general, use of .htaccess files should be avoided when possible. Any configuration that you would consider putting in a .htaccess file, can just as effectively be made in a section in your main server configuration file. Casey -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: best pactice - apache, rewrite, ssl, virtualhost or .htaccess
On Mon, Jul 31, 2006 at 02:41:32PM +0200, Ernst-Magne Vindal wrote: > Hi, I'm running Apache2 on Debian Sarge and redirect some sites to https. > > I have: > debian 2.6.8-16sarge1 > apache2 - 2.0.54-5 with mod_ssl, mod_rewrite > > I have tryed to redir with .htaccess file and by config virtualhosts. Both > seams > to work ok, but will be happy for some comments for best practice. > > Another thing is redirection, virtualhosts and url's. > I have not managed to redir http://webmail.domain.com to > https://webmail.domain.com. "webmail" is a virtualhost. But i can redirect to > https if I redirect to https://domain.com/webmail. Is that the only way to do > it? If so is there a way to keep the url in browser at webmail.domain.com even > if redirected domain.com/webmail? > I've googled around some and only found the [R] to put at the end of > RewriteRule. But some say that it will show only the url typed, and some says > it > will show the url that user is rediredted to.anyhow it makes no different. > If you want to have the user's request to go one place but have the URL show up as something else, then check out ProxyPass and ProxyPassReverse. You can also redirect by pacing an index.html file that uses the meta refresh to redirect. Not as elegant, but it works. Regards, -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~roberto signature.asc Description: Digital signature
Re: best pactice - apache, rewrite, ssl, virtualhost or .htaccess
At 1154356892 past the epoch, Ernst-Magne Vindal wrote: > I have tryed to redir with .htaccess file and by config > virtualhosts. Both seams to work ok, but will be happy for > some comments for best practice. .htaccess is more relocatable, as you are keeping the "logic" about your web app together with the rest of the code. However it can be slower than defining things in your httpd.conf files, as apache has to reparse the .htaccess files with each request. I'd suggest sticking with .htaccess until a time when you find performance to be a problem. > Another thing is redirection, virtualhosts and url's. > I have not managed to redir http://webmail.domain.com to > https://webmail.domain.com. "webmail" is a virtualhost. It looks (from below) like you are using rewrite for this. For such a simple redirect, I'd suggest using 'RedirectMatch' instead. I do this by specifying a VirtualHost block for port 80 traffic, which does nothing but redirect to HTTPS: RedirectMatch permanent ^/(.*)$ https://webmail.domain.com/$1 -- Jon Dowland http://alcopop.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
best pactice - apache, rewrite, ssl, virtualhost or .htaccess
Hi, I'm running Apache2 on Debian Sarge and redirect some sites to https. I have: debian 2.6.8-16sarge1 apache2 - 2.0.54-5 with mod_ssl, mod_rewrite I have tryed to redir with .htaccess file and by config virtualhosts. Both seams to work ok, but will be happy for some comments for best practice. Another thing is redirection, virtualhosts and url's. I have not managed to redir http://webmail.domain.com to https://webmail.domain.com. "webmail" is a virtualhost. But i can redirect to https if I redirect to https://domain.com/webmail. Is that the only way to do it? If so is there a way to keep the url in browser at webmail.domain.com even if redirected domain.com/webmail? I've googled around some and only found the [R] to put at the end of RewriteRule. But some say that it will show only the url typed, and some says it will show the url that user is rediredted to.anyhow it makes no different. -- /ernst-magne If you can't explain it simply, you don't understand it well enough. (Albert Einstein) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: .htaccess in Sarge [solved]
On Tue, 2006-04-18 at 08:19 -0400, Roberto C. Sanchez wrote: > Do you have an "AllowOverride None" directive anywhere in your > apache2.conf? If so, you can allow the authentication like so: > > > AllowOverride AuthConfig > Right on the money - thanks a lot! Hans -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: .htaccess in Sarge
Hans du Plooy wrote: > Hi guys, > > I'm not sure what I'm missing. I migrated some web apps from a SLES9 > box to a Sarge box, and all is fine, except one page that is protected > by a .htaccess file. > > Apache2 simply doesn't see it - nothing in the logs, and no password > prompt. > > Here is the content of the .htaccess: > > AuthUserFile /var/www/mailadmin/admin/.htpasswd > AuthName "Enter Password" > AuthType Basic > Require valid-user > > And in /etc/apache2/apache2.conf, I have: > > AccessFileName .htaccess > > > Order allow,deny > Deny from all > > > > What am I missing? > > Thanks > Hans > > A couple of things: Do you have an "AllowOverride None" directive anywhere in your apache2.conf? If so, you can allow the authentication like so: AllowOverride AuthConfig You can also use "AllowOverride All" if you want to be able to to do other tricks in the .htaccess file without restarting the apache process. Also, if you are not going to be changing this frequently, it is better to simply place the authentication configuration directives directly into the apache2.conf or the virtual host config file. Reading and processing .htaccess files incurs a performance penalty under apache. Regards, -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~roberto signature.asc Description: OpenPGP digital signature
.htaccess in Sarge
Hi guys, I'm not sure what I'm missing. I migrated some web apps from a SLES9 box to a Sarge box, and all is fine, except one page that is protected by a .htaccess file. Apache2 simply doesn't see it - nothing in the logs, and no password prompt. Here is the content of the .htaccess: AuthUserFile /var/www/mailadmin/admin/.htpasswd AuthName "Enter Password" AuthType Basic Require valid-user And in /etc/apache2/apache2.conf, I have: AccessFileName .htaccess Order allow,deny Deny from all What am I missing? Thanks Hans -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: .htaccess and .htpassword
Nevruz Mesut Sahin wrote: > I want to make a new .htaccess and .htpasswd file in > /mywww/mssites/xsecure/newfile but I don't know how can I do. Apache has documentation on this: http://httpd.apache.org/docs/2.0/howto/htaccess.html http://httpd.apache.org/docs/2.0/howto/auth.html Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: .htaccess and .htpassword
On 10/26/05, Nevruz Mesut Sahin <[EMAIL PROTECTED]> wrote: Hello we are using apache on linux debian. /mywww/mysites/xstore is directory of web server, /mywww/mysites/xsecure is https part of domain and there is an .htaccess and an .htpasswd file in /mywww/mysites/xsecure/azxcvbnm file. You are a bit abscure! What exactly do you want to gain from an .htaccess?? is it a protected directory? redirection? file indexing? diferenet set of permissions? check this simple tutorail: http://www.freewebmasterhelp.com/tutorials/htaccess/ Meni I want to make a new .htaccess and .htpasswd file in /mywww/mssites/xsecure/newfile but I don't know how can I do. if you know please help me Yahoo! FareChase - Search multiple travel sites in one click. -- --Meni Szapiro
.htaccess and .htpasswd
Hello we are using apache on linux debian. /mywww/mysites/xstore is directory of web server, /mywww/mysites/xsecure is https part of domain and there is an .htaccess and an .htpasswd file in /mywww/mysites/xsecure/azxcvbnm file. I want to make a new .htaccess and .htpasswd file in /mywww/mssites/xsecure/newfile but I don't know how can I do. if you know please help me Yahoo! FareChase - Search multiple travel sites in one click.
