Your Daily Source for Apache News and Information  
Breaking News Preferences Contribute Triggers Link Us Search About
Apache Today [Your Apache News Source] To internet.com

Apache HTTPD Links
Apache Module Registry
Apache Project
The Apache FAQ
The Apache Software Foundation
Apache XML Project
The Jakarta Project
The Java Apache Project
PHP Server Side Scripting
Apache-Perl Integration Project
Apache-Related Projects
ApacheCon
The Linux Channel at internet.com
Just Linux
BSD Today
All Linux Devices
Linux Today
Linux Apps
Linuxnewbie.org
Enterprise Linux Today
BSD Central
Apache Today
PHPBuilder
Linux Start
Linux Planet
Linux Programming
Linux Central
SITE DESCRIPTIONS
Using .htaccess Files with Apache
Jul 19, 2000, 16 :07 UTC (242 Talkback[s]) (132496 reads) (Other stories by Ken Coar)

By
Copyright © 2000 by Ken Coar. All rights reserved. Limited rights granted to Internet.Com.

One of the most common needs Webmasters have is to cause the Web server to handle all the documents in a particular directory, or tree of directories, in the same way -- such as requiring a password before granting access to any file in the directory, or allowing (or disallowing) directory listings. However, this need often extends to more than just the Webmaster; consider students on a departmental Web server at a university, or individual customers of an ISP, or clients of a Web-hosting company. This article describes how the Webmaster can extend permission to tailor Apache's behaviour to users, allowing them to have some control over how it handles their own sub-areas of its total Web-space.

This article shows how you can use per-directory configuration files, called .htaccess files, to customise Apache behaviour -- or allow your users to do so for their own documents.

Per-Directory Settings

Apache's configuration system addresses the need to group documents by directory in a straightforward manner. To apply controls to a particular directory tree, for instance, you can use the <Directory> container directive in the server's configuration files:

    <Directory "C:/Program Files/Apache Group/Apache/htdocs">
        AllowOverride None
        Options None
    </Directory>
  

This has the advantage of keeping control in the Webmaster's hands; there's no need to worry about any of the server's users being able to change the settings, since the server configuration files are generally not modifiable by anyone except the admin. Unfortunately, it has the disadvantages of requiring a restart of Apache any time the config file is changed, and that it can become truly burdensome to add all the <Directory> containers that might be needed for all the users that have special requirements.

An alternative method for supplying the desired granularity of Apache configuration -- down to the directory level -- is to use special partial config files in each directory with special requirements.

So What's an .htaccess File?

An .htaccess file is simply a text file containing Apache directives. Those directives apply to the documents in the directory where the .htaccess file is located, and to all subdirectories under it as well. Other .htaccess files in subdirectories may change or nullify the effects of those in parent directories; see the section on merging for more information.

As text files, you can use whatever text editor you like to create or make changes to .htaccess files.

These files are called '.htaccess files' because that's what they're typically named. This naming scheme has its roots in the NCSA Web server and the Unix file system; files whose names begin with a dot are often considered to be 'hidden' and aren't displayed in a normal directory listing. The NCSA developers chose the name '.htaccess' so that a control file in a directory would have a fairly reasonable name ('ht' for 'hypertext') and not clutter up directory listings. Plus, there's a long history of Unix utilities storing their preferences information in such 'hidden' files.

The name '.htaccess' isn't universally acceptable, though. Sometimes it can quite difficult to persuade a system to let you create or edit a file with such a name. For this reason, you can change the name that Apache will use when looking for these per-directory config files by using the AccessFileName directive in your server's httpd.conf file. For instance,

    AccessFileName ht.acl
  

will cause Apache to look for files named ht.acl instead of .htaccess. They'll be treated the same way, though, and they're still called '.htaccess files' for convenience.

Locating and Merging .htaccess Files

When Apache determines that a requested resource actually represents a file on the disk, it starts a process called the 'directory walk.' This involves checking through its internal list of <Directory> containers to find those that apply, and possibly searching the directories on the filesystem for .htaccess files.

Each time the directory walk finds a new set of directives that apply to the request, they are merged with the settings already accumulated. The result is a collection of settings that apply to the final document, culled from all of its ancestor directories and the server's config files.

When searching for .htaccess files, Apache starts at the top of the filesystem. (On Windows, that usually means 'C:\'; otherwise, the root directory '/'.) It then walks down the directories to the one containing the final document, processing and merging any .htaccess files it finds that the config files say should be processed. (See the section on overrides for more information on how the server determines whether an .htaccess file should be processed or not.)

This can be an intensive process. Consider a request for <URI:http://your.host.com/foo/bar/gritch/x.html> which resolves to the file

    C:\Program Files\Apache Group\Apache\htdocs\foo\bar\gritch\x.html
  

Unless instructed otherwise, Apache is going to look for each of the following .htaccess files, and process any it finds:

  1. C:\.htaccess
  2. C:\Program Files\.htaccess
  3. C:\Program Files\Apache Group\.htaccess
  4. C:\Program Files\Apache Group\Apache\.htaccess
  5. C:\Program Files\Apache Group\Apache\htdocs\.htaccess
  6. C:\Program Files\Apache Group\Apache\htdocs\foo\.htaccess
  7. C:\Program Files\Apache Group\Apache\htdocs\foo\bar\.htaccess
  8. C:\Program Files\Apache Group\Apache\htdocs\foo\bar\gritch\.htaccess

That's a lot of work just to return a single file! And the server will repeat this process each and every time the file is requested. See the overrides section for a way to reduce this overhead with the AllowOverride None directive.

Because .htaccess files are evaluated for each request, you don't need to reload the Apache server whenever you make a change. This makes them particularly well suited for environments with multiple groups or individuals sharing a single Web server system; if the Webmaster allows, they can exercide control over their own areas without nagging the Webmaster to reload Apache with each change. Also, if there's a syntax error in an .htaccess file, it only affects a portion of the server's Web space, rather than keeping the server from running at all (which is what would happen if the error was in the server-wide config files).

Directives that Work in .htaccess Files

Not all directives will work in .htaccess files; for example, it makes no sense to allow a ServerName directive to appear in one, since the server is already running and knows its name -- and cannot change it -- by the time a request would cause the .htaccess file to be read. Other directives aren't allowed because they deal with features that are server-wide, or perhaps are too sensitive.

