Your Daily Source for Apache News and Information

 Apache Module Registry The Apache Software Foundation Apache Project The Apache FAQ PHP Server Side Scripting Apache XML Project The Java Apache Project ApacheCon The Jakarta Project Apache-Perl Integration Project Apache-Related Projects

 Just Linux Linux Apps Linux Start Linux Programming BSD Today Linux Today Linuxnewbie.org BSD Central Enterprise Linux Today Apache Today Linux Central Linux Planet PHPBuilder All Linux Devices SITE DESCRIPTIONS
 Using .htaccess Files with Apache Jul 19, 2000, 16 :07 UTC (242 Talkback[s]) (132494 reads) (Other stories by Ken Coar)

By

One of the most common needs Webmasters have is to cause the Web server to handle all the documents in a particular directory, or tree of directories, in the same way -- such as requiring a password before granting access to any file in the directory, or allowing (or disallowing) directory listings. However, this need often extends to more than just the Webmaster; consider students on a departmental Web server at a university, or individual customers of an ISP, or clients of a Web-hosting company. This article describes how the Webmaster can extend permission to tailor Apache's behaviour to users, allowing them to have some control over how it handles their own sub-areas of its total Web-space.

This article shows how you can use per-directory configuration files, called .htaccess files, to customise Apache behaviour -- or allow your users to do so for their own documents.

### Per-Directory Settings

Apache's configuration system addresses the need to group documents by directory in a straightforward manner. To apply controls to a particular directory tree, for instance, you can use the <Directory> container directive in the server's configuration files:

    <Directory "C:/Program Files/Apache Group/Apache/htdocs">
AllowOverride None
Options None
</Directory>


This has the advantage of keeping control in the Webmaster's hands; there's no need to worry about any of the server's users being able to change the settings, since the server configuration files are generally not modifiable by anyone except the admin. Unfortunately, it has the disadvantages of requiring a restart of Apache any time the config file is changed, and that it can become truly burdensome to add all the <Directory> containers that might be needed for all the users that have special requirements.

An alternative method for supplying the desired granularity of Apache configuration -- down to the directory level -- is to use special partial config files in each directory with special requirements.

## So What's an .htaccess File?

An .htaccess file is simply a text file containing Apache directives. Those directives apply to the documents in the directory where the .htaccess file is located, and to all subdirectories under it as well. Other .htaccess files in subdirectories may change or nullify the effects of those in parent directories; see the section on merging for more information.

As text files, you can use whatever text editor you like to create or make changes to .htaccess files.

These files are called '.htaccess files' because that's what they're typically named. This naming scheme has its roots in the NCSA Web server and the Unix file system; files whose names begin with a dot are often considered to be 'hidden' and aren't displayed in a normal directory listing. The NCSA developers chose the name '.htaccess' so that a control file in a directory would have a fairly reasonable name ('ht' for 'hypertext') and not clutter up directory listings. Plus, there's a long history of Unix utilities storing their preferences information in such 'hidden' files.

The name '.htaccess' isn't universally acceptable, though. Sometimes it can quite difficult to persuade a system to let you create or edit a file with such a name. For this reason, you can change the name that Apache will use when looking for these per-directory config files by using the AccessFileName directive in your server's httpd.conf file. For instance,

    AccessFileName ht.acl


will cause Apache to look for files named ht.acl instead of .htaccess. They'll be treated the same way, though, and they're still called '.htaccess files' for convenience.

## Locating and Merging .htaccess Files

When Apache determines that a requested resource actually represents a file on the disk, it starts a process called the 'directory walk.' This involves checking through its internal list of <Directory> containers to find those that apply, and possibly searching the directories on the filesystem for .htaccess files.

Each time the directory walk finds a new set of directives that apply to the request, they are merged with the settings already accumulated. The result is a collection of settings that apply to the final document, culled from all of its ancestor directories and the server's config files.

When searching for .htaccess files, Apache starts at the top of the filesystem. (On Windows, that usually means 'C:\'; otherwise, the root directory '/'.) It then walks down the directories to the one containing the final document, processing and merging any .htaccess files it finds that the config files say should be processed. (See the section on overrides for more information on how the server determines whether an .htaccess file should be processed or not.)

This can be an intensive process. Consider a request for <URI:http://your.host.com/foo/bar/gritch/x.html> which resolves to the file

    C:\Program Files\Apache Group\Apache\htdocs\foo\bar\gritch\x.html


Unless instructed otherwise, Apache is going to look for each of the following .htaccess files, and process any it finds:

1. C:\.htaccess
2. C:\Program Files\.htaccess
3. C:\Program Files\Apache Group\.htaccess
4. C:\Program Files\Apache Group\Apache\.htaccess
5. C:\Program Files\Apache Group\Apache\htdocs\.htaccess
6. C:\Program Files\Apache Group\Apache\htdocs\foo\.htaccess
7. C:\Program Files\Apache Group\Apache\htdocs\foo\bar\.htaccess
8. C:\Program Files\Apache Group\Apache\htdocs\foo\bar\gritch\.htaccess

That's a lot of work just to return a single file! And the server will repeat this process each and every time the file is requested. See the overrides section for a way to reduce this overhead with the AllowOverride None directive.

Because .htaccess files are evaluated for each request, you don't need to reload the Apache server whenever you make a change. This makes them particularly well suited for environments with multiple groups or individuals sharing a single Web server system; if the Webmaster allows, they can exercide control over their own areas without nagging the Webmaster to reload Apache with each change. Also, if there's a syntax error in an .htaccess file, it only affects a portion of the server's Web space, rather than keeping the server from running at all (which is what would happen if the error was in the server-wide config files).

## Directives that Work in .htaccess Files

Not all directives will work in .htaccess files; for example, it makes no sense to allow a ServerName directive to appear in one, since the server is already running and knows its name -- and cannot change it -- by the time a request would cause the .htaccess file to be read. Other directives aren't allowed because they deal with features that are server-wide, or perhaps are too sensitive.

However, most directives are allowed in .htaccess files. If you're not sure, take a look at the directive's documentation. Figure 1 is a sample extracted from the Apache documentation. You can see where the text says 'Context' that .htaccess is listed; that means this directive can be used in the per-directory config files.

## The SetEnvIf Directive

Syntax: SetEnvIf attribute regex envar[=value] [...]
Default: none
Context: server config, virtual host, directory, .htaccess
Override: FileInfo
Status: Base
Module: mod_setenvif
Compatibility: Apache 1.3 and above; the Request_Protocol keyword and environment-variable matching are only available with 1.3.7 and later; use in .htaccess files only supported with 1.3.13 and later

Figure 1: Directive Documentation

Note, however, that there's more information on the Compatibility line; it says that this directive can only be used in .htaccess files if you're running Apache version 1.3.13 or later.

If you try to include a directive in an .htaccess file that isn't permitted there, any requests for documents under that directory will result in a '500 Server Error' error page and a message in the server's error log.

If your .htaccess file contains directives that aren't covered by the current set of override categories, they won't cause an error -- the server will just ignore them. So your file can contain directives in any -- or all -- of the categories, and only those in the categories listed in the AllowOverride list will be processed. All of the others will be checked for syntax, but otherwise not interpreted.

## Overrides: Limiting Which Directives Will Be Processed

Apache directives fall into seven different categories, and all can appear in the server-wide config files. Only five of the categories can be used in .htaccess files, though, and in order for Apache to accept a directive in a per-directory file, the settings for the directory must permit the directive's category to be overridden.

The five categories of directives are:

AuthConfig
This category is intended to be used to control directives that have to do with Web page security, such as the AuthName, Satisfy, and Require directives. This is the most common category to allow to be overridden, as it allows users to protect their own documents.
FileInfo
Directives that control how files are processed are
Indexes
Directives that affect file listings should be in this category. It includes IndexOptions, AddDescription, and DirectoryIndex, for example.
Limit
This category is similar to the AuthConfig one in that the directives it covers are typically related to security. However, they usually involve involuntary controls, such as controlling access by IP address. Directive in this category include Order, Allow, and Deny.
Options
The Options category is intended for directives that support miscellaneous options, such as ContentDigest, XBitHack, and Options itself.

A special directive, which is usable only in the server-wide configuration files, dictates which categories may be overridden in any particular directory tree. The AllowOverride directive accepts two special keywords in addition to the category names listed above:

All
This is a shorthand way of listing all of the categories; the two statements below are equivalent:
    AllowOverride AuthConfig FileInfo Indexes Limits Options
AllowOverride All

None
This keyword totally disables the processing of .htaccess files for the specified directory and its descendants (unless another AllowOverride directive for a subdirectory is defined in the server config files). 'Disabled' means that Apache won't even look for .htaccess files, much less process them. This can result in a performance savings, and is why the default httpd.conf file includes such a directive for the top-level system directory. .htaccess processing is disabled for all directories by default by that directive, and is only selectively enabled for those trees where it makes sense.

As shown above, the AllowOverride directive takes a whitespace-separated list of category names as its argument.

## Be Aware of What You're Granting

By allowing the use of .htaccess files in user (or customer or client) directories, you're essentially extending a bit of your Webmaster privileges to anyone who can edit those files. So if you choose to do this, you should consider occasionally performing an audit to make sure the files are appropriately protected -- and, if you're really ambitious, that they contain only settings of which you approve.

Because of the very coarse granularity of the possible override categories, it's quite possible that by granting a user the aility to override one set of directives you're inadvertently delegating more power than you anticipate. For instance, you might want to include a "AllowOverride FileInfo" directive for user directories so that individuals can use the AddType directive to label documents with MIME types that aren't in the server-wide list -- but were you aware when you did this that you were also giving them access to the Alias, Header, Action, and Rewrite* directives as well? Directives are associated with override categories on a per-module basis, so tracking down what's permitted by allowing a particular category of override can be a tedious process.

The ultimate answer to what directives are in which categories is the source code. If you really want to know, examine the source for the following strings:

String Corresponding AllowOverride Keyword
OR_AUTHCFG AllowOverride AuthConfig
OR_FILEINFO AllowOverride FileInfo
OR_INDEXES AllowOverride Indexes
OR_LIMIT AllowOverride Limit
OR_OPTIONS AllowOverride Options

(See the previous section for a description of what the different override categories mean.)

As you can see, with the exception of the AuthConfig/AUTHCFG keywords, the source keywords are identical to the directive keywords. This is convenient!

## Putting It All Together

Before enabling .htaccess files, consider the advantages and disadvanteges. On servers I run myself, with no users, I tend to use .htaccess files for testing and debugging, and when I have a configuration I like, I move the directives into a <Directory> container in the httpd.conf file and delete the .htaccess file. For this reason, I have overrides enabled just about everywhere. This allows me to balance the convenience of .htaccess files against their performance impact.

On some of my servers I have some user accounts for people I know and trust, and in those environments I'm more cautious and don't allow all overrides globally. I do tend to allow whatever overrides my friends need for their own directories, though.

And in some cases I have real 'user' accounts, for people I do not know as well -- and on those servers AllowOverride None is the rule. I occasionally allow .htaccess files in their private directories, but I carefully audit the possible effects before granting an override category.

The two main disadvantages to using .htaccess are the performance impact and the extending of control access to others. The first is somewhat manageable through the judicious use of the AllowOverride directive, and the latter is a matter of establishing trust -- and performing risk assessment. What mix works best in your environment is something you'll need to determine for yourself.

## Troubleshooting

Here are some of the most common problems I've seen people have (or have had myself) with .htaccess files. One thing I should stress first, though: the server error log is your friend. You should always consult the error log when things don't seem to be functioning correctly. If it doesn't say anything about your problem, try boosting the message detail by changing your LogLevel directive to debug. (Or adding a LogLevel debug line of you don't have a LogLevel already).

'Internal Server Error' page is displayed when a document is requested
This indicates a problem with your configuration. Check the Apache error log file for a more detailed explanation of what went wrong. You probably have used a directive that isn't allowed in .htaccess files, or have a directive with incorrect syntax.
.htaccess file doesn't seem to change anything
It's possible that the directory is within the scope of an AllowOverride None directive. Try putting a line of gibberish in the .htaccess file and force a reload of the page. If you still get the same page instead of an 'Internal Server Error' display, then this is probably the cause of the problem. Another slight possibility is that the document you're requesting isn't actually controlled by the .htaccess file you're editing; this can sometimes happen if you're accessing a document with a common name, such as index.html. If there's any chance of this, try changing the actual document and requesting it again to make sure you can see the change. this isn't happening.
I've added some security directives to my .htaccess file, but I'm not getting challenged for a username and password
The most common cause of this is having the .htaccess directives within the scope of a Satisfy Any directive. Explicitly disable this by adding a Satisfy All to the .htaccess file, and try again.

## Going Further

Once you've got your Apache Web server up and running, the first hurdle has been surmounted. Now you can move on to exploring its capabilities and features. Here are some pointers to resources for further investigation:

• The main Apache Web site, of course: <URL:http://www.apache.org/>
• The documentation for Apache and its modules: <URL:http://www.apache.org/docs/>
• The canonical email response page: <URL:http://www.apache.org/foundation/preFAQ.html>
(This page is normally used to respond to email requests for support, but there are lots of good resources listed on it.)

## Conclusion

Apache provides two main ways of controlling its behaviour on a per-directory level: <Directory> containers in the server-wide configuration files, and .htaccess files in each directory where they're needed. Each method has its advantages and its disadvantages; you, as the Webmaster, need to balance these against each other to decide what mix of the techniques is best for your environment.