.htaccess and .htpassword
Hello we are using apache on linux debian. /mywww/mysites/xstore is directory of web server, /mywww/mysites/xsecure is https part of domain and there is an .htaccess and an .htpasswd file in /mywww/mysites/xsecure/azxcvbnm file. I want to make a new .htaccess and .htpasswd file in /mywww/mssites/xsecure/newfile but I don't know how can I do. if you know please help me Yahoo! FareChase - Search multiple travel sites in one click.
apache redirect in htaccess
I'm trying to redirect user from http to https using command in htaccess file: Redirect permanent / https://www.mydomain.com/directory when user enter http://www.mydomain.com/directory I'm trying to redirect them to https but I'm getting error message When I use: https://www.mydomain.com/ apache tells me "redirection limit for this url exceeded If I use: https://www.mydomain.com/directory apache tries to access https://www.mydomain.com/directorydirectory What am I doing wrong? Joseph -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: .htaccess question
* Gruessle ([EMAIL PROTECTED]) [031219 16:15]: > From: Vineet Kumar [mailto:[EMAIL PROTECTED] > > mv shop/even/more/images . > > ln -s ../../../images shop/even/more > > Sorry but I still don't get it > > Your mv line will move everything in shop/even/more/images into where No, it will move the images directory (different from moving everything in the images directory) to '.', which is the current directory. > Then your ls line will list what? I didn't type ls. > And how is that going to link stuff? Did you read the link I sent in my previous mail? I suggest you read it more closely. The command to create links is 'ln', as given in the example on the newbiedoc page, and in my example now found 3 times within this thread. I don't mean to be rude, but I think that before coming back to the list asking for further help, you should read this more closely and be a little more resourceful (e.g. try to look at the man page, or google for symlink, or _something_). good times, Vineet -- http://www.doorstop.net/ -- http://www.electionmethods.org/ signature.asc Description: Digital signature
Re: .htaccess question
On Fri, 19 Dec 2003 at 22:50 GMT, Gruessle penned: >> >> Don't bother with HTTP redirects. Just use a symlink. >> >> good times, Vineet > > This is what I found: > > #include > > int symlink(const char *name1, const char *name2); > > Now I am guessing I have to put a file in to each directory or do I > have to put a file in to the "images" directory and it will link all > files and sub-directorys? > > What do i call that file? index.php maybe? > > What do I enter in to this file? This maybe: > > #include int symlink(const char *, const char /immages/*); > > > I think I am totaly lost now. > Doh! 'symlink' is just shorthand for 'symbolic link', which on the command-line is handled using 'ln -s '. So, if I want blah.html to also be accessable as index.html: ln -s blah.html index.html Beware, though: if you later remove blah.html, index.html will be what is known as a "dangling symlink." -- monique -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: .htaccess question
From: Vineet Kumar [mailto:[EMAIL PROTECTED] > > * Gruessle ([EMAIL PROTECTED]) [031219 14:44]: > > > > > > From: Vineet Kumar [mailto:[EMAIL PROTECTED] > > > * Gruessle ([EMAIL PROTECTED]) [031219 12:39]: > > > > > > > > I have a lot of large files deep in directories berried > > > > like this: > > > > > > > > http://myserver.com/shop/more/even/more/images/1-999/ > > > > http://myserver.com/shop/more/even/more/images/1000-1999/ > > > > http://myserver.com/shop/more/even/more/images/2000-2999/ > > > > http://myserver.com/shop/more/even/more/images/1-10999/ > > > > etc. > > > > > > > > What I like to do is move those files out to > > > > > > > > http://myserver.com/images/1-999/ > > > > http://myserver.com/images/1000-1999/ > > > > http://myserver.com/images/2000-2999/ > > > > http://myserver.com/images/1-10999/ > > > > etc. > > > > > > > > The problem is that I am running oscommerce and > oscommerce gets his > > > > image files from that location. > > > > > > > > Is there a way I can use .htaccess to redirect > oscommerce to get the > > > > files from the new location? > > > > If so how? > > > > Or is there a better solution? > > > > > > Don't bother with HTTP redirects. Just use a symlink. > > Sorry I confused you. Maybe this will help: > > http://newbiedoc.sourceforge.net/general/main-glossary.html#SY MLINK-GLOSS The basic idea is that you want to create a link to the new directory in the place that the old directory was. For example, you might do something like this: mv shop/even/more/images . ln -s ../../../images shop/even/more Sorry but I still don't get it Your mv line will move everything in shop/even/more/images into where (to root I guess) Then your ls line will list what? And how is that going to link stuff? Gruessle -- http://VMCLinks.com http://GuyScope.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: .htaccess question
* Gruessle ([EMAIL PROTECTED]) [031219 14:44]: > > > From: Vineet Kumar [mailto:[EMAIL PROTECTED] > > * Gruessle ([EMAIL PROTECTED]) [031219 12:39]: > > > > > > I have a lot of large files deep in directories berried > > > like this: > > > > > > http://myserver.com/shop/more/even/more/images/1-999/ > > > http://myserver.com/shop/more/even/more/images/1000-1999/ > > > http://myserver.com/shop/more/even/more/images/2000-2999/ > > > http://myserver.com/shop/more/even/more/images/1-10999/ > > > etc. > > > > > > What I like to do is move those files out to > > > > > > http://myserver.com/images/1-999/ > > > http://myserver.com/images/1000-1999/ > > > http://myserver.com/images/2000-2999/ > > > http://myserver.com/images/1-10999/ > > > etc. > > > > > > The problem is that I am running oscommerce and oscommerce gets his > > > image files from that location. > > > > > > Is there a way I can use .htaccess to redirect oscommerce to get the > > > files from the new location? > > > If so how? > > > Or is there a better solution? > > > > Don't bother with HTTP redirects. Just use a symlink. Sorry I confused you. Maybe this will help: http://newbiedoc.sourceforge.net/general/main-glossary.html#SYMLINK-GLOSS The basic idea is that you want to create a link to the new directory in the place that the old directory was. For example, you might do something like this: mv shop/even/more/images . ln -s ../../../images shop/even/more good times, Vineet -- http://www.doorstop.net/ -- http://www.debian.org/ signature.asc Description: Digital signature
RE: .htaccess question
From: Vineet Kumar [mailto:[EMAIL PROTECTED] > * Gruessle ([EMAIL PROTECTED]) [031219 12:39]: > > > > I have a lot of large files deep in directories berried > > like this: > > > > http://myserver.com/shop/more/even/more/images/1-999/ > > http://myserver.com/shop/more/even/more/images/1000-1999/ > > http://myserver.com/shop/more/even/more/images/2000-2999/ > > http://myserver.com/shop/more/even/more/images/1-10999/ > > etc. > > > > What I like to do is move those files out to > > > > http://myserver.com/images/1-999/ > > http://myserver.com/images/1000-1999/ > > http://myserver.com/images/2000-2999/ > > http://myserver.com/images/1-10999/ > > etc. > > > > The problem is that I am running oscommerce and oscommerce gets his > > image files from that location. > > > > Is there a way I can use .htaccess to redirect oscommerce to get the > > files from the new location? > > If so how? > > Or is there a better solution? > > Don't bother with HTTP redirects. Just use a symlink. > > good times, > Vineet This is what I found: #include int symlink(const char *name1, const char *name2); Now I am guessing I have to put a file in to each directory or do I have to put a file in to the "images" directory and it will link all files and sub-directorys? What do i call that file? index.php maybe? What do I enter in to this file? This maybe: #include int symlink(const char *, const char /immages/*); I think I am totaly lost now. Gruessle -- http://VMCLinks.com http://GuyScope.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: .htaccess question