However, most directives are allowed in .htaccess files. If you're not sure, take a look at the directive's documentation. Figure 1 is a sample extracted from the Apache documentation. You can see where the text says 'Context' that .htaccess is listed; that means this directive can be used in the per-directory config files.

The SetEnvIf Directive

Syntax: SetEnvIf attribute regex envar[=value] [...]
Default: none
Context: server config, virtual host, directory, .htaccess
Override: FileInfo
Status: Base
Module: mod_setenvif
Compatibility: Apache 1.3 and above; the Request_Protocol keyword and environment-variable matching are only available with 1.3.7 and later; use in .htaccess files only supported with 1.3.13 and later

Figure 1: Directive Documentation

Note, however, that there's more information on the Compatibility line; it says that this directive can only be used in .htaccess files if you're running Apache version 1.3.13 or later.

If you try to include a directive in an .htaccess file that isn't permitted there, any requests for documents under that directory will result in a '500 Server Error' error page and a message in the server's error log.

If your .htaccess file contains directives that aren't covered by the current set of override categories, they won't cause an error -- the server will just ignore them. So your file can contain directives in any -- or all -- of the categories, and only those in the categories listed in the AllowOverride list will be processed. All of the others will be checked for syntax, but otherwise not interpreted.

Overrides: Limiting Which Directives Will Be Processed

Apache directives fall into seven different categories, and all can appear in the server-wide config files. Only five of the categories can be used in .htaccess files, though, and in order for Apache to accept a directive in a per-directory file, the settings for the directory must permit the directive's category to be overridden.

The five categories of directives are:

AuthConfig
This category is intended to be used to control directives that have to do with Web page security, such as the AuthName, Satisfy, and Require directives. This is the most common category to allow to be overridden, as it allows users to protect their own documents.
FileInfo
Directives that control how files are processed are
Indexes
Directives that affect file listings should be in this category. It includes IndexOptions, AddDescription, and DirectoryIndex, for example.
Limit
This category is similar to the AuthConfig one in that the directives it covers are typically related to security. However, they usually involve involuntary controls, such as controlling access by IP address. Directive in this category include Order, Allow, and Deny.
Options
The Options category is intended for directives that support miscellaneous options, such as ContentDigest, XBitHack, and Options itself.

A special directive, which is usable only in the server-wide configuration files, dictates which categories may be overridden in any particular directory tree. The AllowOverride directive accepts two special keywords in addition to the category names listed above:

All
This is a shorthand way of listing all of the categories; the two statements below are equivalent:
    AllowOverride AuthConfig FileInfo Indexes Limits Options
    AllowOverride All
    
None
This keyword totally disables the processing of .htaccess files for the specified directory and its descendants (unless another AllowOverride directive for a subdirectory is defined in the server config files). 'Disabled' means that Apache won't even look for .htaccess files, much less process them. This can result in a performance savings, and is why the default httpd.conf file includes such a directive for the top-level system directory. .htaccess processing is disabled for all directories by default by that directive, and is only selectively enabled for those trees where it makes sense.

As shown above, the AllowOverride directive takes a whitespace-separated list of category names as its argument.

Be Aware of What You're Granting

By allowing the use of .htaccess files in user (or customer or client) directories, you're essentially extending a bit of your Webmaster privileges to anyone who can edit those files. So if you choose to do this, you should consider occasionally performing an audit to make sure the files are appropriately protected -- and, if you're really ambitious, that they contain only settings of which you approve.

Because of the very coarse granularity of the possible override categories, it's quite possible that by granting a user the aility to override one set of directives you're inadvertently delegating more power than you anticipate. For instance, you might want to include a "AllowOverride FileInfo" directive for user directories so that individuals can use the AddType directive to label documents with MIME types that aren't in the server-wide list -- but were you aware when you did this that you were also giving them access to the Alias, Header, Action, and Rewrite* directives as well? Directives are associated with override categories on a per-module basis, so tracking down what's permitted by allowing a particular category of override can be a tedious process.

The ultimate answer to what directives are in which categories is the source code. If you really want to know, examine the source for the following strings:

String Corresponding AllowOverride Keyword
OR_AUTHCFG AllowOverride AuthConfig
OR_FILEINFO AllowOverride FileInfo
OR_INDEXES AllowOverride Indexes
OR_LIMIT AllowOverride Limit
OR_OPTIONS AllowOverride Options

(See the previous section for a description of what the different override categories mean.)

As you can see, with the exception of the AuthConfig/AUTHCFG keywords, the source keywords are identical to the directive keywords. This is convenient!

Putting It All Together

Before enabling .htaccess files, consider the advantages and disadvanteges. On servers I run myself, with no users, I tend to use .htaccess files for testing and debugging, and when I have a configuration I like, I move the directives into a <Directory> container in the httpd.conf file and delete the .htaccess file. For this reason, I have overrides enabled just about everywhere. This allows me to balance the convenience of .htaccess files against their performance impact.

On some of my servers I have some user accounts for people I know and trust, and in those environments I'm more cautious and don't allow all overrides globally. I do tend to allow whatever overrides my friends need for their own directories, though.

And in some cases I have real 'user' accounts, for people I do not know as well -- and on those servers AllowOverride None is the rule. I occasionally allow .htaccess files in their private directories, but I carefully audit the possible effects before granting an override category.

The two main disadvantages to using .htaccess are the performance impact and the extending of control access to others. The first is somewhat manageable through the judicious use of the AllowOverride directive, and the latter is a matter of establishing trust -- and performing risk assessment. What mix works best in your environment is something you'll need to determine for yourself.

Troubleshooting

Here are some of the most common problems I've seen people have (or have had myself) with .htaccess files. One thing I should stress first, though: the server error log is your friend. You should always consult the error log when things don't seem to be functioning correctly. If it doesn't say anything about your problem, try boosting the message detail by changing your LogLevel directive to debug. (Or adding a LogLevel debug line of you don't have a LogLevel already).

'Internal Server Error' page is displayed when a document is requested
This indicates a problem with your configuration. Check the Apache error log file for a more detailed explanation of what went wrong. You probably have used a directive that isn't allowed in .htaccess files, or have a directive with incorrect syntax.
.htaccess file doesn't seem to change anything
It's possible that the directory is within the scope of an AllowOverride None directive. Try putting a line of gibberish in the .htaccess file and force a reload of the page. If you still get the same page instead of an 'Internal Server Error' display, then this is probably the cause of the problem. Another slight possibility is that the document you're requesting isn't actually controlled by the .htaccess file you're editing; this can sometimes happen if you're accessing a document with a common name, such as index.html. If there's any chance of this, try changing the actual document and requesting it again to make sure you can see the change. this isn't happening.
I've added some security directives to my .htaccess file, but I'm not getting challenged for a username and password
The most common cause of this is having the .htaccess directives within the scope of a Satisfy Any directive. Explicitly disable this by adding a Satisfy All to the .htaccess file, and try again.