If you do decide to permit the use of .htaccess files, be sure to limit them to appropriate areas and improve your performance by using AllowOverride None elsewhere. This will save unnecessary disk activity.

## Got a Topic You Want Covered?

If you have a particular Apache-related topic that you'd like covered in a future article in this column, please let me know; drop me an email at <>. I do read and answer my email, usually within a few hours (although a few days may pass if I'm travelling or my mail volume is 'way up). If I don't respond within what seems to be a reasonable amount of time, feel free to ping me again.

Ken Coar is a member of the Apache Group and a director and vice president of the Apache Software Foundation. He is also a core member of the Jikes open-source Java compiler project, a contributor to the PHP project, the author of Apache Server for Dummies, a lead author of Apache Server Unleashed, and is currently working with Ryan Bloom on a book for Addison-Wesley tentatively entitled Apache Module Development in C. He can be reached via email at <>.

 Current Newswire:

 [Home][Top of Page]
Talkback(s) Name  Date
 basic tutorial I wrote For any who are interested, I wrote a low-level tutorial a few years ago about this. Just a supplement to this fine article above: http://www.openup.com/justin/authentication/
Jul 19, 2000, 23:44:25
 How htaccess take effect Hi, I had just made a htaccess file in certain directory. But that would change anything at all. In the browser, I still can view restricted web page (in that directory) without being asked passwd and username. I had read through you Using .htaccess Files with Apache. But I can not get a clue. The thing is that I need to restart the web server then the htaccess can take effect ? I had tried but unsucessful. In httpd.conf, the AccessFileFileName .htaccess. So everything look fine. Is that I need to run httpd command ? But unfortunately that's not case. That doesn't work.I can list my .htaccess file : AuthName "restricted stuff" AuthType Basic AuthUserFile /home/users require valid-user . Can you tell me what go wrong ? By the way, is that htaccess file need something to take effect ? For example, run some command.I use htpasswd to edit username and password. I mean how Apache server read directives in htaccess file. Need I run some command to push Apache to recognized it ?Many thanks.
Aug 21, 2000, 11:39:00
 htaccess HI, Is there any limit in the numbers of users which can be included into the .htaccess file and the password file? If there is, how many?
Sep 21, 2000, 04:41:04
 I need help to redirect my domian to a file! Please if you can help me e-mail back. I have been told that by altering my htaccess file I can make a domain name point to a specific file. Current situation: I have several domain names, they all point to the same direcory, I need some of them to point to sub directories. Thanx Eric
Sep 23, 2000, 06:44:14
 .htaccess for charset=iso-8859-1? Hello, maybe you can help me... we german-speaking people have a problem with äöü in the internet... since html 4 it isn't necessary to put it in the code like this: ä Now my problem is, that the apache server ignores the meta-information with the iso-charset. Have I to put something in the .htaccess to tell the server to render this meta-tag into the html? thanks!
Sep 23, 2000, 21:48:13
 HTACCESS Hi, I would like to know if it is at all possible to be able to authenticate a user from a .htpasswd file, and then have it auto redirect them to a certain directory beneath the main protected directory. If you're not sure, maybe this will help... A user, called matthew, is able to be granted access to a certain directory, and then upon permission being granted, it redirects that person straight to a subdirectory called matthew ... the same would happen if any other users are in that htpasswd file as well, such a john, if john entered his username and password, it would then redirect john to a directory called john. Has anybody got any ideas how I can do this, or any sort of script that can do it for me? Any help would be greatly appreciated. Thanks, Matthew
Sep 26, 2000, 04:34:52
 Re: HTACCESS Matthew, I am trying to accomplish the same thing..I am sorry for my English..the way I thought it is to creat an account for a user and from the main directory I just do a softlink for a part of the documents that the spcific user could see to his directory..I hope you got what I am trying to say.. However, if you find out anything please let me know. Muheeb
Sep 28, 2000, 16:52:46
 Default document How can i configure in the .htaccess file to open /cgi-bin/index.cgi?
Oct 2, 2000, 13:31:37
 username and password rejected i am attempting to use .htaccess files to password protect a website. i have set up the user file and i am pointing to it with directives on the .htaccess file. everything seems in order and when i hit the pages with a browser, i am prompted BUT when i enter the username and password, it rejects it. i have tried from multiple client machines and different browsers. what am i doing wrong?
Oct 6, 2000, 22:23:40
 Re: username and password rejected Hi you must fill in the full path name e.g. /var/www/virtual/your/path/to/.htpasswd all right?? cu manu
Oct 17, 2000, 12:42:16
 Re: Re: username and password rejected I picked up on your e-mail as I was suffering with the same prob..... but on NT. I typed in the FULL Path i.e AuthuserFile C:\webserver\htdocs\private\ht.acl And low and behold... IT WORKED Nice one Manu
Oct 21, 2000, 17:03:01
 Re: Default Document Try: DirectoryIndex /cgi-bin/index.cgi That works if you want to just redirect the index page. If you want it to also show up when an error occurs, try this: ErrorDocument 400 /cgi-bin/index.cgi ErrorDocument 401 /cgi-bin/index.cgi ErrorDocument 402 /cgi-bin/index.cgi ErrorDocument 403 /cgi-bin/index.cgi ErrorDocument 404 /cgi-bin/index.cgi ErrorDocument 405 /cgi-bin/index.cgi ErrorDocument 500 /cgi-bin/index.cgi I use the DirectoryIndex to point certain directories to a index.php3 instead of an index.html. However, my host won't let me use ErrorDocument (arrghh!!).
Oct 24, 2000, 22:28:36
 username/password appears twice I have configure .htaccess for a directory and the window asking me for user/pass appears twice. Why? Thanks in advance
Oct 25, 2000, 18:27:44
 you don't have permission to access page Now that I pulled all the hair out of my head, I hope someone can assist. I've built a root directory and all the subdirectory html files serve my main html page in root dir. When I bring up the main page I receive a message "access denied to my subdirectories". What needs to be set in the httpd.conf file to allow access to the subdirectories. I tried creating .htaccess files but so far have had no luck. Thanks for any assistance.
Oct 26, 2000, 20:32:37
 Un-Authenticating Once a user has been authenticated through the .htaccess and password file, is there a way to un-authenticate them so they need to log in again?
Oct 28, 2000, 18:12:44
 CGI gaining read/write access I am looking for the simplist solution for granting read AND write access to files in a specified directory from CGIs in my cgi-bin directory. Please send all responses to maksim@gtemail.net
Nov 1, 2000, 03:41:10
 Re: username/password appears twice > I have configure .htaccess for a directory and the window asking me for user/pass appears twice. Why? Thanks in advance Hi, I had the same problem, and all is back right when I had insert a '/' caracter at the end of the path name. Example: if my directory is: "/web/users" the right path is: "/web/users/" plus the '/' I think there is a problem with the error returned by the server. PS Sorry for my bad english. Mario.
Nov 3, 2000, 07:16:19
 .php and .php3 My provider only supports .php3 for php files but I would like to have a .php extension for php files. Is it possible to handle this problem with .htaccess ? Greetings Michael
Nov 3, 2000, 17:14:12
 Re: HTACCESS You could probably simply try and reverse the use of denial for this person in this directory: order allow,deny allow from all deny that particular user's IP ErrorDocument 403 http://domain.com/the-redirect-URL-for-that-user
Nov 4, 2000, 03:54:43
 Local script-access with deny all ? access question: I want to have several directories to be accessable from some domains, but I want the same directories to be accessable from the scripts on that domain. How do I do that? I tried: order deny,allow deny from all allow from 24.132.133.42 allow from 24.132.45.198 allow from 194.109.167. allow from 129.125.142. ErrorDocument 403 http://jthz.com/sorry.htm but now I have to somehow add allowance for access from local scripts, how do I get that done? I tried adding: "allow from thatdomain.com" but that didnt work...
Nov 4, 2000, 04:23:47
 Re: Re: HTACCESS You can do a cgi script. The script will be the default file for the protected directory, and when it executes reads who is the user using the appropriate environment varialble, and then redirects to that user's directory.
Nov 6, 2000, 21:01:26
 Undoing user privileges in subdirectories If I grant a particular user access to a directory in the .htaccess file, what can I do to prevent this same user from having access to the subdirectories?
Nov 8, 2000, 18:03:21
 Re: Local script-access with deny all ? Did you ever find an answer to this problem as I am facing the same : 0( Any help is appricitaed! Thank you. please send any coorespondance to compuca@aol.com > access question: I want to have several directories to be accessable from some domains, but I want the same directories to be accessable from the scripts on that domain. How do I do that? I tried: order deny,allow deny from all allow from 24.132.133.42 allow from 24.132.45.198 allow from 194.109.167. allow from 129.125.142. ErrorDocument 403 http://jthz.com/sorry.htm but now I have to somehow add allowance for access from local scripts, how do I get that done? I tried adding: "allow from thatdomain.com" but that didnt work...
Nov 14, 2000, 07:11:36
 Re: .php and .php3 hi michael, if your php-version=3.x try one this line: AddType application/x-httpd-php3 .php if your php-version=4.x try one this line: AddType application/x-httpd-php .php hope you're going successfull micha
Nov 16, 2000, 11:18:42
 Authorized I want to make my Images directory not allow a directory listing if there is no index.html file in the directory does any one know how?
Nov 16, 2000, 23:51:33
 Re: How htaccess take effect Hi, You should set the following insides the "httpd.conf" and restart the deamon. AllowOverride All
Nov 17, 2000, 07:00:15
 htaccess and Apache on NT I am having trouble trying to follow the instructions for setting up an htaccess file on an NT system. All I want to do is restrict access to a certain part of the web site to a small list of users. What I need to understand is how to implement basic authnetication in an NT environment. Or, alternartively, how to get the NTFS security system to work with Apache. I know this is trivial with Apache on Linux and with IIS on NT -- how about Apache on NT?
Nov 21, 2000, 02:57:30
 Multiple domains I know this question was asked before by Eric but I didn't see any response posted... So I'll ask it again. How do I set up a .htaccess file to redirect certain names to subdomains? I know it can be done and its bugging the hell out of me. Thanks in advance for any help. Chris Thady
Nov 25, 2000, 22:05:47
 .htaccess example After reading this entire tutorial, I still don't know how to set a simple user/password on a directory on my website.
Nov 27, 2000, 16:33:01
 Re: Un-Authenticating Check this out. http://perl.apache.org/guide/security.html#Authentication_code_snippets
Nov 28, 2000, 06:17:49
 server generated headers hello, i have to complete the following task: on one server i have simple .html pages. they do NOT contain information of the encoding the should be read in. i need to set up the server (for that site) to automatically add an encoding header while sending each page. i run apache 1.3.9. is it possible at all ? if yes, i will appreciate you telling me :) thanks in advance, kosio
Nov 28, 2000, 11:20:44
 cancelling shows page with .htaccess I've set up my apache web server on an nt box and successfully implemented .htaccess. The problem is that the page loads, then asks for logon information. If I just keep pushing the cancel button the page still shows and the logon window goes away and I have full access to the page. What am I doing wrong? Thanks.
Nov 29, 2000, 22:30:12
 Re: .htaccess example Hi there. In a nut shell here's what you need to do. Create a .htaccess file in the directory you want to protect ie /home/www/domain/html/private/.htaccess In that file, place some authentication directives and a directive to the path of a user file like so: AuthType Basic AuthName "Protected Directory" AuthUserFile /home/www/domain/auth/.htpasswd Require user someguy Now, you need to create the .htpasswd file (or any other arbritary named file) in the path you specified (in this case /home/www/domain/auth) by running the program htpasswd. Type "htpasswd -c .htpasswd someguy". You will then be prompted to enter a password for someguy. Finish that and then viola - your directory should be protected. Check out the directives in the Apache docs for a better understanding of what's going on. ps, strip out the backslash before the quotes - this board is adding them...
Dec 1, 2000, 06:32:08
 Re: Re: .htaccess example HI! I'm a windows user. :) If I'm prompting "htpasswd -c .htpasswd someguy" (without quotes) into dos prompt, I'm getting an error message: "programm cannot be found"! So where can i get this programm from, or where shall i prompt "htpasswd -c .htpasswd someguy" in? CyA http://www.flashsitez.com
Dec 6, 2000, 12:10:51
 Hi I am a beginner in using .htaccess. Can anyone tell me how to encrypt passwords for .htaccess? Thanks
Dec 7, 2000, 13:23:00
 Re: Hi > I am a beginner in using .htaccess. Can anyone tell me how to encrypt passwords for .htaccess? Use htpasswd. Read the manual page for htpasswd. Basically, create a new password file with: htpasswd -c passwd-file username Then to add more: htpasswd passwd-file username2
Dec 7, 2000, 22:15:28
Dec 11, 2000, 06:12:11
 My .htaccess doesn´t work!! Hello, I´m a begginer using .htaccess files and I have a problem. I´m a UNIX user. I´m trying to restrict access using a typical .htaccess file and a file with the passwords, but when I enter my username and password it always refused them due to a password mismatch. I´m sure the password it´s correct but in the log file appears a password mismatch error. I don´t know what´s wrong, maybe something like permissions???.... Please give me a solution or some idea about the possible error. Thanks in advance for any help. Robert.