* Gruessle ([EMAIL PROTECTED]) [031219 12:39]: > > I have a lot of large files deep in directories berried > like this: > > http://myserver.com/shop/more/even/more/images/1-999/ > http://myserver.com/shop/more/even/more/images/1000-1999/ > http://myserver.com/shop/more/even/more/images/2000-2999/ > http://myserver.com/shop/more/even/more/images/1-10999/ > etc. > > What I like to do is move those files out to > > http://myserver.com/images/1-999/ > http://myserver.com/images/1000-1999/ > http://myserver.com/images/2000-2999/ > http://myserver.com/images/1-10999/ > etc. > > The problem is that I am running oscommerce and oscommerce gets his > image files from that location. > > Is there a way I can use .htaccess to redirect oscommerce to get the > files from the new location? > If so how? > Or is there a better solution? Don't bother with HTTP redirects. Just use a symlink. good times, Vineet -- http://www.doorstop.net/ -- http://www.anti-dmca.org/ signature.asc Description: Digital signature
.htaccess question
I have a lot of large files deep in directories berried like this: http://myserver.com/shop/more/even/more/images/1-999/ http://myserver.com/shop/more/even/more/images/1000-1999/ http://myserver.com/shop/more/even/more/images/2000-2999/ http://myserver.com/shop/more/even/more/images/1-10999/ etc. What I like to do is move those files out to http://myserver.com/images/1-999/ http://myserver.com/images/1000-1999/ http://myserver.com/images/2000-2999/ http://myserver.com/images/1-10999/ etc. The problem is that I am running oscommerce and oscommerce gets his image files from that location. Is there a way I can use .htaccess to redirect oscommerce to get the files from the new location? If so how? Or is there a better solution? Why do I wont that? Because I like to be able to ftp the oscommerce directory back and forth without having to ftp those images back and forth. Gruessle -- http://VMCLinks.com http://GuyScope.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: http authentication , apache , .htaccess
Lucio de Aquino Marinho wrote: > > > > Hello for all ,, > > >i have a problem with debian unstable , apache , and nagios-text , > > Everything is ok , but the apache do not authenticate , someone can > help-me > > > > httpd.conf > > > ScriptAlias /nagios/cgi-bin/ /usr/lib/cgi-bin/nagios/ > > > AllowOverride AuthConfig > Order allow,deny > Allow from all > Options ExecCGI > > > > Alias /nagios/ /usr/share/nagios/htdocs/ > > #Options None > AllowOverride AuthConfig > Order allow,deny > Allow from all > > > > - > .htaccess > > AuthName "Teste" > AuthType Basic > AuthUserFile /etc/nagios/htpasswd.users > require valid-user > > > AFAIK the default apache configuration ignores '.htaccess' files. search for "AllowOverride" in '/etc/apache/httpd.con' and change it from "None" to something else, it's documented. Bye > > apache log > > Fri Oct 24 11:34:50 2003] [notice] Accept mutex: sysvsem (Default: > sysvsem) > [Fri Oct 24 11:34:54 2003] [error] user nagiosadmin not found: > /nagios/cgi-bin/status.cgi > [Fri Oct 24 11:34:57 2003] [error] user nagiosadmin not found: > /nagios/cgi-bin/status.cgi > [Fri Oct 24 11:58:52 2003] [error] user nagiosadmin not found: > /nagios/cgi-bin/status.cgi > [Fri Oct 24 11:58:56 2003] [error] user nagiosadmin not found: > /nagios/cgi-bin/status.cgi > [Fri Oct 24 12:02:28 2003] [notice] SIGHUP received. Attempting to > [restart Fri Oct 24 12:02:29 2003] [notice] Apache/1.3.28 (Debian > [GNU/Linux) > configured -- resuming normal operations > [Fri Oct 24 12:02:29 2003] [notice] Accept mutex: sysvsem (Default: > [sysvsem) Fri Oct 24 12:02:35 2003] [error] user nagiosadmin not found: > /nagios/cgi-bin/status.cgi > [Fri Oct 24 12:02:38 2003] [error] user nagiosadmin not found: > /nagios/cgi-bin/status.cgi > [Fri Oct 24 12:02:41 2003] [error] user nagiosadmin not found: > /nagios/cgi-bin/status.cgi > > > - > > > htpasswd.users > > > nagiosadmin:vQ6Q9/zGRqvH2 > > > > Thanks for any help -- Haim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RES: http authentication , apache , .htaccess
On Mon, 27 Oct 2003 at 10:59 GMT, Lucio de Aquino Marinho penned: > > the two directories > [snip] I think he meant the permissions of htpasswd.users. -- monique Unless you need to share ultra-sensitive super-spy stuff with me, please don't email me directly. I will most likely see your post before I read your mail, anyway. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RES: http authentication , apache , .htaccess
the two directories linux-lab:/usr/lib/cgi-bin/nagios# ls -la total 2546 drwxr-xr-x2 root root 640 Oct 24 10:20 . drwxr-xr-x3 root root 72 Oct 24 07:42 .. -rwxr-xr-x1 root root 123 Oct 24 12:16 .htaccess -rwsr-xr-x1 nagios root 147272 Oct 12 11:19 avail.cgi -rwsr-xr-x1 nagios root 148008 Oct 12 11:19 cmd.cgi -rwsr-xr-x1 nagios root 114696 Oct 12 11:19 config.cgi -rwsr-xr-x1 nagios root 163272 Oct 12 11:19 extinfo.cgi -rwsr-xr-x1 nagios root 126088 Oct 12 11:19 histogram.cgi -rwsr-xr-x1 nagios root 104872 Oct 12 11:19 history.cgi -rwxr-xr-x1 root root 218632 Oct 12 11:19 nagios -rwsr-xr-x1 nagios root 101544 Oct 12 11:19 notifications.cgi -rwsr-xr-x1 nagios root98856 Oct 12 11:19 outages.cgi -rwsr-xr-x1 nagios root99400 Oct 12 11:19 showlog.cgi -rwxr-xr-x1 root root 508677 Oct 24 10:20 status.cgi -rwsr-xr-x1 nagios root 127976 Oct 12 11:19 statusmap.cgi -rwsr-xr-x1 nagios root 115528 Oct 12 11:19 statuswml.cgi -rwsr-xr-x1 nagios root 109288 Oct 12 11:19 statuswrl.cgi -rwsr-xr-x1 nagios root 119880 Oct 12 11:19 summary.cgi -rwsr-xr-x1 nagios root 123464 Oct 12 11:19 tac.cgi -rwsr-xr-x1 nagios root 1480 Oct 12 11:16 traceroute.cgi -rwsr-xr-x1 nagios root 127176 Oct 12 11:19 trends.cgi linux-lab:/usr/lib/cgi-bin/nagios# linux-lab:/usr/share/nagios/htdocs# ls -la total 36 drwxr-xr-x7 root root 368 Oct 27 01:02 . drwxr-xr-x4 root root 104 Oct 24 07:42 .. -rwxr-xr-x1 root root 123 Oct 27 01:02 .htaccess drwxr-xr-x2 root root 1536 Oct 24 07:42 contexthelp drwxr-xr-x3 root root 2240 Oct 24 07:42 docs drwxr-xr-x3 root root 2008 Oct 24 07:42 images -rw-r--r--1 root root 658 Oct 12 11:15 index.html -rw-r--r--1 root root 2340 Oct 12 11:15 main.html drwxr-xr-x2 root root 144 Oct 24 07:42 media -rw-r--r--1 root root 26 Oct 12 11:15 robots.txt -rw-r--r--1 root root10512 Oct 12 11:15 side.html drwxr-xr-x2 root root 48 Oct 12 11:15 ssi lrwxrwxrwx1 root root 23 Oct 24 07:42 stylesheets -> /etc/nagios/stylesheets linux-lab:/usr/share/nagios/htdocs# -Mensagem original- De: Lucio de Aquino Marinho Enviada em: segunda-feira, 27 de outubro de 2003 08:18 Para: '[EMAIL PROTECTED]' Assunto: http authentication , apache , .htaccess Hello for all ,, i have a problem with debian unstable , apache , and nagios-text , Everything is ok , but the apache do not authenticate , someone can help-me httpd.conf ScriptAlias /nagios/cgi-bin/ /usr/lib/cgi-bin/nagios/ AllowOverride AuthConfig Order allow,deny Allow from all Options ExecCGI Alias /nagios/ /usr/share/nagios/htdocs/ #Options None AllowOverride AuthConfig Order allow,deny Allow from all ----- .htaccess AuthName "Teste" AuthType Basic AuthUserFile /etc/nagios/htpasswd.users require valid-user apache log Fri Oct 24 11:34:50 2003] [notice] Accept mutex: sysvsem (Default: sysvsem) [Fri Oct 24 11:34:54 2003] [error] user nagiosadmin not found: /nagios/cgi-bin/status.cgi [Fri Oct 24 11:34:57 2003] [error] user nagiosadmin not found: /nagios/cgi-bin/status.cgi [Fri Oct 24 11:58:52 2003] [error] user nagiosadmin not found: /nagios/cgi-bin/status.cgi [Fri Oct 24 11:58:56 2003] [error] user nagiosadmin not found: /nagios/cgi-bin/status.cgi [Fri Oct 24 12:02:28 2003] [notice] SIGHUP received. Attempting to restart [Fri Oct 24 12:02:29 2003] [notice] Apache/1.3.28 (Debian GNU/Linux) configured -- resuming normal operations [Fri Oct 24 12:02:29 2003] [notice] Accept mutex: sysvsem (Default: sysvsem) [Fri Oct 24 12:02:35 2003] [error] user nagiosadmin not found: /nagios/cgi-bin/status.cgi [Fri Oct 24 12:02:38 2003] [error] user nagiosadmin not found: /nagios/cgi-bin/status.cgi [Fri Oct 24 12:02:41 2003] [error] user nagiosadmin not found: /nagios/cgi-bin/status.cgi - htpasswd.users nagiosadmin:vQ6Q9/zGRqvH2 Thanks for any help -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: http authentication , apache , .htaccess