Going Further

Once you've got your Apache Web server up and running, the first hurdle has been surmounted. Now you can move on to exploring its capabilities and features. Here are some pointers to resources for further investigation:

  • The main Apache Web site, of course: <URL:http://www.apache.org/>
  • The documentation for Apache and its modules: <URL:http://www.apache.org/docs/>
  • The canonical email response page: <URL:http://www.apache.org/foundation/preFAQ.html>
    (This page is normally used to respond to email requests for support, but there are lots of good resources listed on it.)

Conclusion

Apache provides two main ways of controlling its behaviour on a per-directory level: <Directory> containers in the server-wide configuration files, and .htaccess files in each directory where they're needed. Each method has its advantages and its disadvantages; you, as the Webmaster, need to balance these against each other to decide what mix of the techniques is best for your environment.

If you do decide to permit the use of .htaccess files, be sure to limit them to appropriate areas and improve your performance by using AllowOverride None elsewhere. This will save unnecessary disk activity.


Got a Topic You Want Covered?

If you have a particular Apache-related topic that you'd like covered in a future article in this column, please let me know; drop me an email at <>. I do read and answer my email, usually within a few hours (although a few days may pass if I'm travelling or my mail volume is 'way up). If I don't respond within what seems to be a reasonable amount of time, feel free to ping me again.

About the Author

Ken Coar is a member of the Apache Group and a director and vice president of the Apache Software Foundation. He is also a core member of the Jikes open-source Java compiler project, a contributor to the PHP project, the author of Apache Server for Dummies, a lead author of Apache Server Unleashed, and is currently working with Ryan Bloom on a book for Addison-Wesley tentatively entitled Apache Module Development in C. He can be reached via email at <>.

  Current Newswire:
Apache 2.0.32 beta is available

Everything Solaris: Apache: The Basics

Apache Jakarta James Mailserver v2.0a2 Released

PostgreSQL v7.2 Final Release

Daemon News: Multiple webservers behind one IP address

Zend Technologies launches Zend Studio 2.0

NuSphere first to enable development of PHP web services

Covalent Technologies raises $18 million in venture capital

Apache 1.3.23 released

wdvl: Build Your Own Database Driven Website Using PHP and MySQL: Part 4

 Talkback(s) Name  Date
  basic tutorial I wrote
For any who are interested, I wrote a low-level tutorial a few years ago about this. Just a supplement to this fine article above:

http://www.openup.com/justin/authentication/   
  Jul 19, 2000, 23:44:25
   Re: basic tutorial I wrote
this is a dead link   
  Jan 20, 2002, 14:00:33
  How htaccess take effect
Hi,
I had just made a htaccess file in certain directory. But that would change anything at all. In the browser, I still can view restricted web page (in that directory) without being asked passwd and username. I had read through you Using .htaccess Files with Apache. But I can not get a clue. The thing is that I need to restart the web server then the htaccess can take effect ? I had tried but unsucessful. In httpd.conf, the AccessFileFileName .htaccess. So everything look fine. Is that I need to run httpd command ? But unfortunately that's not case. That doesn't work.I can list my .htaccess file : AuthName "restricted stuff" AuthType Basic AuthUserFile /home/users require valid-user . Can you tell me what go wrong ? By the way, is that htaccess file need something to take effect ? For example, run some command.I use htpasswd to edit username and password. I mean how Apache server read directives in htaccess file. Need I run some command to push Apache to recognized it ?Many thanks.   
  Aug 21, 2000, 11:39:00
  Unable to get popup window for user authorization
Hi,

I have made the following entries in my httpd.conf file for protecting all files under c.


Satisfy All
AllowOverride All


(Please note that I have placed it both under tag and outside of it too)

I have the following entries in my .htaccess file placed in /a1/b2/c3

AuthAuthoritative Off
AuthUserFile /a1/b2/.htpasswd
AuthName "my window"
AuthType Basic
require user me
Satisfy All

If I place the .htaccess in /a1, a popup window asking for authorization appears and takes me thru on valid entry.

If I place the .htaccess in /a1/b2/c3, the popup window does not appear and not authorization takes place, showing all the files under a1/b2/c3/*.

Any ideas on what I may be doing wrong, the idea is I want to ask for userid-passwd before I allow access to files under path /a/b/c.

Your suggestions/help is appreciated.

Thanks,
Shanky.   
  Apr 2, 2001, 23:34:12
  htpasswd command not recognised on UNIX server running Apache 1.3.6
I'm trying like crazy to set up this htaccess authentication on Apache 1.3.6. However, if I do a 'which htpasswd' on the unix server I'm telnetting to I find no htpasswd references. Does anyone know if this version actually comes with this facility or how can I set it up in the directory I want to protect.

Also, I found the binary of the htpasswd program. Can I run this by typing htpasswd -c?

Thanks in advance!   
  Apr 3, 2001, 16:08:22
  AuthGroupFile, cannot authenticate using groups
My .htaccess was working fine until I tried to add the group file directive, AuthGroupFile. I created the AuthGroupFile, and it looks like this:

sa:username1,username2

When I try to login as either of these users, which are valid users, I get a 401 Authorization Required. My require looks like this:


require group sa


Anyone have any idea what I might be missing?

Thanks!   
  Apr 4, 2001, 17:14:47
   Re: AuthGroupFile, cannot authenticate using groups
Yes - Try to use

sa:username1 username2

instead of

sa:username1,username2

Does it work? - Rainer
  
  Apr 13, 2001, 14:25:19
  unable to obtain popup window for net.data macros
Hi,

I need to obtain a popup window for user authentication of /home/shanky/bid

The /home/shanky/bid directory contains net.data macros.

To access the same via an URL, I specify http://www.xyz.com/cgi-bin/db2www/bid/a1.d2w

In the usual way, I tried putting in a Directory entry for /home/shanky/bid.


Satisy All
AllowOverride All


I have the following entries in my .htaccess file placed in /home/shanky/bid

AuthUserFile /home/ysr/.htpasswd
AuthName \"my window\"
AuthType Basic
require user rash
Satisfy All

But I do not obtain any authentication popup.