Dec 12, 2000, 11:29:34
 Re: I need help to redirect my domian to a file! Try this in your .htaccess file: redirect permanent /(directory) (url) example: redirect permanent /jethro http://cool.jethro.com Hope this helps.
Dec 17, 2000, 07:58:51
 Re: Re: Hi > > I am a beginner in using .htaccess. Can anyone tell me how to encrypt passwords for .htaccess? Use htpasswd. Read the manual page for htpasswd. Basically, create a new password file with: htpasswd -c passwd-file username Then to add more: htpasswd passwd-file username2 Thanks, but the problem is that i don't have access to telnet or whatever. I only have a user account on a free host that allows .htaccess protection. Jethro
Dec 18, 2000, 10:08:33
 Redirect permanent Hello, I need to redirect cgi-bin/something/* to http://mydomain.com I know it is possible by using "Redirect", but I don't want the stuff behind the "something" directory to be apended to mydomain.com. Can someone tell me the solution? Jethro
Dec 18, 2000, 10:10:47
 Re: My .htaccess doesn´t work!! Hi, not sure if you got a response yet but I thought I'ld try. It's tough to say what the problem is because you haven't posted the contents of your htaccess file. That considered, my best advice is to try: http://www.vhinside.com/faq/subject/htaccess.shtml They have a really straightforward, step by step htaccess tutorial that has a section specifically for password protection of your directories.
Dec 19, 2000, 09:14:45
 Re: I need help to redirect my domian to a file! Create an .htaccess file with redirect / http://www.yourdomain.com/your_directory/
Dec 28, 2000, 11:04:16
 redirect Can I redirect based on user name? If user Dennis logs into a directory Clients can he be redirected to a Dennis directory? User Tom would be sent to his directory and so forth. TIA, Shifty
Dec 29, 2000, 20:45:46
 How do I force an authentication Hi! I trying to "secure" access to a website. But it really bothers me that the user (A) is required to kill the browser if he wants to prevent another user(B) from exploiting the session user A authenticated. How do I do this? Can I set a session timeout for the authentication??? Best regards Thomas
Jan 3, 2001, 13:02:57
Jan 4, 2001, 06:02:09
 Re: htaccess problems Someone, or something, has filtered my msg and removed all text within angle brackets. Guess you, dear reader, will have to supply them via your imagination, but they are in the original. Dan Bull
Jan 4, 2001, 22:17:12
Jan 5, 2001, 05:50:15
 Can anyone post an example that actually fuctions Please include the directory directive for the httpd.conf file and the .htaccess. I can't seem to make this work and I've not seen anything in any documentation or tutoria that shows a working example. I can't make this work. Why does this need to be so hard? Curtis
Jan 8, 2001, 01:36:33
 This question will be cake for you, but for me it is impossible... I am trying to upload a message board for my site. It is not working. The instructions state that I should edit the .htaccess file and add xbithack to it. Fine. But for a know-nothing like me, this seems impossible. I am able to see the .htaccess file using ws_ftp. I open it using edit. I see a bunch of text. Where do I add the xbithack command? There must be a specific place for it, right? Also, once I change this, I don't see how I can upload this back to the server. Should I download the file to my computer, edit it, and then upload it BACK to the server? Should I also delete the .htaccess file that is present so that I don't have two .htaccess files?
Jan 10, 2001, 22:09:35
 Re: Re: Re: .htaccess example Try using the Find program in windows to look for htpasswd program. Then go to where the program is located from dos and use it. It worked for mmme!
Jan 12, 2001, 11:32:09
 Restricting file referal access Hi. I’ve been struggling with this for several months with no success. I am finding various web sites using absolute URLs to imbed photos from my server within their pages. I’m trying to restrict these so only html pages within my site can link to the main jpg files. I only have .htaccess ability. Can this be done in an .htaccess file? My html files and thumbnails are in directories www.domain.net/gallery/thumbs/folder1/ www.domain.net/gallery/thumbs/folder2/ and the full size images are located in www.domain.net/gallery/images/folder1/ www.domain.net/gallery/images/folder2/ I would like to restrict the pictures in the second directory group so they can only be opened by html links in the first group, without affecting files in the rest of my site. Any assistance would be greatly appreciated.
Jan 12, 2001, 17:04:57
 Re: Re: Re: Re: .htaccess example The program is in the "bin" directory where you installed Apache. Most probably in the "C:\progam files\apache\bin". Bye.
Jan 14, 2001, 11:59:37
 tftp I have installed the Apache Webserver on a Linux box with the Redhat version7. I would like to set up the server to work with a remote computer/device to work with in TFTP protocol. Do I need more than the Apache software came with the Redhat? And how do I set them up to work with the TFTP? Setting the 'Port' or 'Listen xx' to tftp port of 69 within the 'httpd.conf' file did not help. Thanks
Jan 14, 2001, 20:34:08
 Re: CGI gaining read/write access if you known it,please mail to me!thanks.
Jan 16, 2001, 08:05:20
 publíc_html directory and .htaccess Hi. How can I make my .htaccess work within /home/*/public_html directories? I have added: AllowOverride AuthConfig to my apache configuration, but still It doesn't work. But if I use my .htaccess and .htpasswd files my htdocs dir, it works. I appriciate all help I can get. /Andreas
Jan 17, 2001, 23:26:25
 Servlet authentication Hello. I'm trying to get client authentication when executing a servlet with Apache JServ. I have no problem with using the .htaccess file for static html pages. When the servlet gets a request an HttpServletRequest object is sent to the get() and post() methods. This object can be asked to return the authenticated user with a method called getRemoteUser(). Can this be achieved with .htaccess usage or some other way ? Very thankful for response...
Jan 19, 2001, 12:01:48
 Re: Restricting file referal access Hello there, I made a generic copy of my htaccess file. The top section is set to allow access only from the domains you choose, including the domain the protected directory is in. The middle section is to disallow access to a new trend of off line browsers that simply run through sites and steal content. The third section, specically disallows certain referrers. Most of these are chatrooms. The chat room software is able to get through a basic .htaccess, this section works to stop those. Specific to you: it is always best to have a directory for images only, just so you can put this big .htaccess file in that folder and not have to send all your traffic through such a large checkpoint. This file will work in the /gallery/ file, or it will even work in the root. It just seems like a big file to me to put in the root, but on several of my domains, that is where I have it running without any problems. -hope this helps you -keith ------------------------------------------- Options Includes FollowSymLinks AddType text/x-server-parsed-html .html .htm .shtml .htm AuthUserFile /dev/null AuthGroupFile /dev/null RewriteEngine on RewriteOptions inherit RewriteCond %{HTTP_REFERER} !^$RewriteCond %{HTTP_REFERER} !^http://.*domain.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://.*domain.com:80/.*$[NC] RewriteCond %{HTTP_REFERER} !^http://xxx.xxx.xx.xx/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://xxx.xxx.xx.xx:80/.*$[NC] RewriteRule .*[Jj][Pp][Gg]$|.*[Gg][Ii][Ff]$http://www.sendbadpeoplehere.com/page.html RewriteCond %{HTTP_USER_AGENT} ^DISCo\Pump.* [OR] RewriteCond %{HTTP_USER_AGENT} ^Drip.* [OR] RewriteCond %{HTTP_USER_AGENT} ^EirGrabber.* [OR] RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro.* [OR] RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE.* [OR] RewriteCond %{HTTP_USER_AGENT} ^FlashGet.* [OR] RewriteCond %{HTTP_USER_AGENT} ^GetRight.* [OR] RewriteCond %{HTTP_USER_AGENT} ^Gets.* [OR] RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla.* [OR] RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It.* [OR] RewriteCond %{HTTP_USER_AGENT} ^Grafula.* [OR] RewriteCond %{HTTP_USER_AGENT} ^IBrowse.* [OR] RewriteCond %{HTTP_USER_AGENT} ^InterGET.* [OR] RewriteCond %{HTTP_USER_AGENT} ^Internet\Ninja.* [OR] RewriteCond %{HTTP_USER_AGENT} ^JetCar.* [OR] RewriteCond %{HTTP_USER_AGENT} ^JustView.* [OR] RewriteCond %{HTTP_USER_AGENT} ^MIDown\tool.* [OR] RewriteCond %{HTTP_USER_AGENT} ^Mister\PiX.* [OR] RewriteCond %{HTTP_USER_AGENT} ^NearSite.* [OR] RewriteCond %{HTTP_USER_AGENT} ^NetSpider.* [OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\Explorer.* [OR] RewriteCond %{HTTP_USER_AGENT} ^PageGrabber.* [OR] RewriteCond %{HTTP_USER_AGENT} ^Papa\Foto.* [OR] RewriteCond %{HTTP_USER_AGENT} ^Pockey.* [OR] RewriteCond %{HTTP_USER_AGENT} ^ReGet.* [OR] RewriteCond %{HTTP_USER_AGENT} ^Slurp.* [OR] RewriteCond %{HTTP_USER_AGENT} ^SpaceBison.* [OR] RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP.* [OR] RewriteCond %{HTTP_USER_AGENT} ^Teleport.* [OR] RewriteCond %{HTTP_USER_AGENT} ^WebAuto.* [OR] RewriteCond %{HTTP_USER_AGENT} ^WebCopier.* [OR] RewriteCond %{HTTP_USER_AGENT} ^WebFetch.* [OR] RewriteCond %{HTTP_USER_AGENT} ^WebReaper.* [OR] RewriteCond %{HTTP_USER_AGENT} ^WebSauger.* [OR] RewriteCond %{HTTP_USER_AGENT} ^WebStripper.* [OR] RewriteCond %{HTTP_USER_AGENT} ^WebWhacker.* [OR] RewriteCond %{HTTP_USER_AGENT} ^WebZIP.* [OR] RewriteCond %{HTTP_USER_AGENT} ^Web\Image\Collector.* [OR] RewriteCond %{HTTP_USER_AGENT} ^Web\Sucker.* [OR] RewriteCond %{HTTP_USER_AGENT} ^Webster.* [OR] RewriteCond %{HTTP_USER_AGENT} ^Wget.* [OR] RewriteCond %{HTTP_USER_AGENT} ^eCatch.* [OR] RewriteCond %{HTTP_USER_AGENT} ^ia_archiver.* [OR] RewriteCond %{HTTP_USER_AGENT} ^lftp.* [OR] RewriteCond %{HTTP_USER_AGENT} ^tAkeOut.* RewriteRule .[Jj][Pp][Gg]*$ /leeches.html [L] RewriteCond %{HTTP_REFERER} ^http://.*adfilter.com.*$[OR] RewriteCond %{HTTP_REFERER} ^http://207.198.147.*$ [OR] RewriteCond %{HTTP_REFERER} ^http://www.neocities.* [OR] RewriteCond %{HTTP_REFERER} ^http://chat.passagen.s.* [OR] RewriteCond %{HTTP_REFERER} ^http://volpi.sti.com.* [OR] RewriteCond %{HTTP_REFERER} ^http://batepapo0.uol.com.* [OR] RewriteCond %{HTTP_REFERER} ^http://batepapo1.uol.com.* [OR] RewriteCond %{HTTP_REFERER} ^http://batepapo2.uol.com.* [OR] RewriteCond %{HTTP_REFERER} ^http://batepapo3.uol.com.* [OR] RewriteCond %{HTTP_REFERER} ^http://batepapo4.uol.com.* [OR] RewriteCond %{HTTP_REFERER} ^http://batepapo6.uol.com.* [OR] RewriteCond %{HTTP_REFERER} ^http://batepapo7.uol.com.* [OR] RewriteCond %{HTTP_REFERER} ^http://209.2.137.* [OR] RewriteCond %{HTTP_REFERER} ^http://207.126.121.*$[OR] RewriteCond %{HTTP_REFERER} ^http://.*bianca.com/.*$ [OR] RewriteCond %{HTTP_REFERER} ^http://.*angelfire.com/.*$[OR] RewriteCond %{HTTP_REFERER} ^http://.*hotmail.*$ [OR] RewriteCond %{HTTP_REFERER} ^http://.*yahoo.com.*$[OR] RewriteCond %{HTTP_REFERER} ^http://.*geocities.com.*$ [OR] RewriteCond %{HTTP_REFERER} ^http://www.partyhouse.*$RewriteRule .[Jj][Pp][Gg]*$ /leeches.html [L]
Jan 19, 2001, 21:32:38
 Re: Re: htaccess problems Dan, the server looks at it as HTML, therefore it is not visible sheesh, some iditoz today(no offense, im one of those idiots)
Jan 20, 2001, 07:52:31
 Unable to Authenticate Hey, I cant seem to be able to authenticate, i have made shure everything was in place, I re set-up the password a couple times to see if I just typed it wrong, but it turns out that i didnt, anyone want to help me? I would greatly appriciate it!
Jan 20, 2001, 08:43:00
 Authentication via DBM Hi all! I am trying to use DBM to authenticate users... The only thing I know is, to exchange UserFile by UserDBMFile. Exp: "UserFile /somewhere/.htpasswd" -> "UserDBMFile /somewhere/.userdbm" - this file I created using dbmmanage. But actually no given user can login :-\ Anyone got a hint for me what goes wrong? Any other working method to control directory access in apache so I can manipulate the password file by using PHP welcome too, of course! Thx, Richard
Jan 20, 2001, 18:34:44
 Re: Can anyone post an example that actually fuctions Hi Curtis I put the following statements to the end of the access.conf file. This working well for me. It is need no editing anything in the httpd.conf. ------------------------------------------ AllowOverride AuthConfig # AccessFileName .htaccess # Order allow,deny Deny from all ---------------------------------------- For .htacess file and password file read here http://www.openup.com/justin/authentication/ Hope this helps you. cucbsc > Please include the directory directive for the httpd.conf file and the .htaccess. I can't seem to make this work and I've not seen anything in any documentation or tutoria that shows a working example. I can't make this work. Why does this need to be so hard? Curtis
Jan 22, 2001, 10:15:27
 Forbidden 403 Hey, when i try to put 2 htaccess's in my web server... One works, the other one, well the server just forbidz me to access it... I dont know why!
Jan 23, 2001, 01:06:03
 mime change I am a user of .htaccess. Can you please tell me what to put in the file. I need to let my server handle files that are .htm as .shtml Can someone help? Daniel Osipov dan@osipov.org http://osipov.org/
Jan 24, 2001, 03:45:14
 CGI gaining read/write access I am currently sitting with the same problem with not knowing how to give read/write privlages to certain directories/cgi-bin .I was just wondering if you have had a response on you enquiry. If you know how to, I would appreciate it if you could inform me too. Thank you for your time. Charl Marais
Jan 24, 2001, 11:17:26
 Re: Re: Restricting file referal access I've been struggling with my .htaccess all day and, using your example, I was able to piece together a file that works... sort of. I'm hoping you might be able to shed some light on a problem I'm having with it. Here's a sample of my tiny little .htaccess file: AuthUserFile /dev/null AuthGroupFile /dev/null RewriteEngine on RewriteCond %{HTTP_REFERER} !^.*mysite.com/enter.htm.\*$[NC] RewriteRule ^.*$ http://www.mysite.com/error.htm [R] It works perfectly in denying access from everywhere except my "enter" page but once I enter the protected directory, if I move into a sub-directory I get broken image files. If I attempt to enter a deeper sub-directory, I get taken to my error page. Can you possibly suggest something that would solve the problem? Thanks!