> Lucio de Aquino Marinho <[EMAIL PROTECTED]> [2003-10-27 11:18]: > > > ----- > .htaccess > > > htpasswd.users > > are they readable by httpd? wbr, Lukas -- Lukas Ruf | Wanna know anything about raw | <http://www.lpr.ch> | IP? <http://www.rawip.org> | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
http authentication , apache , .htaccess
Hello for all ,, i have a problem with debian unstable , apache , and nagios-text , Everything is ok , but the apache do not authenticate , someone can help-me httpd.conf ScriptAlias /nagios/cgi-bin/ /usr/lib/cgi-bin/nagios/ AllowOverride AuthConfig Order allow,deny Allow from all Options ExecCGI Alias /nagios/ /usr/share/nagios/htdocs/ #Options None AllowOverride AuthConfig Order allow,deny Allow from all - .htaccess AuthName "Teste" AuthType Basic AuthUserFile /etc/nagios/htpasswd.users require valid-user apache log Fri Oct 24 11:34:50 2003] [notice] Accept mutex: sysvsem (Default: sysvsem) [Fri Oct 24 11:34:54 2003] [error] user nagiosadmin not found: /nagios/cgi-bin/status.cgi [Fri Oct 24 11:34:57 2003] [error] user nagiosadmin not found: /nagios/cgi-bin/status.cgi [Fri Oct 24 11:58:52 2003] [error] user nagiosadmin not found: /nagios/cgi-bin/status.cgi [Fri Oct 24 11:58:56 2003] [error] user nagiosadmin not found: /nagios/cgi-bin/status.cgi [Fri Oct 24 12:02:28 2003] [notice] SIGHUP received. Attempting to restart [Fri Oct 24 12:02:29 2003] [notice] Apache/1.3.28 (Debian GNU/Linux) configured -- resuming normal operations [Fri Oct 24 12:02:29 2003] [notice] Accept mutex: sysvsem (Default: sysvsem) [Fri Oct 24 12:02:35 2003] [error] user nagiosadmin not found: /nagios/cgi-bin/status.cgi [Fri Oct 24 12:02:38 2003] [error] user nagiosadmin not found: /nagios/cgi-bin/status.cgi [Fri Oct 24 12:02:41 2003] [error] user nagiosadmin not found: /nagios/cgi-bin/status.cgi - htpasswd.users nagiosadmin:vQ6Q9/zGRqvH2 Thanks for any help -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: Apache-ssl .htaccess files
1. Create ".htaccess" file in the directory to be protected. AuthUserFile /etc/apache/htusers AuthName "This Directory Requires Authentication by A Valid User" AuthType Basic require valid-user order deny,allow allow from all CHMOD: 755 Note: This file can contain adjustments for options to an Apache Directive or certain Apache Directives themselves. 2. Create etc/apache/htusers # cd /etc/apache # htpasswd -c /etc/apache/htusers/htusers_id username1 Password Password CHMOD: 644 3. Create additional users. After setting the first user: htpasswd /etc/apache/htusers/htusers NewUsersName Password Password Note: More than one .htaccess file can accesess this file. 4. Create sub-groups of users 5. Delete users delete the whole line to remove a user. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache-ssl .htaccess files
On Sun, 29 Dec 2002 22:45:47 -0800 (PST) Bill Moseley <[EMAIL PROTECTED]> wrote: > On Mon, 30 Dec 2002, Jacob S. wrote: > > > Howdy List, > > > > I keep thinking this is a simple problem and ought to have a simple > > fix, but all I'm succeeding at doing is pulling out my hair. > > > > I'm trying to require logins to a certain directory on my webserver > > using .htaccess files. I've got the following in the .htaccess file > > in the directory needing to be password protected: > > > > >^^^ > Is that a copy-n-paste error? I think so since Apache probably > wouldn't restart without a path there. > > You also can't use Directory inside an .htaccess. Doesn't make sense. > > > AuthType Basic > > AuthName "Conlaw login" > > AuthUserFile /usr/lib/apache-ssl/passwd/passwdfile > > Require valid-user > > > > > > I also tried it w/o the tags, but it didn't seem to > > affect anything. > > Then maybe it's not reading the .htaccess file. > > Try the same config in httpd.conf (but with the > tags). > > If that works then make sure you have AllowOverride for that > directory. You can always use strace and run httpd -X and see if it's > reading.htaccess at all (I doubt it because it would give an error > otherwise). > > -- > Bill Moseley [EMAIL PROTECTED] Yet another example of a faulty interface between my keyboard and computer chair... :-[ - the wrong use of Directory tags. In the process of making the suggested mods to apache-ssl/httpd.conf I found another "AllowOverride None" line; this time for the Documentroot, which seems to have an affect on everything down the line from there. I changed it to "AllowOverride All" as well, and apache's now reading and using the .htaccess file properly. (After deleting the Directory tags from the .htaccess... not sure if it had any affect in the process or not). I haven't bothered testing the suggested changes to httpd.conf yet, since .htaccess is working now, and was the original goal. Thanks for the help, Jacob - GnuPG Key: 1024D/16377135 In a world without fences, who needs Gates? http://www.linux.org/ msg21551/pgp0.pgp Description: PGP signature
Re: Apache-ssl .htaccess files
On Mon, 30 Dec 2002, Jacob S. wrote: > Howdy List, > > I keep thinking this is a simple problem and ought to have a simple fix, > but all I'm succeeding at doing is pulling out my hair. > > I'm trying to require logins to a certain directory on my webserver > using .htaccess files. I've got the following in the .htaccess file in > the directory needing to be password protected: > > ^^^ Is that a copy-n-paste error? I think so since Apache probably wouldn't restart without a path there. You also can't use Directory inside an .htaccess. Doesn't make sense. > AuthType Basic > AuthName "Conlaw login" > AuthUserFile /usr/lib/apache-ssl/passwd/passwdfile > Require valid-user > > > I also tried it w/o the tags, but it didn't seem to affect > anything. Then maybe it's not reading the .htaccess file. Try the same config in httpd.conf (but with the tags). If that works then make sure you have AllowOverride for that directory. You can always use strace and run httpd -X and see if it's reading .htaccess at all (I doubt it because it would give an error otherwise). -- Bill Moseley [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Apache-ssl .htaccess files
Howdy List, I keep thinking this is a simple problem and ought to have a simple fix, but all I'm succeeding at doing is pulling out my hair. I'm trying to require logins to a certain directory on my webserver using .htaccess files. I've got the following in the .htaccess file in the directory needing to be password protected: AuthType Basic AuthName "Conlaw login" AuthUserFile /usr/lib/apache-ssl/passwd/passwdfile Require valid-user I also tried it w/o the tags, but it didn't seem to affect anything. I also changed the line "AllowOverride None" to "AllowOverride All" in /etc/apache-ssl/httpd.conf (Yes, the password requirement is on my ssl server, and I am using the https url when trying to test it.) I even tried copying the htaccess.debian file in /usr/share/doc/apache-ssl/examples/ to .htaccess in one of the directories in the apache-ssl Documentroot, but it didn't work either. Can anyone tell me what I'm doing wrong? TIA, Jacob - GnuPG Key: 1024D/16377135 In a world without fences, who needs Gates? http://www.linux.org/ msg21545/pgp0.pgp Description: PGP signature
[Apache] htaccess Problem about Two Definition