One of the reasons I guess would be because, when I say http://www.xyz.com/cgi-bin/db2www/bid/a1.d2w, it is recognised as a net.data macro call, then resolved to the path of the macro as /home/shanky/bid by reading the db2www.ini file.
(www.buyusa.com/cgi-bin/db2www => /home/Shanky)

Hence with the /home/Shanky/bid resolution not being in the scope of the httpd.conf, the Directory entry for /home/Shanky/bid is not checked for.

Any ideas on a round-about way of obtaning a popup in this case.

Your suggestions/help is truly appreciated.

Thanks,
Shanky.   
  Apr 4, 2001, 21:45:25
  Changing page on failure of authentication
Can anyone tell me how I change the page someone is sent to if they enter the wrong password for my password protected areas (as controlled by .htaccess and .htpasswd files)?

Thanks,
m   
  Apr 5, 2001, 12:06:26
   Re: Changing page on failure of authentication
> Can anyone tell me how I change the page someone is sent to if they enter the wrong password for my password protected areas (as controlled by .htaccess and .htpasswd files)?
Thanks,
m


Try putting this at the end of your .htaccess file.

ErrorDocument 401 /Unauthorized.html
or
ErrorDocument 401 http://www.domain.com/Unauthorized.html

As long as the error document is on the same server it should work.


Marc :-)   
  Apr 14, 2001, 10:23:14
  Login dialog after password change
Hi,
I have set-up ".htaccess" to my website. I've also added a change password feature. It's done just by simple rewriting of the existing .htaccess file. The problem I have is that after this change password operation browser asks me for new login with new password. Is there any way how to make the browser not to popup this dialog?
Thanks for any help.

Martin   
  Apr 6, 2001, 11:16:11
  how to run htpasswd remotely
Hi,

I want to authenticate a particular dir using .htaccess..for this purpose i need to add 80 login and passwd to the .htpasswd file.....

i want to automate this work and give the work to users themselves...i.e the users provide their login and password...

The previous discussion on the board tells how to do this with htpasswd commmand...but here i don't have access to system prompt....

how do i go about it...any server side scripts (like php) can do it for me..if yes plz give details...

Thanks In Advance,
Vaibhav   
  Apr 8, 2001, 13:05:53
  force download pdf file
I haver several pdf-files on the server. When you click on the link, the plugin starts automatically. But I want that there is real download!
I've put in the htaccess:

AddType application/octet-stream .pdf

This works with Netscape 4.7, but it does not with IE 5.5 :-(

Any ideas how to make it work for IE?   
  Apr 8, 2001, 20:39:27
   Re: How htaccess take effect
Hi,

You should set the following insides the "httpd.conf" and restart the deamon.

AllowOverride All
  
  Nov 17, 2000, 07:00:15
   Re: How htaccess take effect
Did you get a solution for your problem. I am facing a similar problem too.
Let me know if you have a soln.
  
  Aug 3, 2001, 11:29:32
  Removing authentication in sub-directory
I force authentication at root directory via .htaccess file, but want to grant unlimited access for one of the sub-directory. Could any one point me to right direction?

Thanks in advance

Woojin   
  Apr 10, 2001, 14:35:03
   Re: Removing authentication in sub-directory
> I force authentication at root directory via .htaccess file, but want to grant unlimited access for one of the sub-directory. Could any one point me to right direction?
Thanks in advance
Woojin

I think you want to use "Require valid-user" in your .htaccess file. This will grant access to all users.

To restrict access to only a few users then use groups "Require group group-name [group-name] ..." and have those users in a .htgroups file.

http://httpd.apache.org/docs/mod/core.html#require

Marc :-)   
  Apr 14, 2001, 10:57:56
  .htaccess users account
hi there,

I have some question about .htaccess setting
I have no problem of having .htaccess working

but i am wondering, if I got 5 users - john, mary, peter, sam, jo
and i already set up .htpasswd
and my setting of .htaccess is:

AuthName 'Protected Directory'
AuthType Basic
AuthUserFile /somewhere/.htpasswd
Require user john mary peter sam jo

It is working without any problem
but is there any other method, so that every time when there is a new user, apart from adding a new entry to the .htpasswd, i no need to update each .htacess manually???
i mean is it compulsory that I have to set the line Requirer user (specify the user name)?
can the .htaccess look up from the name file automatically, instead of I need to type in the name (hardcode) manually?

best RGDs

sonic   
  Apr 11, 2001, 02:24:32
   Re: .htaccess users account
Instead of "Require user john mary peter sam jo" you can have "Require valid-user", this will grant access to all the usernames in the .htpasswd file which is then the only file you need to modify when new users get added.

Now i'm not sure on this, but you could try just having the one .htpasswd file and changing the "UserFile /somewhere/.htpasswd" (you don't use AuthUserFile, that just a spelling error?) in each .htaccess file to point to it. If not then it'll just be a case of editing one .htpasswd file and uploading it to all the necessary folders.

To only grant some users access to certain folder then you could start using groups (.htgroup)"AuthGroupFile /somewhere/.htgroup", "Require group group-name"

http://httpd.apache.org/docs/mod/core.html#require

Marc :-)   
  Apr 14, 2001, 11:39:04
  what happen if password expired from htaccess?
Hi all,

as i got sql server at hoe, i think it is more managable to put all the user and user password inside sql server instead of just put them inside the .htpasswd
what i need to do if i want to ask htaccess to call my perl program abc, with abc retrieve the user namd ane password enetered from the auth dialouge and make comparison and return some code .... (My idea) can I do something like this???

sonic   
  Apr 11, 2001, 07:27:07
  perl to un-authenticate?
Hi!

I'm using the apache basic authentication scheme to log in to my web site.
I want to un-authenticate a user that has logged out of my site and force the user to give his userID and password again if he wants to log back in. I want to write a perl script that un-authenticates a user once it logs out of the web pages. How do I do that? Please help!

Emma   
  Apr 11, 2001, 08:08:48
  Help! How to create Crypt passwords without telnet access
Hello everyone,

is there a way to produce reliable UNIX crypted passwords that run on
Apache/1.3.3 Cobalt (UNIX), when my provider doesn't provide me with telnet access?

And: Is it important to use the same "salt" by producing, or would the server mentioned above accept all UNIX crypted passwords regardless of the salt?