Jan 27, 2001, 01:24:54
Jan 27, 2001, 13:26:51
 Apache-tomcat-jboss Hi, I'm wondering if I have to configure my apache http-server to be able to use it with my app-server that runs on another machine and if so how should I configure it? Can I just redirect the traffic to my login side? or... Thanks Affe
Jan 31, 2001, 20:17:57
 protecting /usr/local/apache/htdocs(default directory) how to protect my defaul documet directory ie' /usr/local/apache/htdocs?? Thx Paras
Feb 1, 2001, 06:10:39
 .htaccess and ssl How do you set up apache to allow only ssl conections to a virtual doamin? I found plenty of documentation on requiring a password but not requiring ssl. Any assistance will be appreciated. Thanks
Feb 6, 2001, 17:02:34
 Once the password fails I need to redirect to a webpage Does anyone know how to redirect to a webpage when the logon is unsuccesful in authorizing the user. My .htaccess is working fine but instead of an error "UNAUTHORIZED" I would like to redirect the user to a webpage where they can apply for permissions. I would really appreciate a quick response. Thanks :-)
Feb 6, 2001, 23:41:42
 I am unable to see the .htaccess file using ws_ftp Hi After uploading some files (i didn't know that there was also a .htaccess file) for testing, I couldn't delete the folder ( i think it must be a .htaccess file) here's the error message : 550 myphpboard: Directory not empty ! Delete of myphpboard failed But the directory seems to be empty. could somebody help me to delete the folder/file?? - Ingo
Feb 9, 2001, 14:17:25
 using unix encripted passwords with apache under win32 Can I use unix encripted passwords generated by verotel company (third party) which adds password to my user list remotely using perl, my htaccess doesn't seem to reconize them, it only seems to work with mp5 type, Is there some way to config apache under win32 to use unix type encription. Please Help!
Feb 11, 2001, 01:35:54
 Win32 version does not install "Internal Error 2735. ResolveServerName" I can't install Apache 1.3.17 in Windows 98SE anymore And this .msi stuff, is this really necessary? I suddenly needed extra software from MS to be able to install at all (?why?). Just compile the installable exe, like you used to. It has less problems.
Feb 12, 2001, 11:28:09
 How to create username/password? Hello people, I have read the tutorial on .htaccess files, but it doesnt seem to explain how to create usernames and passwords! I am running Apache on a linux system. It is possible to specify in the .htaccess file what 'password' file to use (similar to /etc/passwd), but how do I create a password file?? Any hints? Regards, Stuart
Feb 14, 2001, 01:19:58
 authentication for perl scripts I have several perl scripts that live in my httpd/cgi-bin/*.pl directory. I would like to use .htaccess for authentication, however when I tried it, the htaccess file is ignored. is this possible?
Feb 14, 2001, 22:07:49
 Re: How to create username/password? You have to use the htpasswd command. the command should reside in apache's bin directory. run it with something like: htpasswd -c /path/to/.htpasswd usernameyouwant It will then prompt you for a password. It will write usernameyouwant:encriptedversionofpassword into the file /path/to/.htpasswd If you want to add anothername to this file, omit the -c option (c "creates" the password file, and will overwrite previous entries). Good Luck! --Phil
Feb 16, 2001, 18:37:53
 401 error - authorization required. HI, I have, as far as I can tell, setup .htaccess, .htpasswd, .htgroup correctly. When trying to access a page I get the password authentication box, but when I enter the password it does not give access. I'm running apache 1.3 on a pentium class/RedHat Linux v6.2. Apache was installed during linux setup. the htdocs (www root directory for apache) is NFS mounted from another server. The Linux box is setup as a standalone server (not in our NIS domain), and the NFS share is mounted read-only. All the web files are served properly, but I can't get authentication to work. Details of what I've done (note ---- denotes begin and end of file): .htaccess ---------- AuthUserFile .htaccess AuthGroupFile .htgroup in .htaccess file> 1)Require user ph 2)Require group sysadmin 3) Require user ph ----------- .htgroup -------- sysadmin: ph -------- Created .htpasswd using /usr/local/apache/bin -c /usr/local/apache/htdocs/ph/.htpasswd ph then entered "blah" for passwd (no "'s) .htpasswd ---------- ph:j1TcN2gefJFSs ---------- The only things I can think might be causing the problems: 1) do I need to give full path to the .htaccess file? 2) the htdocs directory (root www directory that apache is serving) is mounted via NFS to the linux box running apache) 3) I have created the .htpasswd file by running htpasswd from the linux box that is serving the web pages. If I run htpasswd with same username and password on another machine running apache, I get a different encripted password (may be normal behavior??) Any help appreciated. Please CC me (ph@ti.com) on any response. Thanks! Phil
Feb 16, 2001, 18:55:02
 Authorization Required I have ht.acl file in the directory and inside the ht.acl file AuthUserFile /home/jspwd/htpasswd.acl if have placed this file so when ever i try to access that directory it prompts with the login window however, it never allows even though i have created htpasswd.acl file with htpasswd.exe and i am typing exactly same id and pass does anyone know y?
Feb 18, 2001, 00:32:44
 How to prohibit 2 user using same login name at the same time? I would like to ask if I want to prohibit 2 or more user use the same user name to login in at the same time. How can I do? I mean I want to run a one-user-one-password policy. Can htaccess do it? Thanx!
Feb 20, 2001, 08:04:06
 Is there a tool for managing .htaccess files Hello people, I want to ask if there is a tool for managing .htaccess-files? Such as that users of special directories can enter their own entries into a .htaccess files for these directories. I have noticed that it is a problem for these users to edit the .htaccess file directly with a text editor (don't ask me why...), so it would be helpful to offer them a simple web based tool to edit the .htaccess-file. Does any one know if there is such a tool or do I have to write it on my own? Regard Bernd
Feb 20, 2001, 09:56:17
 Re: How to create username/password? In the directory you want to protect, create a file called .htaccess. It should look something like this. AuthUserFile /usr/www/dirname/.htpasswd AuthGroupFile /dev/null AuthName "The Secret Page" AuthType Basic require valid-user Next, change the path at "AuthUserFile" to be the path of the dir you're protecting. (plus the .htpasswd filename) Run htpasswd -c .htpasswd user_name (where user_name is a name) You'll then be prompted for a passwd to enter and once again for verification. You can add users to this .htpasswd file by running the htpasswd command over again, but it is only necessary to use the "-c" option when creating an htpasswd file for the first time. To disable, simply remove the .htpasswd file.
Feb 20, 2001, 18:38:49
 do not request username/password hi guys, i'm using the .htaccess file to control the access at one area of my website. how can i configure the apache web server to don't request username/password in this area, from an especific ip?? thks
Feb 22, 2001, 11:29:50
 how do I set username/password on NT I already install Apache on my NT box and I created file .htaccess in Apache directory. How do I set username/password on my web? What program to generate password on NT? Thanks
Feb 28, 2001, 01:37:24
 Out of Memory Error When I try to Compile the JSP File in Appache Server (Windows NT) I received the Following Problem M025 /netz/empinfo/editempdebug.jsp: java.lang.OutOfMemoryError at org.gjt.jsp.HttpJspPageImpl.service(Compiled Code) at javax.servlet.http.HttpServlet.service(Compiled Code) at org.gjt.jsp.JspServlet$Page.process(Compiled Code) at org.gjt.jsp.JspServlet.service(Compiled Code) at javax.servlet.http.HttpServlet.service(Compiled Code) at org.apache.jserv.JServConnection.processRequest(Compiled Code) at org.apache.jserv.JServConnection.run(Compiled Code) at java.lang.Thread.run(Compiled Code) Pl. Help. Regards HARISH Feb 28, 2001, 08:10:25  How to execute PHP commands in html files? I have an Apache web-server. On it is installed PHP4. But php-commands executes only in files with php-extentions. But in htm and html files PHP commands doesn't executs. Is it possible to hanle tis problem with .htaccess and httpd.conf? Feb 28, 2001, 12:03:34  "save as" pop up window Help !! My web host (hostsave.com) has an apache server and he sent me the LINK to this article. Is he nuts or something? He wants ME (I just have a website on his APACHE server) to correct a problem that I have on HIS apache srever. He's telling me to READ this article and correct HIS problem. Here's what's wrong. I have several files on his apache server in a DOWNLOADS directory. When a visitor clicks on a link to setup.exe, the saveto popup window appears. Fine. But when he clicks on a link to setup.W02 the file OPENS instead. This did not happen with my previous 3 web hosts. I need the saveto wibndow to appear so that the visitor can DOWNLOAD the setup.w02 file. Please, please, tell me what to do, or really what to tell him to do with his APACHE server. Thanks. Professor Martin Weissman Feb 28, 2001, 13:30:34  Re: I am unable to see the .htaccess file using ws_ftp I know what you mean. Personaly I use MSDOS for deleting these files. (if you are using windows) 1) Open the dos prompt and type "FTP" 2) Type "OPEN" 3) Type your ftp server name 4) When prompted enter your username and password 5) use "cd dirname" to change directory ("dir" will display the directories contents) 6) When you ate in the specified directory type "delete .htpasswd" I hope that helps! David... Mar 1, 2001, 21:12:02  403 Forbidden error when i try to access files Hello, I get a forbidden 403 error everytime i try to access the directory listing... can anyone tell me why, and how to fix this? Mar 3, 2001, 08:28:07  CGI Read / Write Access Many people here seem interested in specifically how you grant CGI scripts read / write access to a directory. Perhaps apachetoday.com should place an obvious link to such information somewhere on the page. wdeans@wdeans.com Mar 4, 2001, 13:59:32  htaccess multiple logins I'm accessing two seperate web sites under the same domain. When I access the first site the first time I get the login prompt fine. When I login to the second website for the first time I get the login prompt fine. Now if I go to the first web site again I get another prompt for login. It then prompts me for every page I now try to browse to in the first site. This also works if I reverse the order of the sites. Everything works fine as long as I don't start browsing to my second site. Any help would be appreciated. Mar 9, 2001, 20:24:25  .htaccess Please show me how do I restrict password protected only one file under the directory. I have a .htaccess under the directory, but not point to specific file that I want. I have not seen any concept of the authentication for specific file on the .htaccess. Regards, Judy Mar 14, 2001, 01:17:17  Re: username and password rejected what htpaccess.exe did you use? it has to be under the same platform Mar 15, 2001, 07:11:24  Apache Server 1.3 i receive this error when i try to access to the webpage that i trying to host in my dns Forbidden You don't have permission to access / on this server. -------------------------------------------------------------------------------- Apache/1.3.9 Server at www.fullcircledesign.com.sg Port 80 please assist how can solve this error. i will appreacite your help hoay fern Mar 20, 2001, 03:06:10  Autorization Required problem I have the htaccess and the htpasswd files setup correctly. However when I go to my web page it prompts me for my username and password. I type in the user name and password and it tells me "Authorization Required This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required." Here's my .htaccess file: Satisfy All AuthUserFile /blahblahblah/.htpasswd AuthGroupFile /dev/null AuthName "Test" AuthType Basic require valid-user === Does anyone have any ideas??? Thanks. Mar 20, 2001, 20:44:05  apache htaccess on NT4 Workstation i follow the instructions to set up the htaccess and create user with the password. However, i didnt see any prompt which request the username and password. IT seems like it wont work at all... i keep my .htpasswd in c:/apache/bin/ my .htaccess file look like this: AuthUserFile c:\apache\bin\.htpasswd AuthGroupFile null AuthName "The Secret Page" AuthType Basic require user abc i will be glad if anyone can give me any comment of this problem... Thank you.. Mar 21, 2001, 06:54:55  .htaccess to restict files for download I have pdf files which I only want to the user to download, not view in the browser. I understand that an access file is the way to go in this situation so that the files are automatically downloaded. Can anyone help me with the specifics? I have only found direction on creating password authentication files. Thanks! Mar 27, 2001, 00:14:32  .htaccess not working Hai i have my apache running under the dir c:\program files\apache group\apache and my .htaccess file is in c:\program files\apache\html\.htaccess. the code in the .htaccess file is AuthName my secret stuff AuthType Basic AuthUserFile c:/temp/users require user martin this i want to restict the use of the file under the html dir. what should i have to next is it matters if my htpasswd is under c:\temp\users? if anyone can give me an answer, that will be great bye Mar 28, 2001, 16:07:24  .htaccess on Exodus Server umm... i found a .htaccess file in my root directory while ftp'ing but my webhost says they running a exodus server, is this file exclusive to apache, or is a 'Exodus Server' just a wrapper for a Apache server, or What ? Also, is it safe to download and edit the file if i running windows, cause i know line breaks and stuff are different depending on your OS. thanx Noel Mar 29, 2001, 02:46:25  Re: Once the password fails I need to redirect to a webpage httpd will return a 401 error if authorization fails so.... Use the ErrorDocument directive: ErrorDocument 401 /unauthorized.html where unauthorized.html is the page you want to redirect to. Mar 31, 2001, 09:42:27  Re: .htaccess and ssl You could use the mod_rewrite to automatically redirect all requests to the virtual domain to the https port. Of course, you will be taking a small performance hit each time the rewrite engine is used. Mar 31, 2001, 10:23:00  Unable to get popup window