Protecting a Directory
|
View:
New views
13 Messages
—
Rating Filter:
Alert me
|
 |
Protecting a Directory
by jg6789
::
Rate this Message:
Some parts of this message have been removed.
Learn more about Nabble's security policy.
There still seems to be alot of discrepancy on this
issue. Whether or not to use a .htaccess or directive command to protect a
directory so I'm looking for some answers on what works the best
usually.
Protecting a folder called xxxx
Alias /xxx "D:/"
<Directory "D:/">
Options FollowSymLinks AllowOverride None Order deny,allow Deny from all </Directory> use .htaccess or how can I use the
above directive to only allow a specific user in?
Confidential: This email is intended only for the
person or entity to which it is addressed. The information contained in this
email is confidential and privileged. Any retransmission, review, dissemination
or other use of, or taking of any action in reliance upon, this information by
persons or entities other than the intended recipient is prohibited. If you
received this email in error, please let us know by reply and destroy all copies
of it.
|
|
|
Re: Protecting a Directory
by Justin Pasher
::
Rate this Message:
jg6789@... wrote:
> There still seems to be alot of discrepancy on this issue. Whether or > not to use a .htaccess or directive command to protect a directory so > I'm looking for some answers on what works the best usually. > > Protecting a folder called xxxx > > Alias /xxx "D:/" > <Directory "D:/"> > Options FollowSymLinks > AllowOverride None > Order deny,allow > Deny from all > </Directory> > > use .htaccess or how can I use the above directive to only allow a > specific user in? The directives can be put in either place (apache config or .htaccess file). However, <Directory> cannot be used inside an .htaccess file, so you'll have to put the .htaccess file in the directory you wish to protect. I assume you want the user to be prompted for a username/password when they visit the directory? Basic HTTP authentication will accomplish that for you. http://httpd.apache.org/docs/2.2/howto/auth.html -- Justin Pasher --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@... " from the digest: users-digest-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Protecting a Directory
by jg6789
::
Rate this Message:
I have a .htaccess and .htpasswd in a direcotry folder and i keep getting
this message no matter how i configure the htaccess file and htpasswd files. Server Error! The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there was an error in a CGI script. ----- Original Message ----- From: "Justin Pasher" <justinp@...> To: <users@...> Sent: Friday, October 03, 2008 12:08 PM Subject: Re: [users@httpd] Protecting a Directory > jg6789@... wrote: >> There still seems to be alot of discrepancy on this issue. Whether or not >> to use a .htaccess or directive command to protect a directory so I'm >> looking for some answers on what works the best usually. >> Protecting a folder called xxxx >> Alias /xxx "D:/" >> <Directory "D:/"> >> Options FollowSymLinks >> AllowOverride None >> Order deny,allow >> Deny from all >> </Directory> >> use .htaccess or how can I use the above directive to only allow a >> specific user in? > > The directives can be put in either place (apache config or .htaccess > file). However, <Directory> cannot be used inside an .htaccess file, so > you'll have to put the .htaccess file in the directory you wish to > protect. > > I assume you want the user to be prompted for a username/password when > they visit the directory? Basic HTTP authentication will accomplish that > for you. > > http://httpd.apache.org/docs/2.2/howto/auth.html > > -- > Justin Pasher > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@... > " from the digest: users-digest-unsubscribe@... > For additional commands, e-mail: users-help@... > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@... " from the digest: users-digest-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Protecting a Directory
by Eric Covener
::
Rate this Message:
On Fri, Oct 3, 2008 at 4:10 PM, <jg6789@...> wrote:
> I have a .htaccess and .htpasswd in a direcotry folder and i keep getting > this message no matter how i configure the htaccess file and htpasswd files. > > Server Error! > The server encountered an internal error and was unable to complete your > request. Either the server is overloaded or there was an error in a CGI > script. Read your error log. -- Eric Covener covener@... --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@... " from the digest: users-digest-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Protecting a Directory
by Justin Pasher
::
Rate this Message:
jg6789@... wrote:
> I have a .htaccess and .htpasswd in a direcotry folder and i keep > getting this message no matter how i configure the htaccess file and > htpasswd files. > > Server Error! > The server encountered an internal error and was unable to complete > your request. Either the server is overloaded or there was an error in > a CGI script. > The apache error log should have a little more information on why it is returning (presumably) a 500 error code. Perhaps the server is not configured to allow some other directives specified in the .htaccess file (such as the Options directive)? -- Justin Pasher > ----- Original Message ----- From: "Justin Pasher" > <justinp@...> > To: <users@...> > Sent: Friday, October 03, 2008 12:08 PM > Subject: Re: [users@httpd] Protecting a Directory >> jg6789@... wrote: >>> There still seems to be alot of discrepancy on this issue. Whether >>> or not to use a .htaccess or directive command to protect a >>> directory so I'm looking for some answers on what works the best >>> usually. >>> Protecting a folder called xxxx >>> Alias /xxx "D:/" >>> <Directory "D:/"> >>> Options FollowSymLinks >>> AllowOverride None >>> Order deny,allow >>> Deny from all >>> </Directory> >>> use .htaccess or how can I use the above directive to only allow a >>> specific user in? >> >> The directives can be put in either place (apache config or .htaccess >> file). However, <Directory> cannot be used inside an .htaccess file, >> so you'll have to put the .htaccess file in the directory you wish to >> protect. >> >> I assume you want the user to be prompted for a username/password >> when they visit the directory? Basic HTTP authentication will >> accomplish that for you. >> >> http://httpd.apache.org/docs/2.2/howto/auth.html >> >> -- >> Justin Pasher --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@... " from the digest: users-digest-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Protecting a Directory