I ask this, because - of course - my combination of .htaccess and .htpasswd does not work either and makes me go crazy. It looks like this:

[.htaccess]:

AuthType Basic
AuthUserFile /full/path/from/root/plus/secure/dir/access/.htpasswd
AuthGroupFile /full/path/from/root/plus/secure/dir/access/.htgroups
AuthName "internal"
Require group sws

[.htgroups]:

sws:user1 user2 userx

I always get denied when I try to log in as a user with a password that I generated via http://www.teamone.de/cgi-local/cryptform.pl?PASSWORD=anyword and via http://www.hof-berlin.de/crypt.php3 .

Are there special details one has to be aware of, eg. no return or space after
user1:dSSKMHKq/XMtF in the file .htpasswd?

Can you help me?
Thanx in advance - Rainer
  
  Apr 13, 2001, 15:06:13
   Re: Help! How to create Crypt passwords without telnet access
Hi Rainer :-)

What you could do is strip everything down and try with the bare minimum to see if that works.

This is the order that i have mine, bearing in mind that i don't use groups.

[.htaccess]
AuthUserFile /full/path/from/root/plus/secure/dir/access/.htpasswd
AuthName "Please Log In"
AuthType Basic
Require valid-user

[.htpasswd]
username:password
username:password
username:password
etc...

Remember that the username and password are case sensitive. "TheCoolDude" and thecooldude" are treated different under Unix/Linux.

Try these two password generators...
http://www.earthlink.net/cgi-bin/pwgenerator.pl
http://206.250.94.20/cgi/pwgenerator.pl

If all that works then you can build it back up again using groups. Then if it all works correctly, you could maybe write an online tutorial for your ISPs other users ;-)

Marc :-)   
  Apr 14, 2001, 10:04:02
   Re: Help! How to create Crypt passwords without telnet access
this is what i did several times. i worked out, that a pop up window opens and asks for a password, but it wont accept any password. each time i encrypt the same password by free pwgenerators a different one is shown. where is the error?   
  May 1, 2001, 15:08:45
  username/password appears twice

I have configure .htaccess for a directory and the window asking me for user/pass appears twice.

Why?

Thanks in advance   
  Oct 25, 2000, 18:27:44
  Redirecting denied users to another page
I want to redirect a blocked user from my site to another .html file in the same directory as the .htaccess file. Is this possible? If so, how do I do it? thanks.   
  Apr 16, 2001, 19:47:49
   Re: username/password appears twice
>
I have configure .htaccess for a directory and the window asking me for user/pass appears twice.
Why?
Thanks in advance

Hi,
I had the same problem, and all is back right when I had insert a '/' caracter at the end of the path name.

Example:
if my directory is: "/web/users"
the right path is: "/web/users/" plus the '/'

I think there is a problem with the error returned by the server.

PS Sorry for my bad english.

Mario.   
  Nov 3, 2000, 07:16:19
   Re: username/password appears twice
Try changing the url to http://domain.com instead of http://www.domain.com

I had the same problem.

Good Luck!   
  Jan 5, 2001, 05:50:15
   Re: username/password appears twice
by turning UseCanonicalName in httpd.conf to Off i solved my problem...
  
  Jun 20, 2001, 20:00:23
   Re: username/password appears twice
You're probably accessing a directory without including the trailing slash and the host name in the URL you provide is different from what's configured in httpd.conf. So the redirect response from the server points to a 'different' host than your originally authenticated request and so you need to re-authenticate.   
  Aug 13, 2001, 20:33:45
  Difficult redirect to an error page
hallo,

I have a problem with redirecting a client to an error page. I use htaccess files with the ErrorDocument directive. If a client asks for access of a protected page, he or she is redirected to an special error page, if an false
password or/and username is given. but bevor this happens, the client ask at least for three times for a new username and password. I want that after the first attempt with a false username and/or password the client is redirected directly to the error page without any prompting for a username and password. is their any possibility solve this problem?

thank you for any suggestions.

:-) peter werner   
  Apr 18, 2001, 15:14:55
  Auth Prompts on CGI POST??
How can I make my .htaccess so that it only asks for my password once and then saves it for my session?
Right now it prompts me everytime I submit a post.   
  Apr 19, 2001, 15:35:20
  Win32 .htaccess auth failed
I'm running Apache 1.3.14 Win32.
I'm trying to setup .htaccess files folder in my html dir.
Here is the problem my system uses the .htaccess files but
it won't let any user in.

Can any one help me?

and if you can, what is Wrong?   
  Apr 23, 2001, 04:30:51
   Re: Win32 .htaccess auth failed
post you htaccess file. may be i can throw light on it. I have sucessfully done on Nt   
  Jun 8, 2001, 12:51:50
   Re: Re: Win32 .htaccess auth failed
Hello Vikrant,

I was browsing the FAQ's on APache site and there was a question about setting up .htaccess file on WIN 32 machine and you seem to have figured out how to do that.

I am having a similar problem - I am using Apache 1.3.19 on Windows 2000 and my .htaccess file goes like this :

--------------------------------------------------
AuthUserFile C:/Apache Group/Apache/realdocs/.htpasswd
AuthName "MyCompanyWebPassword"
AuthType Basic

require user myusername

-----------------------------------------

I have all my html documents in the realdocs directory and I am trying to protect a directory named images under realdocs directory and so I have my .htaccess file in that directory...

After I have done all this and restarted the web server, Apache never throws a pop up to authenticate the directory I would like to protect.

Could you please help me with this ???

Thanks,
Prashanth
  
  Jun 27, 2001, 14:08:25
  htaccess directives
Is there a consolidated listing of the directives allowed in htaccess that I can find somehwere that includes their usage and syntax. I really don't want to spend a day going through the entire Apache documentation. Thanks   
  Apr 23, 2001, 22:54:51
  Problem defining where my .htpasswd file is
Hi,
I have a very basic .htaccess file in the directory I want to protect.
It's in /html/admin/
Having problems using AuthUserFile
If I log in on my account with a FTP client and enter the directory the path looks like this:
/var/www/clipart.to/html/admin
so I'm trying doing it like this
AuthUserFile /var/www/clipart.to/html/admin/.htpasswd
I've used the htpasswd - c .htpasswd command to create a password file. Unfortunatly I only get the authorization require (ie wrong password) everytime I try to log in. Please herlp me.
Thanks, Johan.   
  Apr 25, 2001, 08:17:51
  .htaccess log username
I am using .htaccess for user authentication. How can i keep a log of users accessing my site?thanks.please email me at spparikh@email.unc.edu .   
  Apr 27, 2001, 04:42:57
  internal server error
Hi im trying to restrict access to a few of my web pages but when i make a htaccess file it just gives me an internal server error. i have tryed everything it seems like if you have any ideas PLEASE email me at mbisme@kscable.com thanks.   
  Apr 27, 2001, 20:38:45
  How to ban users and show them a certain page letting them know.
Hello,

I currently want to setup a htaccess to allow all but block certain ip
addies if they are to visit. If they do visit I don't want a popup box
but instead they are redirected to a page explaining that they are banned.