for user authorization Hi, I have made the following entries in my httpd.conf file for protecting all files under c. Satisfy All AllowOverride All (Please note that I have placed it both under tag and outside of it too) I have the following entries in my .htaccess file placed in /a1/b2/c3 AuthAuthoritative Off AuthUserFile /a1/b2/.htpasswd AuthName "my window" AuthType Basic require user me Satisfy All If I place the .htaccess in /a1, a popup window asking for authorization appears and takes me thru on valid entry. If I place the .htaccess in /a1/b2/c3, the popup window does not appear and not authorization takes place, showing all the files under a1/b2/c3/*. Any ideas on what I may be doing wrong, the idea is I want to ask for userid-passwd before I allow access to files under path /a/b/c. Your suggestions/help is appreciated. Thanks, Shanky. Apr 2, 2001, 23:34:12  htpasswd command not recognised on UNIX server running Apache 1.3.6 I'm trying like crazy to set up this htaccess authentication on Apache 1.3.6. However, if I do a 'which htpasswd' on the unix server I'm telnetting to I find no htpasswd references. Does anyone know if this version actually comes with this facility or how can I set it up in the directory I want to protect. Also, I found the binary of the htpasswd program. Can I run this by typing htpasswd -c? Thanks in advance! Apr 3, 2001, 16:08:22  AuthGroupFile, cannot authenticate using groups My .htaccess was working fine until I tried to add the group file directive, AuthGroupFile. I created the AuthGroupFile, and it looks like this: sa:username1,username2 When I try to login as either of these users, which are valid users, I get a 401 Authorization Required. My require looks like this: require group sa Anyone have any idea what I might be missing? Thanks! Apr 4, 2001, 17:14:47  unable to obtain popup window for net.data macros Hi, I need to obtain a popup window for user authentication of /home/shanky/bid The /home/shanky/bid directory contains net.data macros. To access the same via an URL, I specify http://www.xyz.com/cgi-bin/db2www/bid/a1.d2w In the usual way, I tried putting in a Directory entry for /home/shanky/bid. Satisy All AllowOverride All I have the following entries in my .htaccess file placed in /home/shanky/bid AuthUserFile /home/ysr/.htpasswd AuthName \"my window\" AuthType Basic require user rash Satisfy All But I do not obtain any authentication popup. One of the reasons I guess would be because, when I say http://www.xyz.com/cgi-bin/db2www/bid/a1.d2w, it is recognised as a net.data macro call, then resolved to the path of the macro as /home/shanky/bid by reading the db2www.ini file. (www.buyusa.com/cgi-bin/db2www => /home/Shanky) Hence with the /home/Shanky/bid resolution not being in the scope of the httpd.conf, the Directory entry for /home/Shanky/bid is not checked for. Any ideas on a round-about way of obtaning a popup in this case. Your suggestions/help is truly appreciated. Thanks, Shanky. Apr 4, 2001, 21:45:25  Changing page on failure of authentication Can anyone tell me how I change the page someone is sent to if they enter the wrong password for my password protected areas (as controlled by .htaccess and .htpasswd files)? Thanks, m Apr 5, 2001, 12:06:26  Login dialog after password change Hi, I have set-up ".htaccess" to my website. I've also added a change password feature. It's done just by simple rewriting of the existing .htaccess file. The problem I have is that after this change password operation browser asks me for new login with new password. Is there any way how to make the browser not to popup this dialog? Thanks for any help. Martin Apr 6, 2001, 11:16:11  Re: I am unable to see the .htaccess file using ws_ftp you may have solved this already as your post is over a month old. if you type -al in the box (under mkdir on the server side)in wsftp you'll see all the hidden files in the directory. You can then delete them as normal to empty the directory. Apr 7, 2001, 12:00:55  how to run htpasswd remotely Hi, I want to authenticate a particular dir using .htaccess..for this purpose i need to add 80 login and passwd to the .htpasswd file..... i want to automate this work and give the work to users themselves...i.e the users provide their login and password... The previous discussion on the board tells how to do this with htpasswd commmand...but here i don't have access to system prompt.... how do i go about it...any server side scripts (like php) can do it for me..if yes plz give details... Thanks In Advance, Vaibhav Apr 8, 2001, 13:05:53  force download pdf file I haver several pdf-files on the server. When you click on the link, the plugin starts automatically. But I want that there is real download! I've put in the htaccess: AddType application/octet-stream .pdf This works with Netscape 4.7, but it does not with IE 5.5 :-( Any ideas how to make it work for IE? Apr 8, 2001, 20:39:27  Removing authentication in sub-directory I force authentication at root directory via .htaccess file, but want to grant unlimited access for one of the sub-directory. Could any one point me to right direction? Thanks in advance Woojin Apr 10, 2001, 14:35:03  .htaccess users account hi there, I have some question about .htaccess setting I have no problem of having .htaccess working but i am wondering, if I got 5 users - john, mary, peter, sam, jo and i already set up .htpasswd and my setting of .htaccess is: AuthName 'Protected Directory' AuthType Basic AuthUserFile /somewhere/.htpasswd Require user john mary peter sam jo It is working without any problem but is there any other method, so that every time when there is a new user, apart from adding a new entry to the .htpasswd, i no need to update each .htacess manually??? i mean is it compulsory that I have to set the line Requirer user (specify the user name)? can the .htaccess look up from the name file automatically, instead of I need to type in the name (hardcode) manually? best RGDs sonic Apr 11, 2001, 02:24:32  what happen if password expired from htaccess? Hi all, as i got sql server at hoe, i think it is more managable to put all the user and user password inside sql server instead of just put them inside the .htpasswd what i need to do if i want to ask htaccess to call my perl program abc, with abc retrieve the user namd ane password enetered from the auth dialouge and make comparison and return some code .... (My idea) can I do something like this??? sonic Apr 11, 2001, 07:27:07  perl to un-authenticate? Hi! I'm using the apache basic authentication scheme to log in to my web site. I want to un-authenticate a user that has logged out of my site and force the user to give his userID and password again if he wants to log back in. I want to write a perl script that un-authenticates a user once it logs out of the web pages. How do I do that? Please help! Emma Apr 11, 2001, 08:08:48  Re: AuthGroupFile, cannot authenticate using groups Yes - Try to use sa:username1 username2 instead of sa:username1,username2 Does it work? - Rainer Apr 13, 2001, 14:25:19  Help! How to create Crypt passwords without telnet access Hello everyone, is there a way to produce reliable UNIX crypted passwords that run on Apache/1.3.3 Cobalt (UNIX), when my provider doesn't provide me with telnet access? And: Is it important to use the same "salt" by producing, or would the server mentioned above accept all UNIX crypted passwords regardless of the salt? I ask this, because - of course - my combination of .htaccess and .htpasswd does not work either and makes me go crazy. It looks like this: [.htaccess]: AuthType Basic AuthUserFile /full/path/from/root/plus/secure/dir/access/.htpasswd AuthGroupFile /full/path/from/root/plus/secure/dir/access/.htgroups AuthName "internal" Require group sws [.htgroups]: sws:user1 user2 userx I always get denied when I try to log in as a user with a password that I generated via http://www.teamone.de/cgi-local/cryptform.pl?PASSWORD=anyword and via http://www.hof-berlin.de/crypt.php3 . Are there special details one has to be aware of, eg. no return or space after user1:dSSKMHKq/XMtF in the file .htpasswd? Can you help me? Thanx in advance - Rainer Apr 13, 2001, 15:06:13  Re: Help! How to create Crypt passwords without telnet access Hi Rainer :-) What you could do is strip everything down and try with the bare minimum to see if that works. This is the order that i have mine, bearing in mind that i don't use groups. [.htaccess] AuthUserFile /full/path/from/root/plus/secure/dir/access/.htpasswd AuthName "Please Log In" AuthType Basic Require valid-user [.htpasswd] username:password username:password username:password etc... Remember that the username and password are case sensitive. "TheCoolDude" and thecooldude" are treated different under Unix/Linux. Try these two password generators... http://www.earthlink.net/cgi-bin/pwgenerator.pl http://206.250.94.20/cgi/pwgenerator.pl If all that works then you can build it back up again using groups. Then if it all works correctly, you could maybe write an online tutorial for your ISPs other users ;-) Marc :-) Apr 14, 2001, 10:04:02  Re: Changing page on failure of authentication > Can anyone tell me how I change the page someone is sent to if they enter the wrong password for my password protected areas (as controlled by .htaccess and .htpasswd files)? Thanks, m Try putting this at the end of your .htaccess file. ErrorDocument 401 /Unauthorized.html or ErrorDocument 401 http://www.domain.com/Unauthorized.html As long as the error document is on the same server it should work. Marc :-) Apr 14, 2001, 10:23:14  Re: Removing authentication in sub-directory > I force authentication at root directory via .htaccess file, but want to grant unlimited access for one of the sub-directory. Could any one point me to right direction? Thanks in advance Woojin I think you want to use "Require valid-user" in your .htaccess file. This will grant access to all users. To restrict access to only a few users then use groups "Require group group-name [group-name] ..." and have those users in a .htgroups file. http://httpd.apache.org/docs/mod/core.html#require Marc :-) Apr 14, 2001, 10:57:56  Re: .htaccess users account Instead of "Require user john mary peter sam jo" you can have "Require valid-user", this will grant access to all the usernames in the .htpasswd file which is then the only file you need to modify when new users get added. Now i'm not sure on this, but you could try just having the one .htpasswd file and changing the "UserFile /somewhere/.htpasswd" (you don't use AuthUserFile, that just a spelling error?) in each .htaccess file to point to it. If not then it'll just be a case of editing one .htpasswd file and uploading it to all the necessary folders. To only grant some users access to certain folder then you could start using groups (.htgroup)"AuthGroupFile /somewhere/.htgroup", "Require group group-name" http://httpd.apache.org/docs/mod/core.html#require Marc :-) Apr 14, 2001, 11:39:04  Redirecting denied users to another page I want to redirect a blocked user from my site to another .html file in the same directory as the .htaccess file. Is this possible? If so, how do I do it? thanks. Apr 16, 2001, 19:47:49  Difficult redirect to an error page hallo, I have a problem with redirecting a client to an error page. I use htaccess files with the ErrorDocument directive. If a client asks for access of a protected page, he or she is redirected to an special error page, if an false password or/and username is given. but bevor this happens, the client ask at least for three times for a new username and password. I want that after the first attempt with a false username and/or password the client is redirected directly to the error page without any prompting for a username and password. is their any possibility solve this problem? thank you for any suggestions. :-) peter werner Apr 18, 2001, 15:14:55  Auth Prompts on CGI POST?? How can I make my .htaccess so that it only asks for my password once and then saves it for my session? Right now it prompts me everytime I submit a post. Apr 19, 2001, 15:35:20  Win32 .htaccess auth failed I'm running Apache 1.3.14 Win32. I'm trying to setup .htaccess files folder in my html dir. Here is the problem my system uses the .htaccess files but it won't let any user in. Can any one help me? and if you can, what is Wrong? Apr 23, 2001, 04:30:51  htaccess directives Is there a consolidated listing of the directives allowed in htaccess that I can find somehwere that includes their usage and syntax. I really don't want to spend a day going through the entire Apache documentation. Thanks Apr 23, 2001, 22:54:51  Problem defining where my .htpasswd file is Hi, I have a very basic .htaccess file in the directory I want to protect. It's in /html/admin/ Having problems using AuthUserFile If I log in on my account with a FTP client and enter the directory the path looks like this: /var/www/clipart.to/html/admin so I'm trying doing it like this AuthUserFile /var/www/clipart.to/html/admin/.htpasswd I've used the htpasswd - c .htpasswd command to create a password file. Unfortunatly I only get the authorization require (ie wrong password) everytime I try to log in. Please herlp me. Thanks, Johan. Apr 25, 2001, 08:17:51  .htaccess log username I am using .htaccess for user authentication. How can i keep a log of users accessing my site?thanks.please email me at spparikh@email.unc.edu . Apr 27, 2001, 04:42:57  internal server error Hi im trying to restrict access to a few of my web pages but when i make a htaccess file it just gives me an internal server error. i have tryed everything it seems like if you have any ideas PLEASE email me at mbisme@kscable.com thanks. Apr 27, 2001, 20:38:45  How to ban users and show them a certain page letting them know. Hello, I currently want to setup a htaccess to allow all but block certain ip addies if they are to visit. If they do visit I don't want a popup box but instead they are redirected to a page explaining that they are banned. Any idea's if htaccess can accomplish this? I understand how to use htaccess but not in this way. Replying by email is welcome. - zenomorph Apr 28, 2001, 02:09:06  Re: How to ban users and show them a certain page letting them know. I too have been trying to do the same. The following link has a brief section explaining how to allow/block IPs : http://mirage.golden.net/htaccess.html Apr 30, 2001, 15:42:58  Passwortschutz im Klartext? Mal auf deutsch und zusammengefasst: Bekannt ist den meisten ja folgendes: - Syntax der .htpasswd - Syntax der .htaccess - Ordnerstruktor, d.h. wo die Dateien liegen müssen/dürfen Aber... - Wie werden die Passwörter erstellt, wenn man