Hello there, I'm now confused about how authentication with .htaccess on Apache is implemented. Suppose that I got two directories, /home/Anderson/public_html/ and /home/A/B/, and they are all defined almost identically in httpd.conf : Options FollowSymLinks MultiViews AllowOverride Limit Options FileInfo AuthConfig Order allow,deny Allow from all Order deny,allow Deny from all (.. Same as above) The only difference maybe is that /home/A/B is a VirtualHost(www.ABC.org). Now I am planning to authenticate my users by usernamd and password controlled by LDAP if they are not connecting with a specific IP I indicate. When I put my .htaccess under /home/Anderson/public_html/ and /home/A/B/, it seems that only the one under /home/Anderson/public_html/ works. While I try to access www.ABC.org, all of the authenticative function is invaild and users are permitted to view my page without any restriction. Here is my .htaccess : AuthName "Login or Kick Your Ass !" AuthLDAPUrl ldap://www.xxx.org/.. AuthType Basic Order deny,allow Deny from all Allow from 10.0.0.1 require user Arthas Thrall Jaina Satisfy any Was there any mistake I made during my configuring or something I missed here? Anyway, thanks for the patience of your reading. Thanks, Anderson -- Trust & Unique ... Axacheng's PGP Public Key http://www.navigation.idv.tw/pgpkey -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Apache mirracle (htaccess)
Dear Apache-Experts! I have a strange problem with a simple task of configuration on our Apache 1.3.26 www-server on an "old potato updated to woody"-Debian. Therefore I would be very gratefull if I could get replies. The task: Granting access to directories to certain users on a simple user/password basis, using simple authentification and .htaccess-files. This had been working very well for a long time. The problem: After I had installed and uninstalled mySQL-server/client, horde and imp - it stopped working. (Or let's say, after a log time...) The symptomes: .htaccess-files are parsed - for when I write impropper syntax, apache writes errormessages. It looks as if only the AuthUserFile-information is simply ignored. When one tries to login, apache claims in its error-log that it couldn't find the user in the restricted web-directory (nonsense!). ([error] user testuser not found: /restricted_dir/) My homework: I read 20 manuals and I have checked every setting and every line in /etc/apache/httpd.conf. Everything is set correctly. I have checked each and every .htaccess-file and regenarated the password-files: It did not work. I have moved the syntax from the .htaccess-file to the httpd.conf-file as directory-directive: It did not change anything. I have removed the webserver from the system, removed the rest by hand and reinstalled everything from another source: this didn'd change a thing. And at last I had tried to change the combination of modules, which was quite confusing in the results, but it didn't change my problem. (Which modules are needed for minimal restriction, anyway?) I wrote Emails to apache and to the maintainer of the debian-package, but I didn't get any answers yet. Does anybody have an idea about this strange behavior? (Of the server, of course..) Thank you very much in forward to any suggestions. Greetings, Oliver ps. some configurations: AllowOverride is set to All everywhere. My directives for an example-directory in httpd.conf: AuthType Basic require valid-user Satisfy all AuthName "test" AuthUserFile /etc/apache/access_files/testdir -- ## Oliver Sass (oas) ## [EMAIL PROTECTED] ## Heidelberg, DE -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
htaccess confusion! Need help.
I'm trying to set up digest authentication for a particular directory accessible via Apache. I thought it would be as simple as creating the .htaccess file with the contents: AuthType Digest AuthName "Private Access Only" AuthDigestFile /etc/apache/digest-auth.passwd in the directory I wish to protect and restart apache (not even sure the restart is necessary, when things are working?). Unfortunately the .htaccess file seems to be, mostly, ignored. The only exception to this is if the www-data user (the user the apache daemon runs under) can't read that file. Then it complains about not being able to read it in the error log. Otherwise it's wide open no matter what's in .htaccess. I've loaded the digest auth module, via LoadModule digest_auth_module /usr/lib/apache/1.3/mod_auth_digest.so in /etc/apache/httpd.conf and apache seems to load it fine, so I know that's not the problem. I saw some poorly worded mention of this problem in the list archives, something about a conflict with DocumentRoot /data/www and the default directory spec Options SymLinksIfOwnerMatch AllowOverride None which is listed after the "DocumentRoot" option, but I couldn't follow it. Here's the directory entry in httpd.conf that I want to control access to via digest authentication: AllowOverride AuthConfig Options ExecCGI Order deny,allow Deny from all Of course, if I set "Allow from all" then it's wide open. With "Deny from all" nobody can read it and I never get a login/password dialog. And "AllowOverride All" doesn't fix it either. I'm running "testing" with Apache 1.3.24-2.1 Any ideas? TIA, Gary -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: .htaccess does not work under /var/www/
--- Patrick Hsieh <[EMAIL PROTECTED]> wrote: > I made a very simple .htaccess file under /var/www, > which is the default DocumentRoot in the apache of > Debian, but it doesn't work. > > However, if I put it under ~/public_html/, it works! > Is there any configuration problem? If you add something like this: AccessFileName .htaccess AllowOverride All Options None Inside the: Section in your /etc/apache/httpd.conf for the server you wish to effect. The reason it doesn't work by default in / is that you have: DocumentRoot /var/www # # Each directory to which Apache has access, can be configured with respect # to which services and features are allowed and/or disabled in that # directory (and its subdirectories). # # First, we configure the "default" to be a very restrictive set of # permissions. # Options SymLinksIfOwnerMatch AllowOverride None further up in your httpd.conf You will notice that in your /ect/apache/access.conf it now says: # # This is the default file for the AccessConfig directive in httpd.conf. # It is processed after httpd.conf and srm.conf. # # To avoid confusion, it is recommended that you put all of your # Apache server directives into the httpd.conf file and leave this # one essentially empty. # So you shouldn't use access.conf any more. Kind regards, John __ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/
Re: .htaccess does not work under /var/www/
On Wed, 2002-03-20 at 15:16, Patrick Hsieh wrote: > Hello list, > > I made a very simple .htaccess file under /var/www, which is the default > DocumentRoot in the apache of Debian, but it doesn't work. > > However, if I put it under ~/public_html/, it works! > Is there any configuration problem? .htaccess is an "Override" file. It overrides options set in the apache config files. Anything set in the config file can be set in .htaccess. Have a look in /etc/apache/access.conf. Its broken into sections describing directories. There will be one... for the doc root and one for the public_html parts. Inside of these are options. These options may be overridden by .htaccess. There is an option AllowOverride which describes what can be overridden by .htaccess. All, None, or a combination of Indexes, Options, Limit etc. See the apache docs for more info. Crispin Wellington
.htaccess does not work under /var/www/
Hello list, I made a very simple .htaccess file under /var/www, which is the default DocumentRoot in the apache of Debian, but it doesn't work. However, if I put it under ~/public_html/, it works! Is there any configuration problem? -- Patrick Hsieh <[EMAIL PROTECTED]> GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg
.htaccess doesnt working :(
Hi everyone, and another problem after the update from potato to woody: My apache ignores all .htaccess files :( They were working perfect before update, but now, for no password or username is aksed.. I've looked around, the files are still in the right directories.. When I updated Apache, I had to comment out a lot of things in acces.conf, so he reports, that he doesnt know the keywords order, allow and so on.. Whats wrong? Anyone can help? So long Sebastian
Re: .htaccess help!