Any idea's if htaccess can accomplish this?
I understand how to use htaccess but not in this way.

Replying by email is welcome.

- zenomorph
  
  Apr 28, 2001, 02:09:06
   Re: How to ban users and show them a certain page letting them know.
I too have been trying to do the same. The following link has a brief section explaining how to allow/block IPs : http://mirage.golden.net/htaccess.html   
  Apr 30, 2001, 15:42:58
  you don't have permission to access page
Now that I pulled all the hair out of my head, I hope someone can assist. I've built a root directory and all the subdirectory html files serve my main html page in root dir. When I bring up the main page I receive a message "access denied to my subdirectories". What needs to be set in the httpd.conf file to allow access to the subdirectories. I tried creating .htaccess files but so far have had no luck. Thanks for any assistance.   
  Oct 26, 2000, 20:32:37
  Passwortschutz im Klartext?
Mal auf deutsch und zusammengefasst:

Bekannt ist den meisten ja folgendes:
- Syntax der .htpasswd
- Syntax der .htaccess
- Ordnerstruktor, d.h. wo die Dateien liegen müssen/dürfen

Aber...
- Wie werden die Passwörter erstellt, wenn man keinen direkten Zugang zur Kommandozeile hat, sprich die Seite Fernadministriert. Nutzt man freie Passwortgeneratoren, kommen ganz verschiedene Passwörter raus die nicht auf der Seite funktionieren. (http://www.cache-22.co.uk/cgi-local/c22encrypt.pl oder http://www.linux-profis.de/php3/crypt.php3)

- Kann man nicht mit entsprechenden Zugangsrechten die password.pl auf die Seite kopieren?
- Kann man die Passwortabfrage nicht im gleichen Fenster bewerkstelligen, ohne das ein Pop-up Fenster aufgeht? Auf vielen bekannten Seiten geht das doch auch. z.B. online-e-mail-dienste, Provider, etc.
- Gibt es nicht irgendwo eine gute und zusammengefasste Anleitung, am Besten noch auf deutsch?

Ich will doch nur einen bestimmten Bereich einer Seite durch Passwort schützen, so daß sich Besucher erst anmelden müssen. Das ganze auf einem Server zu dem ich ftp-technisch alle Zugriffsrechte habe, aber nicht direkt apache steuern kann, es sei denn ich verändere die eine oder andere config datei.

Gruß ipxi   
  May 1, 2001, 14:06:11
  User and Password variables
I got it all, thanks. But how can i put something like "Welcome 'user name' !!!" after autenticating? Which variable stores the user's name and password?

Thank's in advance,
Daniel   
  May 4, 2001, 00:07:50
  htaccess timeout
Hello !
how can I put an expiration time on the htaccess ??

Thank you !
Regards, Daniel Nuño   
  May 4, 2001, 22:43:58
  help needed for htaccess
Hi,

l have setup my web server running 1.3.19. l have created the .htpasswd and .htaccess file but l still can access the homepage directly, what went wrong?

my .htaccess config.
AuthType Basic
AuthName "Protected Directory"
AuthUserFile /home/monitor/.htpasswd
AuthGroupFile /dev/null

require user harmony

l have create the user harmony using htpasswd and is in the directory /home/monitor.

The file .htaccess is under the directory /home/monitor/html. This is were all the html files are and is the default directory for web.

  
  May 10, 2001, 02:08:33
  .htaccess URL redirection
I'm having a strange thing happen with an .htaccess file. Here is an example of what is happening. The default file in my web directory is index.html.

This DOES NOT work:

RewriteEngine on
RewriteRule ^(.*)$ subdir/$1

However, this DOES work:

RewriteEngine on
RewriteRule ^(i)(.*)$ subdir/$1$2

Weird, huh? Also, if I replace the (i) with a (.), it stops working again.

Any ideas?   
  May 10, 2001, 02:17:36
  pop-up window does not appear again
Hi,

l manage to get the pop up windows asking user to enter the user ID and password. But logging in successfully, l will not be pop for user id and password again if l close and open the broswer again. Is this due to broswer caching? If yes, is there any work around? Thanks.

Regards,
Toh Hwee

  
  May 10, 2001, 10:16:21
  Including 2 user-files in .htacces
is it possible to include 2 different AuthUserFile in .htaccess?   
  May 11, 2001, 10:47:47
  htaccess logfile restrictions
Can somebody tell me what i have to do if i do not want my accesses to be logged in the access_log?

i´ve read an article that i have to edit the htaccess and tell there, that my ip should not be logged. but what?
  
  May 11, 2001, 13:09:29
  cant get $ENV{'REMOTE_GROUP'}
I have had an .htaccess protected section of a website up for a while. It contains some administrative CGI not for the public, and has been working just fine. I have been able to even grab who is logged in with perl from the $ENV{"REMOTE_USER"} variable in perl to use in various interface messages.

Now, I want to add GROUP management to the cgi's where a subset of the users will be allowed to use certain scripts. I've added a AuthGroupFile to define which users are in which groups, but the system doesnt seem to load the $ENV{'REMOTE_GROUP'} variable so I cant be sure what is going on.

have I missed some part of the setup?

my .htaccess file looks like:
----
AuthUserFile /home/nm-earnosethroat/.nment_pwd
AuthGroupFile /home/nm-earnosethroat/.nment_groups
AuthName "NMENT secure area"
AuthType Basic
require valid-user


and the .nment_groups file looks like:
---
admin:danbak elaine
docs:fritz
  
  May 12, 2001, 20:57:10
  Un-Authenticating
Once a user has been authenticated through the .htaccess and password file,
is there a way to un-authenticate them so they need to log in again?