by jg6789
::
Rate this Message:
In the folder xxxx is an htaccess with the following:
AuthName "Restricted Area" AuthType Basic AuthUserFile xampp/htdocs/xxxx/.htpasswd AuthName "My Private Area" require valid-user In the config is the following: Alias /xxxx "D:/" <Directory "D:/"> Options Indexes FollowSymLinks Includes ExecCGI AllowOverride AuthConfig Order deny,allow Allow from All </Directory> My thinking is that the htaccess needs a different path since the directory is using an alias? ----- Original Message ----- From: "Justin Pasher" <justinp@...> To: <users@...> Sent: Friday, October 03, 2008 1:32 PM Subject: Re: [users@httpd] Protecting a Directory > jg6789@... wrote: >> I have a .htaccess and .htpasswd in a direcotry folder and i keep getting >> this message no matter how i configure the htaccess file and htpasswd >> files. >> >> Server Error! >> The server encountered an internal error and was unable to complete your >> request. Either the server is overloaded or there was an error in a CGI >> script. >> > > The apache error log should have a little more information on why it is > returning (presumably) a 500 error code. Perhaps the server is not > configured to allow some other directives specified in the .htaccess file > (such as the Options directive)? > > -- > Justin Pasher > > >> ----- Original Message ----- From: "Justin Pasher" >> <justinp@...> >> To: <users@...> >> Sent: Friday, October 03, 2008 12:08 PM >> Subject: Re: [users@httpd] Protecting a Directory >>> jg6789@... wrote: >>>> There still seems to be alot of discrepancy on this issue. Whether or >>>> not to use a .htaccess or directive command to protect a directory so >>>> I'm looking for some answers on what works the best usually. >>>> Protecting a folder called xxxx >>>> Alias /xxx "D:/" >>>> <Directory "D:/"> >>>> Options FollowSymLinks >>>> AllowOverride None >>>> Order deny,allow >>>> Deny from all >>>> </Directory> >>>> use .htaccess or how can I use the above directive to only allow a >>>> specific user in? >>> >>> The directives can be put in either place (apache config or .htaccess >>> file). However, <Directory> cannot be used inside an .htaccess file, so >>> you'll have to put the .htaccess file in the directory you wish to >>> protect. >>> >>> I assume you want the user to be prompted for a username/password when >>> they visit the directory? Basic HTTP authentication will accomplish that >>> for you. >>> >>> http://httpd.apache.org/docs/2.2/howto/auth.html >>> >>> -- >>> Justin Pasher > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@... > " from the digest: users-digest-unsubscribe@... > For additional commands, e-mail: users-help@... > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@... " from the digest: users-digest-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Protecting a Directory
by Eric Covener
::
Rate this Message:
> AuthUserFile xampp/htdocs/xxxx/.htpasswd
Is that really a relative path? Also, your passwords should not be under your DocumentRoot or any Aliases. -- Eric Covener covener@... --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@... " from the digest: users-digest-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Protecting a Directory
by jg6789
::
Rate this Message:
according to php document root it is the path. htpasswd is not under root.
it is under a folder in the alias folder. the question is when the htaccess AuthUserFile ooks for the htpasswd file is it looking in at the "alais" or the D:/ directory? ----- Original Message ----- From: "Eric Covener" <covener@...> To: <users@...> Sent: Friday, October 03, 2008 1:47 PM Subject: Re: [users@httpd] Protecting a Directory >> AuthUserFile xampp/htdocs/xxxx/.htpasswd > > Is that really a relative path? Also, your passwords should not be > under your DocumentRoot or any Aliases. > -- > Eric Covener > covener@... > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@... > " from the digest: users-digest-unsubscribe@... > For additional commands, e-mail: users-help@... > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@... " from the digest: users-digest-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Protecting a Directory
by Drew Tomlinson
::
Rate this Message:
jg6789@... wrote:
> according to php document root it is the path. htpasswd is not under > root. it is under a folder in the alias folder. the question is when > the htaccess AuthUserFile ooks for the htpasswd file is it looking in > at the "alais" or the D:/ directory? It is looking for it here: xampp/htdocs/xxxx/.htpasswd Since this is a relative path, it's probably looking for this directory relative to ServerRoot. To avoid conflict, I suggest specifying a complete path. HTH, Drew > > ----- Original Message ----- From: "Eric Covener" <covener@...> > To: <users@...> > Sent: Friday, October 03, 2008 1:47 PM > Subject: Re: [users@httpd] Protecting a Directory > > >>> AuthUserFile xampp/htdocs/xxxx/.htpasswd >> >> Is that really a relative path? Also, your passwords should not be >> under your DocumentRoot or any Aliases. >> -- >> Eric Covener >> covener@... >> -- Be a Great Magician! Visit The Alchemist's Warehouse http://www.alchemistswarehouse.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@... " from the digest: users-digest-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Protecting a Directory
by jg6789
::
Rate this Message:
ok fixed the path. got a 401 error. made a new htpasswd file and worked.