keinen direkten Zugang zur Kommandozeile hat, sprich die Seite Fernadministriert. Nutzt man freie Passwortgeneratoren, kommen ganz verschiedene Passwörter raus die nicht auf der Seite funktionieren. (http://www.cache-22.co.uk/cgi-local/c22encrypt.pl oder http://www.linux-profis.de/php3/crypt.php3) - Kann man nicht mit entsprechenden Zugangsrechten die password.pl auf die Seite kopieren? - Kann man die Passwortabfrage nicht im gleichen Fenster bewerkstelligen, ohne das ein Pop-up Fenster aufgeht? Auf vielen bekannten Seiten geht das doch auch. z.B. online-e-mail-dienste, Provider, etc. - Gibt es nicht irgendwo eine gute und zusammengefasste Anleitung, am Besten noch auf deutsch? Ich will doch nur einen bestimmten Bereich einer Seite durch Passwort schützen, so daß sich Besucher erst anmelden müssen. Das ganze auf einem Server zu dem ich ftp-technisch alle Zugriffsrechte habe, aber nicht direkt apache steuern kann, es sei denn ich verändere die eine oder andere config datei. Gruß ipxi May 1, 2001, 14:06:11  Re: Help! How to create Crypt passwords without telnet access this is what i did several times. i worked out, that a pop up window opens and asks for a password, but it wont accept any password. each time i encrypt the same password by free pwgenerators a different one is shown. where is the error? May 1, 2001, 15:08:45  User and Password variables I got it all, thanks. But how can i put something like "Welcome 'user name' !!!" after autenticating? Which variable stores the user's name and password? Thank's in advance, Daniel May 4, 2001, 00:07:50  htaccess timeout Hello ! how can I put an expiration time on the htaccess ?? Thank you ! Regards, Daniel Nuño May 4, 2001, 22:43:58  help needed for htaccess Hi, l have setup my web server running 1.3.19. l have created the .htpasswd and .htaccess file but l still can access the homepage directly, what went wrong? my .htaccess config. AuthType Basic AuthName "Protected Directory" AuthUserFile /home/monitor/.htpasswd AuthGroupFile /dev/null require user harmony l have create the user harmony using htpasswd and is in the directory /home/monitor. The file .htaccess is under the directory /home/monitor/html. This is were all the html files are and is the default directory for web. May 10, 2001, 02:08:33  .htaccess URL redirection I'm having a strange thing happen with an .htaccess file. Here is an example of what is happening. The default file in my web directory is index.html. This DOES NOT work: RewriteEngine on RewriteRule ^(.*)$ subdir/$1 However, this DOES work: RewriteEngine on RewriteRule ^(i)(.*)$ subdir/$1$2 Weird, huh? Also, if I replace the (i) with a (.), it stops working again. Any ideas?
May 10, 2001, 02:17:36
 pop-up window does not appear again Hi, l manage to get the pop up windows asking user to enter the user ID and password. But logging in successfully, l will not be pop for user id and password again if l close and open the broswer again. Is this due to broswer caching? If yes, is there any work around? Thanks. Regards, Toh Hwee
May 10, 2001, 10:16:21
 Including 2 user-files in .htacces is it possible to include 2 different AuthUserFile in .htaccess?
May 11, 2001, 10:47:47
 htaccess logfile restrictions Can somebody tell me what i have to do if i do not want my accesses to be logged in the access_log? i´ve read an article that i have to edit the htaccess and tell there, that my ip should not be logged. but what?
May 11, 2001, 13:09:29
 cant get $ENV{'REMOTE_GROUP'} I have had an .htaccess protected section of a website up for a while. It contains some administrative CGI not for the public, and has been working just fine. I have been able to even grab who is logged in with perl from the$ENV{"REMOTE_USER"} variable in perl to use in various interface messages. Now, I want to add GROUP management to the cgi's where a subset of the users will be allowed to use certain scripts. I've added a AuthGroupFile to define which users are in which groups, but the system doesnt seem to load the $ENV{'REMOTE_GROUP'} variable so I cant be sure what is going on. have I missed some part of the setup? my .htaccess file looks like: ---- AuthUserFile /home/nm-earnosethroat/.nment_pwd AuthGroupFile /home/nm-earnosethroat/.nment_groups AuthName "NMENT secure area" AuthType Basic require valid-user and the .nment_groups file looks like: --- admin:danbak elaine docs:fritz May 12, 2001, 20:57:10  htaccess seems not to be working (no window appeared) Hello, it's a Win NT5 server with apache running, everything goes fine, but there isn't popping up a window for pasword verification? I putted the 2 files in the folder: e:/program files/apache group/apache/htdocs/ My .htaccess: Satisfy All AuthType Basic AuthName "Security" AuthUserFile e:/program files/apache group/apache/htdocs/.htpasswd Require user bart AllowOverride none Has it something to do with the pad??? Also strange is i got no error log or something, it seems not to react at all! Can you help? Thx May 17, 2001, 21:32:13  login script Hello: I am looking for a (Perl?) script generating authentication headers. I will be grateful for any suggestions, thanks !! --> wojtek@pnti.waw.pl . May 18, 2001, 23:47:11  Re: redirect I am sorry to ask this question again, but has anyone gotten an answer to this question? > Can I redirect based on user name? If user Dennis logs into a directory Clients can he be redirected to a Dennis directory? User Tom would be sent to his directory and so forth. TIA, Shifty May 22, 2001, 19:16:26  Multiple AuthUserFiles and targeted redirect??? Can there be multiple AuthUserFiles in one .htaccess file? I have two separate password files (current and expired) and would like both used in authentication. Also is it possible to redirect to a renewal page or run a cgi script if the user is located in the expired database? May 23, 2001, 16:56:33  Re: HTACCESS Instead of using HTAccess you could use a perl Script. The script could create directories and files on the fly and it could check for a user/password match just like HTACCESS. I am not sure what else I may be able to input, sorry if that was not helpfull. May 25, 2001, 03:56:05  Restricting access Hello, I have installed Apache 1.3.9, and my question is the following: I want to restrict a file .html on a directory, only one or more file but not all files that a directory contains. So in the same directory there are ten files .html, and I want to restrict the access (using user/password) on two files on that directory. Thank a lot of. May 25, 2001, 11:15:44  syntax to modify PHP in .htaccess files I want to count the number of visitors that are currently on my site and I wanted a flat file way of doing it. I asked on alt.php and got the following useful advice. The lines themselves, if I understand right, need to be preceded by some kind of Apache directive? I read this page hoping to learn the syntax of .htaccess pages but I'm still in the dark. I read the directives page but don't know what directive to use. Which directive do I need? What is the right syntax? Can anyone suggest a good book on Apache? The response I got on alt.php was this: >>>>>>>>>>>>>>>> If the server you're using is using Apache, create a .htaccess file and use commands like the following to set the php.ini values for that directory etc.: php_value session.gc_maxlifetime 720 <-- in seconds php_value session.gc_probability 100 <-- %age prob. php_value session.save_path /am_sessionsFolder May 28, 2001, 17:18:36  Htaccess/WindowsMedia how do I get media player to accept the username and password entered by a user. I have htaccess set to require valid-user. After entering the directory there is windowsmedia file that triggers display of graphic assets. A mediaplayer icon appears in the username/password box. I was hoping that once the user entered their name and password that they could access everything. Is there another directive or syntax I should use? Jun 1, 2001, 04:06:37  Default document I am very new to Apache. I want to configure "Default.htm" to be my default document in the htdocs directory. How do I do that? Thanks, Don Jun 3, 2001, 22:43:53  IE 5.0x forcing authentication twice Has anyone else experienced a problem using Internet Explorer 5.00 or 5.01 in which Apache forces users to authenticate twice with correct credentials? I do not get this problem in Netscape and have not seen any other htaccess problems besides this one, so I am assuming my configuration is correct. An example scenario in which this problem occurs: 1. I give good username/good password -> asked to login again, error_log not updated 2. I give good username/good password -> successful login, error_log not updated Another example scenario: 1. I give good username/good password -> asked to login again, error_log not updated 2. I give bad username/bad password -> asked to login again, appended to error_log is ... user sandih: authentication failure for "/ops/": password mismatch ... user poo not found: /ops/ 3. I give good username/good password -> successful login Any help or suggestions would be greatly appreciated. Thanks! Jun 4, 2001, 21:15:08  Re: IE 5.0x forcing authentication twice I too have seen this.. The following is an example layout of the directory. /opt/apache/htdocs/Secured <- has .htaccess /opt/apache/htdocs/Secured/otherdirectory <- has no .htaccess The "Secured" directory has a .htaccess file and the directories below it dont, but if I authenticate correctly then try and go to "otherdirectory" I get an authentication box again. .htaccess file is below: AuthUserFile /opt/apache/cgi-bin/.htpwd AuthGroupFile /opt/apache/cgi-bin/.htgroups AuthName "System Documentation" AuthType Basic order allow,deny allow from all require valid-user Anyone got any ideas ? Sid Young Brisbane Jun 8, 2001, 02:06:12  Re: Win32 .htaccess auth failed post you htaccess file. may be i can throw light on it. I have sucessfully done on Nt Jun 8, 2001, 12:51:50  Re: Re: How to create username/password? I need to store encrypted password in the oracle 8i database. How do i do it? I am using mod_auth_oracle. i am able to use it if passwords are clear text Jun 8, 2001, 12:57:56  Re: Servlet authentication I am also facing the same problems. Can some one enlighten us on this? Regards Jun 8, 2001, 12:49:49  Re: How to execute PHP commands in html files? > I have an Apache web-server. On it is installed PHP4. But php-commands executes only in files with php-extentions. But in htm and html files PHP commands doesn't executs. Is it possible to hanle tis problem with .htaccess and httpd.conf? It is easy, but may not be recommened. add the following in httpd.conf AddType application/x-httpd-php .html Jun 10, 2001, 14:39:01  restricting a file with htaccess Hi I'm trying to restrict just one file in a directory...with an .htaccess file. I tried... AuthType Basic AuthUserFile /web/data/xxx/passfile AuthName "Enter Password and username" order allow,deny deny from all Satisfy all require valid-user But this doesn't work...I've tried many other combinations.. but nothing works. I've checked the server config file - but nothing seems to be preventing it...but then maybe I have to add something?? can someone help? thanks jill Jun 14, 2001, 19:26:34  401 Authorization error I have placed the .htpasswd and the .htaccess file in the protected directory and specified the path to find the .htpasswd file in the .htaccess file. I have specified the following: AuthUserFile /www.bblcomm.com/Clients/itouch/.htpasswd AuthName "iTouch Username and Password Required" AuthType Basic require user itouch I have created the .htpasswd file with the exe downloaded from your site. When I type the url it prompts me for the username and password hit enter and it prompts 3 times then give the following error: Authorization Required This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required. Can you help? Jun 15, 2001, 17:46:26  Setting up .htaccess on Win 2000/Apache Hello I was successful in setting up the user name/password authentication and thought it would be useful to share with all the members of this forum 1. Created a directory called secure under c:\ and copied the program C:\Program Files\Apache Group\Apache\bin\htpasswd.exe to it. 2. After going to the command prompt i executed the above program htpasswd -c .htpasswd buddy Here i was prompted to enter the password twice. This created a file called .htpasswd under c:\secure 3. Now to secure the directory c:\mystuff\docs i created a file called .htaccess and the added the following lines satisfy all AuthUserFile c:/secure/.htpasswd AuthGroupFile null AuthName "Only For Me" AuthType Basic require user buddy I had mapped c:\mystuff as my default document directory. This set it all up. So when i tried http://localhost/docs it prompted me to enter a user name and password. Hope this helps anybody trying to set up this feature. Regards Khozema Jun 16, 2001, 19:06:59  Re: Re: redirect if you are using PHP, you can get the username from this variable:$HTTP_SERVER_VARS["REMOTE_USER"]; and then redirect using the "header" command, for example: $username =$HTTP_SERVER_VARS["REMOTE_USER"]; if ($username == "buffy") { header ("Location: vampires/slayer.html"); } there are probably similar methods in other scripting languages, and you might be able to get the username from the apache environment as well. as far as having apache itself redirect based on username, i don't know whether or not this is possible. Jun 17, 2001, 22:54:34  Re: Re: I am unable to see the .htaccess file using ws_ftp Great hint! Jun 18, 2001, 18:05:58  .htaccess and .htpasswd here is the .htaccess file ( I have tried many variations) yet it does not work ----------------------------------------------------------- AuthType Basic AuthName "MY PASSWORD PROTECTED STUFF" #AuthUserFile /home/USERNAME/web/PATHNAME/.htpasswd #AuthUserFile /home/apache/web/www/webdesign/htdocs/2delete/.htpasswd #AuthUserFile /home/apache/web/www/webdesign/htdocs/2delete/.htpasswd #AuthUserFile /www/webdesign/htdocs/2delete/.htpasswd #AuthUserFile /home/apache/web/www/webdesign/htdocs/2delete/3delete/.htpasswd AuthUserFile /www/webdesign/htdocs/2delete/3delete/.htpasswd require valid-user #Require user hoggy ----------------------------------------------------------- the user name is hoggy in the .htpasswd file the .htaccess file is located under /www/webdesign/htdocs/2delete/3delete/ the .htpasswd file is located under /www/webdesign/htdocs/2delete/ but after typing the password it does not work at all... I have noticed that if using: AuthUserFile /www/webdesign/htdocs/2delete/.htpasswd you automatically have access to the folder without being asked for the password and login name! Unusual... Jun 19, 