  
  Oct 28, 2000, 18:12:44
  htaccess seems not to be working (no window appeared)
Hello,

it's a Win NT5 server with apache running, everything goes fine, but there isn't popping up a window for pasword verification?
I putted the 2 files in the folder:
e:/program files/apache group/apache/htdocs/

My .htaccess:

Satisfy All
AuthType Basic
AuthName "Security"
AuthUserFile e:/program files/apache group/apache/htdocs/.htpasswd
Require user bart
AllowOverride none

Has it something to do with the pad???
Also strange is i got no error log or something, it seems not to react at all!

Can you help?
Thx   
  May 17, 2001, 21:32:13
   Re: Un-Authenticating
Check this out.
http://perl.apache.org/guide/security.html#Authentication_code_snippets   
  Nov 28, 2000, 06:17:49
  login script
Hello:

I am looking for a (Perl?) script generating authentication headers. I will be grateful for any suggestions, thanks !!

--> wojtek@pnti.waw.pl .   
  May 18, 2001, 23:47:11
  Multiple AuthUserFiles and targeted redirect???
Can there be multiple AuthUserFiles in one .htaccess file? I have two separate password files (current and expired) and would like both used in authentication. Also is it possible to redirect to a renewal page or run a cgi script if the user is located in the expired database?   
  May 23, 2001, 16:56:33
  Restricting access
Hello, I have installed Apache 1.3.9, and my question is the following: I want to restrict a file .html on a directory, only one or more file but not all files that a directory contains. So in the same directory there are ten files .html, and I want to restrict the access (using user/password) on two files on that directory.

Thank a lot of.

  
  May 25, 2001, 11:15:44
  syntax to modify PHP in .htaccess files
I want to count the number of visitors that are currently on my site and I wanted a flat file way of doing it. I asked on alt.php and got the following useful advice. The lines themselves, if I understand right, need to be preceded by some kind of Apache directive? I read this page hoping to learn the syntax of .htaccess pages but I'm still in the dark. I read the directives page but don't know what directive to use. Which directive do I need? What is the right syntax? Can anyone suggest a good book on Apache? The response I got on alt.php was this:

>>>>>>>>>>>>>>>>
If the server you're using is using Apache, create a .htaccess file and use
commands like the following to set the php.ini values for that directory
etc.:
php_value session.gc_maxlifetime 720 <-- in seconds
php_value session.gc_probability 100 <-- %age prob.
php_value session.save_path /am_sessionsFolder
  
  May 28, 2001, 17:18:36
  Htaccess/WindowsMedia
how do I get media player to accept the username and password entered by a user. I have htaccess set to require valid-user. After entering the directory there is windowsmedia file that triggers display of graphic assets. A mediaplayer icon appears in the username/password box. I was hoping that once the user entered their name and password that they could access everything. Is there another directive or syntax I should use?

  
  Jun 1, 2001, 04:06:37
  Default document
I am very new to Apache. I want to configure "Default.htm" to be my default document in the htdocs directory. How do I do that?

Thanks,


Don   
  Jun 3, 2001, 22:43:53
  IE 5.0x forcing authentication twice
Has anyone else experienced a problem using Internet Explorer 5.00 or 5.01 in which Apache forces users to authenticate twice with correct credentials? I do not get this problem in Netscape and have not seen any other htaccess problems besides this one, so I am assuming my configuration is correct.

An example scenario in which this problem occurs:
1. I give good username/good password -> asked to login again, error_log not updated
2. I give good username/good password -> successful login, error_log not updated

Another example scenario:
1. I give good username/good password -> asked to login again, error_log not updated
2. I give bad username/bad password -> asked to login again, appended to error_log is
... user sandih: authentication failure for "/ops/": password mismatch
... user poo not found: /ops/
3. I give good username/good password -> successful login

Any help or suggestions would be greatly appreciated.

Thanks!   
  Jun 4, 2001, 21:15:08
   Re: IE 5.0x forcing authentication twice
I too have seen this..

The following is an example layout of the directory.

/opt/apache/htdocs/Secured <- has .htaccess
/opt/apache/htdocs/Secured/otherdirectory <- has no .htaccess

The "Secured" directory has a .htaccess file and the directories below it dont, but if I authenticate correctly then try and go to "otherdirectory" I get an authentication box again.

.htaccess file is below:

AuthUserFile /opt/apache/cgi-bin/.htpwd
AuthGroupFile /opt/apache/cgi-bin/.htgroups
AuthName "System Documentation"
AuthType Basic


order allow,deny
allow from all
require valid-user



Anyone got any ideas ?

Sid Young
Brisbane   
  Jun 8, 2001, 02:06:12
   Re: IE 5.0x forcing authentication twice
> Has anyone else experienced a problem using Internet Explorer 5.00 or 5.01 in which Apache forces users to authenticate twice with correct credentials? I do not get this problem in Netscape and have not seen any other htaccess problems besides this one, so I am assuming my configuration is correct.
An example scenario in which this problem occurs:
1. I give good username/good password -> asked to login again, error_log not updated
2. I give good username/good password -> successful login, error_log not updated
Another example scenario:
1. I give good username/good password -> asked to login again, error_log not updated
2. I give bad username/bad password -> asked to login again, appended to error_log is
... user sandih: authentication failure for "/ops/": password mismatch
... user poo not found: /ops/
3. I give good username/good password -> successful login
Any help or suggestions would be greatly appreciated.
Thanks!

I figured out the solution for this problem. It had nothing to do with .htaccess. I was using a relative URL to point to the directory to login to, but I forgot to include the trailing slash. So, that caused Apache to send a redirect to the client which forced him to authenticate twice.   
  Jun 26, 2001, 16:40:24
  CGI gaining read/write access
I am looking for the simplist solution for granting read AND write access to files in a specified directory from CGIs in my cgi-bin directory.

Please send all responses to maksim@gtemail.net   
  Nov 1, 2000, 03:41:10
   Re: CGI gaining read/write access
if you known it,please mail to me!thanks.   
  Jan 16, 2001, 08:05:20
  restricting a file with htaccess
Hi
I'm trying to restrict just one file in a directory...with an .htaccess file.
I tried...

AuthType Basic
AuthUserFile /web/data/xxx/passfile
AuthName "Enter Password and username"


order allow,deny
deny from all



Satisfy all
require valid-user


But this doesn't work...I've tried many other combinations.. but nothing works.