Alexander Wallace([EMAIL PROTECTED]) is reported to have said: > Hello there, I hope you can excuse my ignorance in these matters... > > In order to protect certain html dirs with a password, I was told by a > good member of this list to make sure that I had the mod_auth enabled in > httpd.conf. Which I do. > > Thend I was told that I need an .htaccess file which I created with > htpasswd in /home/myusername/.htaccess... > > But when i create the file and look for > http://www.myserver.com/~myusername i get: > > Internal Server Error > The server encountered an internal error or misconfiguration and was > unable to complete your request... The .htaccess file is put into the directory you wish to protect: ie /home/public_html/linux/.htaccess the first line of my .htaccess files tells apache where to look for the .htpasswd file. Such as AuthUserFile/home/my_home_dir/.htpasswd -- Never say "OOPS!" always say "Ah, Interesting!" ___
Re: .htaccess help!
Thanks! I got it now, It was all a misunderstandig, but you helped me clear it out... Again, thanks! Gracias! On Tue, 16 Oct 2001, [EMAIL PROTECTED] wrote: > > Well, > > A example in .conf or .htaccess with only user authentification (no group): > > AuthType Basic > AuthName "Restricted Access" > AuthUserFile /home/web/etc/sdjhsfdi > Require valid-user > > Just must be sure that Web-server (so the ID or GID of the WebServer > process) have access to the sdjhsfdi file for reading (and all tree just > before the file). > > The sdjhsfdi file must be more or less so: > > User1:PASSWD_CRYPTED > User2:PASSWD_CRYPTED > User3:PASSWD_CRYPTED > ... > > crypted just with crypt (use mkpasswd). > Anyway i can always use the 'htpasswd' application which go with apache and > create password files asking for for a user, a passwd etc... > > Seeya. > > Note: sorry, i must learn so much english yet. > > At 07:06 16/10/2001 -0500, Alexander Wallace wrote: > >Hello there, I hope you can excuse my ignorance in these matters... > > > >In order to protect certain html dirs with a password, I was told by a > >good member of this list to make sure that I had the mod_auth enabled in > >httpd.conf. Which I do. > > > >Thend I was told that I need an .htaccess file which I created with > >htpasswd in /home/myusername/.htaccess... > > > >But when i create the file and look for > >http://www.myserver.com/~myusername i get: > > > >Internal Server Error > >The server encountered an internal error or misconfiguration and was > >unable to complete your request... > > > >Can someone give me a hand here as to what i'm missing? > > > >Thanks! > > > > > >-- > >To UNSUBSCRIBE, email to [EMAIL PROTECTED] > >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
Re: .htaccess help!
Gracias, si no te molesta ayudarme un poco mas lo podemos hacer en espanyol... Use htpasswd para crear .htaccess. A ver si entendi, debo poner en ese archivo las lineas que mencionaste (AuthType Basic, etc)??? Es necesario hacerla cambios a /etc/apache/access.conf? Gracias! On Tue, 16 Oct 2001, [EMAIL PROTECTED] wrote: > > Well, > > A example in .conf or .htaccess with only user authentification (no group): > > AuthType Basic > AuthName "Restricted Access" > AuthUserFile /home/web/etc/sdjhsfdi > Require valid-user > > Just must be sure that Web-server (so the ID or GID of the WebServer > process) have access to the sdjhsfdi file for reading (and all tree just > before the file). > > The sdjhsfdi file must be more or less so: > > User1:PASSWD_CRYPTED > User2:PASSWD_CRYPTED > User3:PASSWD_CRYPTED > ... > > crypted just with crypt (use mkpasswd). > Anyway i can always use the 'htpasswd' application which go with apache and > create password files asking for for a user, a passwd etc... > > Seeya. > > Note: sorry, i must learn so much english yet. > > At 07:06 16/10/2001 -0500, Alexander Wallace wrote: > >Hello there, I hope you can excuse my ignorance in these matters... > > > >In order to protect certain html dirs with a password, I was told by a > >good member of this list to make sure that I had the mod_auth enabled in > >httpd.conf. Which I do. > > > >Thend I was told that I need an .htaccess file which I created with > >htpasswd in /home/myusername/.htaccess... > > > >But when i create the file and look for > >http://www.myserver.com/~myusername i get: > > > >Internal Server Error > >The server encountered an internal error or misconfiguration and was > >unable to complete your request... > > > >Can someone give me a hand here as to what i'm missing? > > > >Thanks! > > > > > >-- > >To UNSUBSCRIBE, email to [EMAIL PROTECTED] > >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
Re: .htaccess help!
AllowOverride says None Options says Indexes SynlinksIfOwnerMatch What should they say? On Tue, 16 Oct 2001, Matthew Daubenspeck wrote: > > Check your /etc/apache/access.conf file and see what Options and the > AllowOverride have after them... > > At 07:06 AM 10/16/01 -0500, you wrote: > >Hello there, I hope you can excuse my ignorance in these matters... > > > >In order to protect certain html dirs with a password, I was told by a > >good member of this list to make sure that I had the mod_auth enabled in > >httpd.conf. Which I do. > > > >Thend I was told that I need an .htaccess file which I created with > >htpasswd in /home/myusername/.htaccess... > > > >But when i create the file and look for > >http://www.myserver.com/~myusername i get: > > > >Internal Server Error > >The server encountered an internal error or misconfiguration and was > >unable to complete your request... > > > >Can someone give me a hand here as to what i'm missing? > > > >Thanks! > > > > > >-- > >To UNSUBSCRIBE, email to [EMAIL PROTECTED] > >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > >
Re: .htaccess help!
Well, A example in .conf or .htaccess with only user authentification (no group): AuthType Basic AuthName "Restricted Access" AuthUserFile /home/web/etc/sdjhsfdi Require valid-user Just must be sure that Web-server (so the ID or GID of the WebServer process) have access to the sdjhsfdi file for reading (and all tree just before the file). The sdjhsfdi file must be more or less so: User1:PASSWD_CRYPTED User2:PASSWD_CRYPTED User3:PASSWD_CRYPTED ... crypted just with crypt (use mkpasswd). Anyway i can always use the 'htpasswd' application which go with apache and create password files asking for for a user, a passwd etc... Seeya. Note: sorry, i must learn so much english yet. At 07:06 16/10/2001 -0500, Alexander Wallace wrote: Hello there, I hope you can excuse my ignorance in these matters... In order to protect certain html dirs with a password, I was told by a good member of this list to make sure that I had the mod_auth enabled in httpd.conf. Which I do. Thend I was told that I need an .htaccess file which I created with htpasswd in /home/myusername/.htaccess... But when i create the file and look for http://www.myserver.com/~myusername i get: Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request... Can someone give me a hand here as to what i'm missing? Thanks! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
.htaccess help!
Hello there, I hope you can excuse my ignorance in these matters... In order to protect certain html dirs with a password, I was told by a good member of this list to make sure that I had the mod_auth enabled in httpd.conf. Which I do. Thend I was told that I need an .htaccess file which I created with htpasswd in /home/myusername/.htaccess... But when i create the file and look for http://www.myserver.com/~myusername i get: Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request... Can someone give me a hand here as to what i'm missing? Thanks!
Re: Protecting single files via .htaccess ?