2001, 15:42:13  Re: username/password appears twice by turning UseCanonicalName in httpd.conf to Off i solved my problem... Jun 20, 2001, 20:00:23  win2k not authenticating Apache does not seem to see .htaccess files. I have tried renaming the .htaccess file in the httpd file with no luck. Any commects are apprciated. Jun 24, 2001, 02:47:21  Re: IE 5.0x forcing authentication twice > Has anyone else experienced a problem using Internet Explorer 5.00 or 5.01 in which Apache forces users to authenticate twice with correct credentials? I do not get this problem in Netscape and have not seen any other htaccess problems besides this one, so I am assuming my configuration is correct. An example scenario in which this problem occurs: 1. I give good username/good password -> asked to login again, error_log not updated 2. I give good username/good password -> successful login, error_log not updated Another example scenario: 1. I give good username/good password -> asked to login again, error_log not updated 2. I give bad username/bad password -> asked to login again, appended to error_log is ... user sandih: authentication failure for "/ops/": password mismatch ... user poo not found: /ops/ 3. I give good username/good password -> successful login Any help or suggestions would be greatly appreciated. Thanks! I figured out the solution for this problem. It had nothing to do with .htaccess. I was using a relative URL to point to the directory to login to, but I forgot to include the trailing slash. So, that caused Apache to send a redirect to the client which forced him to authenticate twice. Jun 26, 2001, 16:40:24  Re: Re: Win32 .htaccess auth failed Hello Vikrant, I was browsing the FAQ's on APache site and there was a question about setting up .htaccess file on WIN 32 machine and you seem to have figured out how to do that. I am having a similar problem - I am using Apache 1.3.19 on Windows 2000 and my .htaccess file goes like this : -------------------------------------------------- AuthUserFile C:/Apache Group/Apache/realdocs/.htpasswd AuthName "MyCompanyWebPassword" AuthType Basic require user myusername ----------------------------------------- I have all my html documents in the realdocs directory and I am trying to protect a directory named images under realdocs directory and so I have my .htaccess file in that directory... After I have done all this and restarted the web server, Apache never throws a pop up to authenticate the directory I would like to protect. Could you please help me with this ??? Thanks, Prashanth Jun 27, 2001, 14:08:25  .htaccess.txt - I can't change the file type! Okay - I love this idea but how can I change the file from .htaccess.txt to .htaccess? I've tried changing the file type in Notepad, Wordpad, Frontpage and Word and none of these applications will let me remove the .txt How do you guys do it? Jun 27, 2001, 19:10:21  Re: Re: How to create username/password? Good .A small correction . The syntax should be require user valid-user instead of require valid-user If I try with later ,my login /password always fails. But with the first syntax, authentication succeeds . Magesh Jun 28, 2001, 00:56:56  no pop-up window! Howdy! Using Redhat 6.2 and Apache httpd ...(1.3?). Can someone send me a Working version of their httpd.conf and htaccess? I seem to have tried all the tricks in the book and slowly losing my patience over this. BTW, there are some virtualhosting domains in httpd.conf. I assume that the global directives and htaccess would take care of any virtualhosts. If not, is there any special set of rules to setup htaccess for virtualhosting? Thank You. Jun 28, 2001, 04:15:02  Yes pop-up window! Ok, I seem to have hit some luck after visiting apachetoday.com. Just submitted a message asking for httpd.conf and htaccess files...but lo and behold, I figured out the bug within a few minutes. I thought I'd share the info with others. The .htaccess is AuthAuthoritative Off AuthUserFile /somewhere/.htpasswd AuthName Secured Zone AuthType Basic require user freelunch Satisfy All Thats it. Now the "AllowOverride All" statement must exist inside the in the httpd.conf file...e.g. Options FollowSymLinks AllowOverride All$killall -9 httpd $httpd restarts the server and reads httpd.conf again. The pop-up window appears and access is enabled through login. Ok, one related question: What is the variable in which the username is stored? How do I track the user ...Thanks for any pointer. Jun 28, 2001, 04:52:37  Re: how do I set username/password on NT > I already install Apache on my NT box and I created file .htaccess in Apache directory. How do I set username/password on my web? What program to generate password on NT? Thanks So under Windows NT, there is no encrypt function, so you just need password as plaintext. eg. if your name is aa and passwd is bb so you put something as following in to the file .htuser,that's OK! aa:bb as I know, the Auth_dbm is the same Jul 2, 2001, 11:36:52  htaccess embedded URL? Forced to authenticate twice,using htaccess to serve documents to valid users. Using alias for directory httpd.conf. The html document contains embedded images using img src=apic.gif . All files (html doc,gif & htaccess) are in the same directory. When enter html doc user is required to enter user & password, the x.htm begins to display then the user is requested to again enter the user & password. The error log states PERMISSION DENIED for the gif file. Once user re-enters user & password the gif displays. Why 2x's? I've tried using different address for the gif file in the img src line but haven't found one that works without prompting twice. Any help would be appreciated. Jul 2, 2001, 20:56:46  500 Error I am getting a 500 internal server error... error log reported the following: [Mon Jul 02 17:52:57 2001] [alert] [client 127.0.0.1] /.htaccess: AuthUserFile takes 1-2 arguments, text file containing user IDs and passwords wats wrong??, please help! Jul 2, 2001, 22:00:51  Re: .htaccess.txt - I can't change the file type! Don't worry about the name of the file containing your htaccess directives. You can call it anything you like, while you're editing it. Just ftp your '.htaccess.txt' file to the required directory on the server and rename it there, to '.htaccess'. Jul 4, 2001, 10:05:28  .HTACCES !!!!! How can I modify .htacces so it only protects the files I want it to not the whole directory ? Jul 5, 2001, 21:45:47  RewriteRule does not work as documented I've read copious documentation and examples, and cannot get this to work, using Apache-1.3.20. RewriteEngine On RewriteRule ^/twig(.*) https://mydomain.net/twig$1 [R] According to the documentation, this is correct. But it doesn't work.
Jul 8, 2001, 21:59:02
 setting up httpd.conf to allow htaccess I'm pretty sure I've got my .htaccess and .htpasswd files set correctly, but for some reason my httpd.conf file isn't even reading them. How exactly am I supposed to edit the config file to make this work?
Jul 10, 2001, 18:38:24
 Apoyo su iniciativa.... Creo que una excelente idea esto de las listas de correo para temas de esta indole. En Chile tambien lo hacemos. Aqui se habla mucho de Linux y su potencial.... chao...
Jul 11, 2001, 17:57:35
 Re: I need help to redirect my domain to a file! [some domains but not others!] | Try this in your .htaccess file: | | redirect permanent /(directory) (url) | | example: | redirect permanent /jethro http://cool.jethro.com/ | | Hope this helps. I had the same question (if I'm understanding the original poster correctly). However, this solution (above) redirects a subdir. of the original URL to a second, different URL. I need exactly the reverse of that. My clients have several different domains pointing to the same doc. root dir. on our webhost's server, all bringing up the same default page. We want some but not all of those domains to either bring up a different default page, or otherwise redirect to a subdir. of our doc. root dir. Unfortunately, the webhost they paid for in advance will bill them for hosting a second, separate website to set this up, even if we only want a couple domains to point to a subdir. of the original doc. root dir. (geez, pay for a whole separate site, just for a one-time alteration to their httpd.conf ?) Obviously, I don't have access to the host's httpd.conf myself, so I'm investigating the use of .htaccess for this before I resort to JS trickery (and could use some pointers for that as well, FWIW, but hopefully not necessary :-). E.g., we've got [www.]foo.com, [www.]foo.net, [www.]bar.com, and [www.]bar.net all pointing to the same default page in the same doc. root dir. We want: http://[www.]foo.com/ and http://[www.]foo.net/ to bring up the original default page in the original doc. root dir. http://[www.]bar.com/ and http://[www.]bar.net/ to either bring up a different default page, or otherwise redirect to a subdir. of the original doc. root dir. (e.g. redirect those to http://bar.com/barsubdir/ ) - whichever is easiest :-J. Got any ideers? - Mnsgr. Laszlo (Remove .SPAM.B.GONE from email addy to reply by that method.)
Jul 12, 2001, 01:03:03
 Bandwidth Theft My former web hosting service provider was taken over by another company. The new company has moved my domain to a new server and they refuse to include the mod_rewrite module in that server configuration (Apache 1.3.20). I had used the following directives in certain .htaccess files to limit bandwidth theft at my former provider: # Rewrite Rule for images RewriteEngine on RewriteCond %{HTTP_REFERER} !^$RewriteCond %{HTTP_REFERER} !^http://mydomain.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com/.*$[NC] RewriteRule .*\.[Jj][Pp][Gg]$|.*\.[Gg][Ii][Ff]\$ /graphic1/offlink2.gif which resulted in a tremendous decrease in "image theft" (the offlink2.gif file essentially stated that my domain doesn't allow offsite linking to its image files). They intend to begin charging based on bandwidth usage, but they have no alternative to my method of preventing bandwidth theft. What, if any, are the problems with allowing the mod_rewrite directives on a "shared hosting" server (assuming they have the rest of their act together)? And/or is there some other way of dealing with this issue? Bob
Jul 12, 2001, 02:52:23
 Problems htaccess & WinNT Hi all of you ! It seems to be a really complicated problem to secure pages or directories with apaches htaccess functionalities. I followed almost every documentation and tutorial but it is not possible for me to secure any page in our net. Apaches seems to override the .htaccess files because I never saw any of those user/password prompts on screen. I really dont know what the problem is, but I need help to fix it. Thanks, Thomas
Jul 12, 2001, 06:38:18
 Re: HTACCESS to redirect specific users I don't think you can do this from within the .htaccess file, but you could use PHP to do it. In PHP getevn("REMOTE_USER") will give you the username with which the current user authenticated. So you could use the function header("Location: http://www.yoursite.com/".getenv("REMOTE_USER")."/") in PHP to redirect authorized requests to a subdirectory that matches the user's login.
Jul 24, 2001, 16:57:49
 Multiple Login Rejections As my .htaccess file is currently set up, if a user mistakenly enters a bad username or password, the server will not allow a second attempt at login (they just are shunted to the "Authorization Failed" screen. How do I change this to allow for multiple tries?
Jul 26, 2001, 18:46:30
 Can I make .htaccess for a single file? Is there a way that I can make .htaccess only work for a specific file in a directory with many other files in it?
Jul 29, 2001, 22:50:18
 htaccess wat should i put in a htaccess if i just want 404 error processing
Aug 1, 2001, 11:59:21
 htaccess group authentication My Application has a tree structure with top 2 branches as A, B. The htaccess file also has 2 groups A,B. Now users under each group should only be able to see the children nodes inside its own group. Ex. say Group A has members-a1,a2 Group B has -b1,b2 now when the user a1 or a2 logs in they see data only inside Branch A. Similarly when user b1 or b2 logs in they see data only inside Branch B. Can I accomplish this using htaccess file. Any assistance would be greatly appreciated.
Aug 1, 2001, 21:39:17
 Re: How htaccess take effect Did you get a solution for your problem. I am facing a similar problem too. Let me know if you have a soln.
Aug 3, 2001, 11:29:32
 zope .htaccess is there any way to add Rewrite Rule in .htaccess
Aug 3, 2001, 13:22:48
 hiding directory index Hello, I just want to know how you best can hide a directory index. All visitors should be able to use the files, but they must not be able to view the directory index. How is this problem solved? Please send me an email with the answer. Thank you!
Aug 4, 2001, 11:39:21
 Re: htaccess No, you can put an entire nation in the htaccess file if you want to.
Aug 6, 2001, 11:47:25
 What meen FDN Can somebody tell me what this message meens? In the error_log (Apache/1.3.19,Unix,Suse 7.1): [Wed Aug 8 00:28:21 2001] [error] [client 212.212.212.100] thomas: not a valid FDN: /server-status
Aug 8, 2001, 14:24:48
 htaccess and IE Hi there, I have a problem with a site that is using htaccess authentication. Users who want to gain access to a part of the site and who are using Netscape are being challenged with userid and password like it should be. Users who are using IE 5.x are having problems. Some people don't get a challenge and are directly prompted with a http 401, others get a challenge but for some reason userid and password are not sent correctly, after 3 times they get this message: Authorization Required This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required Is there anyone who can help me solving this problem?? Best Regards, Gerwin
Aug 9, 2001, 08:00:44
Aug 9, 2001, 10:25:31
 How to manage acces Hi! Im having Apache on WinNT 5 with a NTFS filesystem. Is there a possibility to manage acces via NTFS? If not can anybody tell me what to do that Apache will ask for a username and password and how ill install that. Please explain it that newbies like me understand it too! Thanks a lot CU cfreak84
Aug 12, 2001, 14:07:56
 Storing Credit Card Information Safely Thanks for taking a moment to look at this: I'm currently building my first e-commerce web site and I'll be doing all of the PHP coding myself. I'd like shoppers to be able to store their information including shipping & billing address and credit card number(s), etc. Is there a way I can do this safely with .htaccess or .htpasswd files? Thanks for your help, Christopher
Aug 12, 2001, 21:04:41