apparently the htpasswd tool was generating bogus encrypted passwd, server didnt understand. tried to use the apache htpasswd tool in bin folder but wont launch for some reason. ----- Original Message ----- From: "Drew Tomlinson" <drew@...> To: <users@...> Sent: Friday, October 03, 2008 1:59 PM Subject: Re: [users@httpd] Protecting a Directory > jg6789@... wrote: >> according to php document root it is the path. htpasswd is not under >> root. it is under a folder in the alias folder. the question is when the >> htaccess AuthUserFile ooks for the htpasswd file is it looking in at the >> "alais" or the D:/ directory? > > It is looking for it here: > > xampp/htdocs/xxxx/.htpasswd > > Since this is a relative path, it's probably looking for this directory > relative to ServerRoot. To avoid conflict, I suggest specifying a > complete path. > > HTH, > > Drew > >> >> ----- Original Message ----- From: "Eric Covener" <covener@...> >> To: <users@...> >> Sent: Friday, October 03, 2008 1:47 PM >> Subject: Re: [users@httpd] Protecting a Directory >> >> >>>> AuthUserFile xampp/htdocs/xxxx/.htpasswd >>> >>> Is that really a relative path? Also, your passwords should not be >>> under your DocumentRoot or any Aliases. >>> -- >>> Eric Covener >>> covener@... >>> > > > -- > Be a Great Magician! > Visit The Alchemist's Warehouse > > http://www.alchemistswarehouse.com > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@... > " from the digest: users-digest-unsubscribe@... > For additional commands, e-mail: users-help@... > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@... " from the digest: users-digest-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Protecting a Directory
by jg6789
::
Rate this Message:
we've tried using three different tools to create an encrypted passwd for
the htpasswd file and the server wont read it. could it be the directive? or bad encrypt tools? ----- Original Message ----- From: "Drew Tomlinson" <drew@...> To: <users@...> Sent: Friday, October 03, 2008 1:59 PM Subject: Re: [users@httpd] Protecting a Directory > jg6789@... wrote: >> according to php document root it is the path. htpasswd is not under >> root. it is under a folder in the alias folder. the question is when the >> htaccess AuthUserFile ooks for the htpasswd file is it looking in at the >> "alais" or the D:/ directory? > > It is looking for it here: > > xampp/htdocs/xxxx/.htpasswd > > Since this is a relative path, it's probably looking for this directory > relative to ServerRoot. To avoid conflict, I suggest specifying a > complete path. > > HTH, > > Drew > >> >> ----- Original Message ----- From: "Eric Covener" <covener@...> >> To: <users@...> >> Sent: Friday, October 03, 2008 1:47 PM >> Subject: Re: [users@httpd] Protecting a Directory >> >> >>>> AuthUserFile xampp/htdocs/xxxx/.htpasswd >>> >>> Is that really a relative path? Also, your passwords should not be >>> under your DocumentRoot or any Aliases. >>> -- >>> Eric Covener >>> covener@... >>> > > > -- > Be a Great Magician! > Visit The Alchemist's Warehouse > > http://www.alchemistswarehouse.com > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@... > " from the digest: users-digest-unsubscribe@... > For additional commands, e-mail: users-help@... > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@... " from the digest: users-digest-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Protecting a Directory
by William A. Rowe, Jr.
::
Rate this Message:
jg6789@... wrote:
> we've tried using three different tools to create an encrypted passwd > for the htpasswd file and the server wont read it. could it be the > directive? or bad encrypt tools? Windows doesn't speak crypt(). C.f. md5 passwords, e.g htpasswd -m --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@... " from the digest: users-digest-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Protecting a Directory
by Matus UHLAR - fantomas
::
Rate this Message:
> > AuthUserFile xampp/htdocs/xxxx/.htpasswd
On 03.10.08 16:47, Eric Covener wrote: > Is that really a relative path? Also, your passwords should not be > under your DocumentRoot or any Aliases. It would be nice to have AuthRoot or similar directive for auth* files. And it would help people to put their password files out of DocumentRoot's. -- Matus UHLAR - fantomas, uhlar@... ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. LSD will make your ECS screen display 16.7 million colors --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@... " from the digest: users-digest-unsubscribe@... For additional commands, e-mail: users-help@... |
| Free Forum Powered by Nabble | Forum Help |