On Mon, 14 Aug 2000, Oliver Schoenknecht wrote: > I want to protect single files from accessing them from outside. I am > aware that .htaccess does quite well in protecting directories but can > I protect single files as well, for example the "passes.php3" ? > > Any help is appreciated very well ! In the Un*x world everything is possible :) Just add the next lines to your access.conf or httpd.conf AuthType basic AuthName "private" AuthUserFile /etc/apache/pwapache require valid-user order allow,deny allow from all and restart apache, you can add a user to the passwd file with the htpasswd command. -- Staf Wagemakers email : [EMAIL PROTECTED] homepage : http://www.digibel.org/~staf
Re: Protecting single files via .htaccess ?
i am just saying there might be better luck in finding ananswer to questions asked if they look on the program specific mailing lists and forums. and most of the software questions that come across this mailing list do not have such exstensive FAQs and online documentation as apahce does. so yes it is a valid question and i did take the time to find the docs and find the answers i am jsut saying questions concerning such widely used and documented programs might be misplaced and might get overlooked by such users as my self who often shrug off threads that concern such easlily findable solutions. the only reason i answerd the question was becasuei want to teach people how to use the linux community to its fullest. So the real answer i was providing was to make sure you (the user) takes time before hand to browse through documention and to ask yourself the question and make yourslef find the answer before you rely on someone elses help. casue we learn from our mistakes and we laern from doing things ourslefs rather than leting someone else tell you. goes back to a quickand easy saying Give a person a fish -> you feed him for a day Teach someone to fish -> you feed him for life and yes the mailing list is a tool for getting answers to your question its just that i dont like coming into work and having to download 150 msgs half of which are how to password protect apache files. -Jon p.s. the first place i always look is in /usr/docbegin:vcard n:Bardin;Jon x-mozilla-html:FALSE adr:;; version:2.1 email;internet:[EMAIL PROTECTED] note:www.gamesig.com -uniting the linux gaming community x-mozilla-cpt:;0 fn:Jon Bardin end:vcard
Re: Protecting single files via .htaccess ?
Dear On Mon, Aug 14, 2000 at 08:00:14AM -0400, [EMAIL PROTECTED] wrote: > as this is the debian mailing list ad not theapache list you might have > better luck reading throught the extensive online documentation for > apahce and othere apache related user groups and forums. but to answer > your question look at this: > http://www.apache.org/docs/mod/core.html#location i beleive you can > specifythe URL to the file you wish to protect and > http://www.apache.org/docs/mod/core.html#files That is right, there is documentation for Apache. But you can't say this is Debian list, bla bla bla. This is Debian list, but here come all kind of questions regarding software in Debian. And it is totally valid to ask that. Sincerely, Marko Cehaja
Re: Protecting single files via .htaccess ?
as this is the debian mailing list ad not theapache list you might have better luck reading throught the extensive online documentation for apahce and othere apache related user groups and forums. but to answer your question look at this: http://www.apache.org/docs/mod/core.html#location i beleive you can specifythe URL to the file you wish to protect and http://www.apache.org/docs/mod/core.html#files -Jonbegin:vcard n:Bardin;Jon x-mozilla-html:FALSE adr:;; version:2.1 email;internet:[EMAIL PROTECTED] note:www.gamesig.com -uniting the linux gaming community x-mozilla-cpt:;0 fn:Jon Bardin end:vcard
Protecting single files via .htaccess ?
Hello everyone, I want to protect single files from accessing them from outside. I am aware that .htaccess does quite well in protecting directories but can I protect single files as well, for example the "passes.php3" ? Any help is appreciated very well ! Thanks in advance ! -- Mit freundlichem Gruss [EMAIL PROTECTED] Oliver Schoenknecht Join us at http://www.kapa.de KOSTENLOS! Online-Auktion bei KAPA! Teilnahme unter: http://www.flohmarkt.kapa.de
Re: .htaccess
first, make a .htaccess file e.g. AuthUserFile /path/to/.htpasswd AuthName "My protected pages" AuthType Basic require valid-user -- next ..make the password cd to /path/to (or wherever your password file is stored) and run htpasswd -c ( dont use the <>'s of course) it will prompt for a password twice, and add the user. -- then make sure the directory has the right optiosn to run the htaccess stuff. im sure there is a more secure way to do it but the fastest way would be to add this to your access.conf: Options ALL AllowOverride All Order deny,allow Allow from all and at the same time restrict access to .htaccess and .htpasswd so people just can't load them on demand. (srm.conf) order allow,deny deny from all order allow,deny deny from all and uncomment the following line in srm.conf if its not done already: AccesFileName .htaccess it SHOULD work then ..at least it does for me. be sure to watch the server's logs when testing it. anything from bad permissions to bad access rights in access.conf can screw it over. hope this helps/works nate [mailto:[EMAIL PROTECTED] ]-- Vice President Network Operations http://www.firetrail.com/ Firetrail Internet Services Limited http://www.aphroland.org/ Everett, WA 425-348-7336http://www.linuxpowered.net/ Powered By:http://comedy.aphroland.org/ Debian 2.1 Linux 2.0.36 SMPhttp://yahoo.aphroland.org/ -[mailto:[EMAIL PROTECTED] ]-- 11:52am up 75 days, 23:19, 1 user, load average: 0.34, 0.28, 0.28 On Wed, 3 Nov 1999, SGaerner wrote: > Hi! > > I need info about the .htaccess and htpasswd files that can restrict user > access > to html-files. > > Bye > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null >
.htaccess
Hi! I need info about the .htaccess and htpasswd files that can restrict user access to html-files. Bye
.htaccess file
Hi, I have created a .htaccess file and an associated passwd file: ---cut here--- $ cd /home/clinton/public_html/loser $ cat > .htaccess AuthName Rese Pisan Euy AuthType Basic AuthGroupFile /dev/null AuthUserFile /home/clinton/public_html/loser/.htpasswd require valid-user ^D $ htpasswd -c .htpasswd clinton ---cut here but when i try to access the directory, e.g.: http://www.losers.org/~clinton/loser I still can read the index.html, no passwd authentication...why is that? I have restarted the server and nothings happen. Here's a quote from my httpd.conf: AccessFileName .htaccess Order allow,deny Deny from all Thanks in advance, Usef
Re: problems with htaccess
> My apache seems to be ignoring the .htaccess file. Everythings I apologize if I'm insulting your intelligence here, but make sure you have 'AllowOverride AuthConfig' (or 'AllowOverride All') in the appropriate (or , etc.) block in (assuming you're using Debian) /etc/apache/access.conf.
Re: problems with htaccess
> Does anyone know of something that could affect apache's behavior > for htaccess? I'm loading the appropiate module and the .htaccess file is > well defined in srm.conf There are a few Apache directives that affect the .htaccess file. I could find: AccessFileName AllowOverride Docs for these can be found at: http://www.apache.org/docs/mod/directives.html You probably have one of these set wrong (more likely, the default isn't what you wanted). Greg --- The geek shall inherit the earth.
problems with htaccess
Hi! My apache seems to be ignoring the .htaccess file. Everythings correct (the permissions, etc). I've even tried to copy the same .htaccess to a different server and it worked there. Then I looked into the configuration files of the other server and everything seems like mine. Does anyone know of something that could affect apache's behavior for htaccess? I'm loading the appropiate module and the .htaccess file is well defined in srm.conf Any help would be greatly appreciated. -- p.
Logging htaccess protected accesses.