 htaccess usage and implementation Hi everybody, I am a newbie in this field. I read a lot about using htaccess and things like htpasswd -c .htpasswd buddy I have a web site that runs on Apache server and I would like to make a password protected URL. I read some documents about that but I couldn't find out how to access or where to write and implement the commands like AuthGroupFile /dev/null AuthName My Secret Stuff AuthType Basic I know php, do I have to write those commands in a php file? AND can I use WS_FTP program to create the involved directories? I am so much confused!! Could anyone tell me Where and How to start? OR give me a URL that deals with that? Your cooperation is appreciated. Thank you.
Aug 13, 2001, 09:17:48
 Re: What meen FDN Hmm it seems i have the same error ... well everything works fine: the user/password prompt appears in the Browser (and even shows the AuthName as normal, so he reads the .htaccess!!) but then i dont get access and my error_log says about the same thing as yours .... here are my files : (hmm well the AllowOverride AuthConfig is set :),the file passwd was set up using htpasswd) located in my "privat" pages :))(which dont exist yet) .htaccess AuthName Privat AuthType Basic AuthUserFile /etc/httpd/passwd AuthGroupFile /dev/null Require user ??? located in /etc/httpd/ passwd ???:Password hope someone can help :))
Aug 13, 2001, 10:50:45
 Re: username/password appears twice You're probably accessing a directory without including the trailing slash and the host name in the URL you provide is different from what's configured in httpd.conf. So the redirect response from the server points to a 'different' host than your originally authenticated request and so you need to re-authenticate.
Aug 13, 2001, 20:33:45
 Re: How to create username/password? You need to modify the httpd.conf file of the Apache. Put lines like --- AuthName AuthType Basic AuthUserFile require valid-user and then use the following Apache command to create username/password lines in the password file as mentioned above in the httpd.conf file. Linux and Open Source Hurrrrrrrrah !!!!!!!!!! Bye Rakesh Raina
Aug 14, 2001, 07:34:00
 .htaccess config Hi, I need to know how the .htacctss file is written, what is the option to validate to all subfolders. I tried to set this format AllowOverride None Options None On the Apache server config file but it denied the access to all. Any clue or hint ? Thanks,
Aug 14, 2001, 23:29:33
 how to shut down apache How do you shut down apache server? What command is needed?
Aug 15, 2001, 16:51:26
 Is it possible to define relative paths in .htaccess? Hi, I want to define my include path for my entire www directory to a directory outside (eg ../inc). Apache is running on Linux. Can I use relative paths (ie ../inc) or do I have to define the whole path, eg: include_path='./:/usr/local/lib/php' (this came up in an error message when an include file was missing). I keep getting an internal server error/misconfiguration. Can anyone help on this one? Thanks, Zubin
Aug 18, 2001, 22:58:43
 Re: how to shut down apache > How do you shut down apache server? What command is needed? net stop apache net start apache
Aug 19, 2001, 16:25:27
Aug 20, 2001, 20:59:24
 htaccess and User Name Is there anyway to get the User Name box in the auth window to be pre-populated? Basically I just want the user to fill out the password not both user/pass.
Aug 20, 2001, 22:11:20
 let us know about FDN Please send a message here if anyone finds an answer what that "not a valid FDN" means in error log file. I'm working on this problem for quite a while, checking whatever is possible, but my .htaccess still doesn't work. Everything seems to be set up properly, "AllowOverride All" in httpd.conf file as well as .htaccess file itself, which worked fine on older server. It only stopped working after I upgraded to SuSe 7.2 with Apache 1.3.19. I heard more people have exactly the same problem with the same combination of Linux and Apache. Although I didn't see anyone offering a solution so far. Please write to this forum or send me an e-mail if you find out something.
Aug 21, 2001, 14:50:00
 htaccess and SSI Hi all, I am having problem with .htaccess and SSI. I read that to turn on SSI you need to add XBitHack to your .htaccess. Well, I did that, but the server does not see anything. Still I am not able to see mi SSI files. I read all about how set up the httpd.conf, so on and so for, but not success. Any help will be apreciated. Thanks in avanced, Alex
Aug 23, 2001, 02:13:23
 Deny,alow: allowing one-and-only-one IP to access Hi, In httpd.conf, how to limit access to locations so that it allow one and only one IP to access it? Is it like this? Order deny,allow Deny from all Allow from 123.123.123.201 Thanks, Kenny.
Aug 24, 2001, 08:58:55
 internal server error despite correct directive? No matter what I tried, I kept getting an internal server error. But I think that the directive in my .htaccess-file is right and complete. Are there other mistakes that can cause this error? My .htaccess-file: ------------------ AuthName Support AuthType Basic AuthUserFile /home/sites/www.mysite.de/web/mysite/AktuellerOrdner/Support/bereich/.htpasswd require valid-user ------------------ btw, when ftp-ing I'm using ASCII-mode. That's not my mistake. So what else?
Aug 28, 2001, 15:35:37
 how do you allow put method. i need to allow put method.current default config doesnt allow the put method.how do i change it.
Sep 12, 2001, 08:19:16
 Re: let us know about FDN I am also having the EXACT same problem as you have and I have been searching for days to find the answer to this one. Unfortunately I have been unable to find a solution. I am so disgusted that I have backed up all of my files and will be going back to SuSE 7.1 as soon as I finish posting this message. I will still be looking for the solution however and you can be sure that I will post is here if I find it.
Sep 14, 2001, 10:04:10
 Re: Re: let us know about FDN http://sdb.suse.de/en/sdb/html/htaccess72.html
Sep 17, 2001, 17:50:09
 Unprotected sub folder I have my entire doc folder protected by an .htaccess file. I want to make a sub-directory open to everyone, but I can't get it to work. It takes its preferences from the root folder and rewuires a password. ANy ideas? ta
Sep 20, 2001, 12:12:32
Sep 24, 2001, 20:58:53
 http.config Questions. Hi, Can anyone please tell me how to set up the username and password for certain files only? Not the directory!! I have a file called admin.html inside test directory....(ie. C:\program\apache\test\admin.thml). I want user to be able to go to test directory, but cannot access admin.html. When they click on admin.html, it should pop up a window to ask for password. Please tell me what I should do in http.config file. I have no problem with .htaccess and .htpasswd!! Thanks. I hope to hear from you guys.
Sep 25, 2001, 04:00:53
Sep 26, 2001, 17:55:34
 After entering the password there are problems After I enter the user and password in the password box, another password box appears while Apache server seems to be attempting to authenticate. It seems that the .htpasswd might never be found. Any suggestions?
Oct 3, 2001, 03:26:58
 Command parameters for .pfr I am intersted in creating a web site which invvolves high volume of non-English text. In my case the langiage is Kannada. To save the visitors from downloading requirred fonts to view pages in the language it is intended at I created .pfr files (Dynamic fonts with webfont wizard: http://www.bitstream.com) Now, I have to create a command parameter for Add type command parameters for application/fot-tdpfr for exrtension .pfr. How do I do it is the problem. considering my novice position any guidance/relevent step by step details will be appreciated.
Oct 3, 2001, 17:47:35
 with .htaccess can't access dir's I installed apache 1.3.20, and it works great. I followed the instructions on http://www.sakuralover.com/raq3/upgrade_raq3.htm I only have a problem that my .htaccess files aren't working anymore. I can't access directories with an .htaccess file. I don't even get a popup asking for the passwords, only a page not found error page. I only get a "The page cannot be displayed" error. With apache 1.3.6 all was working fine My AllowOverride is set to all in the access.conf and the .htaccess files aren't changed. Maybe someone can help, thanks Alexander
Oct 3, 2001, 23:43:57
 hiding directory index Hello, I just want to know how you best can hide a directory index. All visitors should be able to use the files, but they must not be able to view the directory index. How is this problem solved? Please send me an email with the answer. Thank you!
Oct 5, 2001, 12:56:43
 nullify the effects in subdirectories hi, how to nullify the effects of an htaccess file in subdirectories ?
Oct 19, 2001, 16:51:34
 htaccess uses the main system password file This is an example of my .htaccess file AuthUserFile /home/sites/.htpasswd Authname DirectoryName Authtype Basic require user roman I created the /home/sites/.htpasswd file using htpasswd. The file is at that location, and has read permissions. The problem is that it does not seem to bother reading that file and takes its passwords from the main system password file. So the user roman exists in the above htpasswd file and also as a user on the system, htaccess just checks against the main system password. NB. If the user does not exist as a system user, then they are still unable to gain access, even if they have a password in the above file.
Oct 24, 2001, 10:55:21
 htaccess restricting image file access except from my web pages Does anyone have a solution for the language to include in an .htaccess file that will prohibit images from being served up to any web pages other than the web pages that exist in my web site? I'm attempting to keep others from posting links to my images and poaching my bandwidth, which I am charged dearly for. My web site is http://www.artminds.com Cheers, Art Minds art@artminds.com
Oct 27, 2001, 20:34:09
Nov 2, 2001, 20:42:01
 Redirecting SUBdomains Hi @ll! My provider told me that I can use a .htaccess file to redirect from i.e. http://subdomain.mydomain.com to a sub-folder which is for example http://www.mydomain.com/subdomain. How do I do this? I don't think it'll work with the redirect command. So, what do I have to do? Bye Max Senft
Nov 11, 2001, 09:38:35
 exact url-redirection i am searching a solution for following problem: if somebody gets error 40x on "www.domain_1.com/exact.html" he should be redirected to "www.domain_2.com/exact.html". is this possible to realize with .htaccess?
Nov 11, 2001, 11:03:36
 Re: htaccess restricting image file access except from my web pages Put the following htaccess file in your images directory : RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://yourdomain.com.* [NC] RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com.* [NC] RewriteCond %{HTTP_REFERER} !^http://yourdomainip.* [NC] RewriteCond %{HTTP_REFERER} !^http://yourdomain.comip:80.* [NC] RewriteRule /* http://www.domain.com/redirectpage.html [R,L]
Nov 14, 2001, 15:02:17
 Redirecting after # of page views Is there a way to redirect a surfer to another domain after a preset number of page views on my server? For example if I have 1000 page hits to my server....click 1001 would load a page from another url. Thanks.
Nov 23, 2001, 17:23:50
 How to get the username once authenicated? eg. once authenicated thru htaccess, how can i display the username on the index.html??? ie. how do i pass the username to html pages?
Jan 2, 2002, 03:40:24
 htaccess ------------------------------------------- AuthType Basic AuthName "Protected Directory" AuthUserFile /my-url/test/.htpasswd Require user someguy ------------------------------------------- i added this in a .htaccess and put it in the folder test on my website then i created .htpasswd and put it in the test directory too and i still get that the Error page. Plz reply by email too , thnx
Jan 4, 2002, 17:19:11
 ssl+apache+tomcat Hi, Actually,i'm developing a system that incorporates apache+ssl+tomcat. Basically,i managed to developed have of the project wih apache and tomcat.Unfortunately,i encounter some problem when it comes to getting ssl+apache+tomcat under win98. Do u have any experience in getting ssl work together with apache+tomcat? Thanks in advance.
Jan 6, 2002, 05:44:48
 custom login popup skin Don't think this is possible but, thought I'd ask... Any way to change the look of the login popup dialog skin and add more messages to the user and stuff? Thanks, Dan
Jan 9, 2002, 00:24:21
 log username + password submitted I have a member's only section on my website that I have restricted access to with .htaccess. Is there anyway to have it log the usernames & passwords people are submitting? I would prefer it to email me this information, but a logfile would be fine. Thanks! Algernon
Jan 14, 2002, 18:04:15
Jan 20, 2002, 14:00:33
 Redirecting a domain to a page I have two domains: www.one.com and www.two.com (for example). www.two.com has the same DNS as www.one.com I want to redirect everyone that goes to www.two.com to www.one.com/test/sample.htm I have also tried using http.conf but do not know what is going on with it...
Jan 20, 2002, 22:00:04
 .htaccess file problem k, this is my configuration for .htaccess file satisfy all AuthUserFile d:/secure/.htpasswd AuthGroupFile null AuthName "Only For Me" AuthType Basic require test I'm running Apache under winXP, and when I try accessing my homepage on my server, it asks me for the username/password like it should. But when I enter them, it doesn't let me through. After 3 time it gives me the Authorization Required page. I have no idea what I'm doing wrong, so if anyone does, please help me.. Thanks Mike
Jan 24, 2002, 13:44:34
 Sample .htaccess Can you hel me, where can I fine a sample of .htaccess? thanks, Jolas
Jan 25, 2002, 03:53:36
 Number of Login Attempts Action Is there some way to, say, run a script if you have a certain number of incorrect login attempts? It feels like there *should* be a way to do this... What I want to do is set it up so that if you have 5 incorrect login attempts from the same machine in a row, to send an email. Thanks, -rosie
Jan 27, 2002, 21:21:43
 Re: Sample .htaccess AuthUserFile /usr/local/www/data/somedirectory/restricted/.htpasswd AuthType Basic AuthName whoever require valid-user
Jan 31, 2002, 09:04:29
 deny hotlinking generator If anyone wants to stop illegal linking of their images, try http://www.htmlbasix.com/disablehotlinking.shtml It makes the code for you.
Feb 3, 2002, 06:51:45
 Directory listing How can we allow users to get a listing of a certain directory? Thanks. ======
Feb 3, 2002, 14:01:36