Does anyone know how to log which user logs into an .htaccess protected directory?
automount trying to mount /home/.htaccess
Hi, I recently installed apache (debian package) on my hamm system. For some reason automount keeps trying to mount /home/.htaccess. However, there is no .htaccess in my auto.home map. Here is the error I get: automount[193]: attempting to mount entry /home/.htaccess automount[9518]: lookup(file): looking up .htaccess automount[9518]: lookup(file): lookup for .htaccess failed My /home directory has directories that are automounted but I never setup the automounter to try to mount .htaccess. I get the above error whenever my web server is accessed. -Ossama __ Ossama Othman <[EMAIL PROTECTED]> --- PGP Keys --- Public: http://astrosun.tn.cornell.edu/staff/othman/OO_PUBLIC.asc REVOKED: http://astrosun.tn.cornell.edu/staff/othman/OO_REVOKED.asc -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
apache .htaccess seem not to be read
Hello, I have been trying to configure apache to have a few password protected directories. I have .htaccess files in the directories that worked with my previous installation, but seem not to with the default debian config files. Is there an extra directive I should be adding to the /etc/apache/*.conf 's? Thanks Tony -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: apache 1.3b3-9 ignores .htaccess
On Fri, Jan 02, 1998 at 10:33:20PM -0600, Jeff Noxon wrote: > AllowOverride AuthConfig > This worked in Apache < 1.3b3. AllowOverride All here, which works for < 1.3b3-8 and = 1.3b3-10. Hamish -- Hamish Moffatt, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Latest Debian packages at ftp://ftp.rising.com.au/pub/hamish. PGP#EFA6B9D5 CCs of replies from mailing lists are welcome. http://hamish.home.ml.org -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: apache 1.3b3-9 ignores .htaccess
Mine has: AllowOverride AuthConfig This worked in Apache < 1.3b3. On Fri, Jan 02, 1998 at 11:07:13PM -0500, Scott K. Ellis wrote: > Quick sanity check, does /etc/apache/access.conf have the correct > "AllowOverride" line? > > On Fri, 2 Jan 1998, Jeff Noxon wrote: > > > I hate "me too" posts, but since you asked, me too. I'm using passwd files > > instead of db files; same problem... > > > > On Sat, Jan 03, 1998 at 01:05:58PM +1100, Hamish Moffatt wrote: > > > I have just upgraded to apache 1.3b3-9; I have the following .htaccess > > > in one directory: > > > > > > > > > AuthDbGroupFile /etc/apache/groups.db > > > AuthDbUserFile /etc/apache/users.db > > > AuthName staff access > > > AuthType basic > > > > > > > > > require group staff > > > > > > > > > This seems to be ignored! Pages from the directory are served > > > without any authentication at all. Has anyone else experienced this? -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: apache 1.3b3-9 ignores .htaccess
Quick sanity check, does /etc/apache/access.conf have the correct "AllowOverride" line? On Fri, 2 Jan 1998, Jeff Noxon wrote: > I hate "me too" posts, but since you asked, me too. I'm using passwd files > instead of db files; same problem... > > On Sat, Jan 03, 1998 at 01:05:58PM +1100, Hamish Moffatt wrote: > > I have just upgraded to apache 1.3b3-9; I have the following .htaccess > > in one directory: > > > > > > AuthDbGroupFile /etc/apache/groups.db > > AuthDbUserFile /etc/apache/users.db > > AuthName staff access > > AuthType basic > > > > > > require group staff > > > > > > This seems to be ignored! Pages from the directory are served > > without any authentication at all. Has anyone else experienced this? > > > > Does anyone have a copy of the last Debian 1.2.4 package? > > I don't think I can afford to be running the Debian Apache 1.3 packages > > on my production system, but I need something better than 1.1.3. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: apache 1.3b3-9 ignores .htaccess
On Fri, Jan 02, 1998 at 09:58:32PM -0600, Jeff Noxon wrote: > I hate "me too" posts, but since you asked, me too. I'm using passwd files > instead of db files; same problem... Grab 1.3b3-10 from ftp.debian.org; it hasn't made it to my local mirror yet since it was only uploaded yesterday. It seems to fix it here. It doesn't say that it should though. Good to see that I am not going mad. Hamish -- Hamish Moffatt, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Latest Debian packages at ftp://ftp.rising.com.au/pub/hamish. PGP#EFA6B9D5 CCs of replies from mailing lists are welcome. http://hamish.home.ml.org -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: apache 1.3b3-9 ignores .htaccess
On Sat, Jan 03, 1998 at 01:05:58PM +1100, Hamish Moffatt wrote: > I have just upgraded to apache 1.3b3-9; I have the following .htaccess > in one directory: > [snip] > This seems to be ignored! Pages from the directory are served > without any authentication at all. Has anyone else experienced this? It seems to work fine in 1.3b3-10, but nothing in the changelog indicates that anything has changed. This is strange. hamish -- Hamish Moffatt, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Latest Debian packages at ftp://ftp.rising.com.au/pub/hamish. PGP#EFA6B9D5 CCs of replies from mailing lists are welcome. http://hamish.home.ml.org -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: apache 1.3b3-9 ignores .htaccess
I hate "me too" posts, but since you asked, me too. I'm using passwd files instead of db files; same problem... On Sat, Jan 03, 1998 at 01:05:58PM +1100, Hamish Moffatt wrote: > I have just upgraded to apache 1.3b3-9; I have the following .htaccess > in one directory: > > > AuthDbGroupFile /etc/apache/groups.db > AuthDbUserFile /etc/apache/users.db > AuthName staff access > AuthType basic > > > require group staff > > > This seems to be ignored! Pages from the directory are served > without any authentication at all. Has anyone else experienced this? > > Does anyone have a copy of the last Debian 1.2.4 package? > I don't think I can afford to be running the Debian Apache 1.3 packages > on my production system, but I need something better than 1.1.3. Thanks, Jeff -- Please reply to me using planetfall.com (jeff@). On the side of the software box, in the "System Requirements" section, it said "Requires Windows 95 or better." So I installed Linux. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
apache 1.3b3-9 ignores .htaccess
I have just upgraded to apache 1.3b3-9; I have the following .htaccess in one directory: AuthDbGroupFile /etc/apache/groups.db AuthDbUserFile /etc/apache/users.db AuthName staff access AuthType basic require group staff This seems to be ignored! Pages from the directory are served without any authentication at all. Has anyone else experienced this? Does anyone have a copy of the last Debian 1.2.4 package? I don't think I can afford to be running the Debian Apache 1.3 packages on my production system, but I need something better than 1.1.3. thanks, hamish -- Hamish Moffatt, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Latest Debian packages at ftp://ftp.rising.com.au/pub/hamish. PGP#EFA6B9D5 CCs of replies from mailing lists are welcome. http://hamish.home.ml.org -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: [Off Topic] Apache Web Server and .htaccess
On Wed, Sep 03, 1997 at 12:35:21PM -0500, Jeff Noxon wrote: > From /etc/apache/httpd.conf: That should have been access.conf. :-) Thanks, Jeff -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: [Off Topic] Apache Web Server and .htaccess
On Wed, Sep 03, 1997 at 11:53:38AM -0500, Anthony Landreneau wrote: > Greetings all you helpful folks, > Been ruuning an apache Web Server on a Debian box for about 6 months. > Now > I need to password protect the whole directory tree of web pages. Tried to > use the ".htaccess" type of protection but can't seem to get it to work. > Anyone out there have any luck with getting this to work, or perhaps > have > an alternate route to take? Any and all help would be much appreciated. >From /etc/apache/httpd.conf: --cut-- # This controls which options the .htaccess files in directories can # override. Can also be "All", or any combination of "Options", "FileInfo", # "AuthConfig", and "Limit" AllowOverride AuthConfig --cut-- Make sure you have enabled that feature and restarted Apache. It works fine for me... If that doesn't fix it, maybe someone else will have some ideas. Thanks, Jeff -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
[Off Topic] Apache Web Server and .htaccess
Greetings all you helpful folks, Been ruuning an apache Web Server on a Debian box for about 6 months. Now I need to password protect the whole directory tree of web pages. Tried to use the ".htaccess" type of protection but can't seem to get it to work. Anyone out there have any luck with getting this to work, or perhaps have an alternate route to take? Any and all help would be much appreciated. Anthony -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