I've checked the server config file - but nothing seems to be preventing it...but then maybe I have to add something??

can someone help?
thanks
jill   
  Jun 14, 2001, 19:26:34
  401 Authorization error
I have placed the .htpasswd and the .htaccess file in the protected directory and specified the path to find the .htpasswd file in the .htaccess file. I have specified the following:

AuthUserFile /www.bblcomm.com/Clients/itouch/.htpasswd

AuthName "iTouch Username and Password Required"

AuthType Basic



require user itouch



I have created the .htpasswd file with the exe downloaded from your site.
When I type the url it prompts me for the username and password hit enter and it prompts 3 times then give the following error:

Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

Can you help?   
  Jun 15, 2001, 17:46:26
  Setting up .htaccess on Win 2000/Apache
Hello
I was successful in setting up the user name/password authentication and thought it would be useful to share with all the members of this forum

1. Created a directory called secure under c:\ and copied the program C:\Program Files\Apache Group\Apache\bin\htpasswd.exe to it.

2. After going to the command prompt i executed the above program
htpasswd -c .htpasswd buddy
Here i was prompted to enter the password twice.
This created a file called .htpasswd under c:\secure

3. Now to secure the directory c:\mystuff\docs i created a file called .htaccess
and the added the following lines

satisfy all
AuthUserFile c:/secure/.htpasswd
AuthGroupFile null
AuthName "Only For Me"
AuthType Basic
require user buddy

I had mapped c:\mystuff as my default document directory.

This set it all up. So when i tried http://localhost/docs it prompted me to enter a user name and password.

Hope this helps anybody trying to set up this feature.

Regards
Khozema   
  Jun 16, 2001, 19:06:59
  .htaccess and .htpasswd
here is the .htaccess file ( I have tried many variations) yet it does not work

-----------------------------------------------------------

AuthType Basic
AuthName "MY PASSWORD PROTECTED STUFF"
#AuthUserFile /home/USERNAME/web/PATHNAME/.htpasswd
#AuthUserFile /home/apache/web/www/webdesign/htdocs/2delete/.htpasswd
#AuthUserFile /home/apache/web/www/webdesign/htdocs/2delete/.htpasswd
#AuthUserFile /www/webdesign/htdocs/2delete/.htpasswd
#AuthUserFile /home/apache/web/www/webdesign/htdocs/2delete/3delete/.htpasswd
AuthUserFile /www/webdesign/htdocs/2delete/3delete/.htpasswd
require valid-user
#Require user hoggy

-----------------------------------------------------------

the user name is hoggy in the .htpasswd file

the .htaccess file is located under /www/webdesign/htdocs/2delete/3delete/
the .htpasswd file is located under /www/webdesign/htdocs/2delete/

but after typing the password it does not work at all...

I have noticed that if using:

AuthUserFile /www/webdesign/htdocs/2delete/.htpasswd

you automatically have access to the folder without being asked for the password and login name! Unusual...   
  Jun 19, 2001, 15:42:13
  win2k not authenticating
Apache does not seem to see .htaccess files. I have tried renaming the .htaccess file in the httpd file with no luck. Any commects are apprciated.   
  Jun 24, 2001, 02:47:21
  .htaccess.txt - I can't change the file type!
Okay - I love this idea but how can I change the file from .htaccess.txt to .htaccess? I've tried changing the file type in Notepad, Wordpad, Frontpage and Word and none of these applications will let me remove the .txt

How do you guys do it?

  
  Jun 27, 2001, 19:10:21
   Re: .htaccess.txt - I can't change the file type!
Don't worry about the name of the file containing your htaccess directives. You can call it anything you like, while you're editing it.
Just ftp your '.htaccess.txt' file to the required directory on the server and rename it there, to '.htaccess'.   
  Jul 4, 2001, 10:05:28
  no pop-up window!
Howdy!

Using Redhat 6.2 and Apache httpd ...(1.3?).

Can someone send me a Working version of their httpd.conf and htaccess?
I seem to have tried all the tricks in the book and slowly losing my
patience over this.

BTW, there are some virtualhosting domains in httpd.conf. I assume that the global directives and htaccess would take care of any virtualhosts. If not, is there any special set of rules to setup htaccess for virtualhosting?

Thank You.


  
  Jun 28, 2001, 04:15:02
  Yes pop-up window!
Ok, I seem to have hit some luck after visiting
apachetoday.com. Just submitted a message asking
for httpd.conf and htaccess files...but lo and behold,
I figured out the bug within a few minutes.

I thought I'd share the info with others.

The .htaccess is

AuthAuthoritative Off
AuthUserFile /somewhere/.htpasswd
AuthName Secured Zone
AuthType Basic
require user freelunch
Satisfy All

Thats it. Now the "AllowOverride All" statement must
exist inside the in the httpd.conf file...e.g.


Options FollowSymLinks
AllowOverride All


$killall -9 httpd
$httpd

restarts the server and reads httpd.conf again. The pop-up window appears
and access is enabled through login.

Ok, one related question: What is the variable in which the username
is stored? How do I track the user ...Thanks for any pointer.


  
  Jun 28, 2001, 04:52:37
  .php and .php3
My provider only supports .php3 for php files but I would like to have a .php extension for php files. Is it possible to handle this problem with .htaccess ?

Greetings
Michael   
  Nov 3, 2000, 17:14:12
  htaccess embedded URL?
Forced to authenticate twice,using htaccess to serve documents to valid users.

Using alias for directory httpd.conf. The html document contains embedded images using img src=apic.gif . All files (html doc,gif & htaccess) are in the same directory. When enter html doc user is required to enter user & password, the x.htm begins to display then the user is requested to again enter the user & password. The error log states PERMISSION DENIED for the gif file. Once user re-enters user & password the gif displays. Why 2x's? I've tried using different address for the gif file in the img src line but haven't found one that works without prompting twice. Any help would be appreciated.
  
  Jul 2, 2001, 20:56:46
   Re: .php and .php3
hi michael,

if your php-version=3.x try one this line:
AddType application/x-httpd-php3 .php

if your php-version=4.x try one this line:
AddType application/x-httpd-php .php

hope you're going successfull
micha   
  Nov 16, 2000, 11:18:42
  500 Error
I am getting a 500 internal server error...
error log reported the following:

[Mon Jul 02 17:52:57 2001] [alert] [client 127.0.0.1] /.htaccess: AuthUserFile takes 1-2 arguments, text file containing user IDs and passwords

wats wrong??, please help!   
  Jul 2, 2001, 22:00:51
  .HTACCES !!!!!
How can I modify .htacces so it only protects the files I want it to not the whole directory ?   
  Jul 5, 2001, 21:45:47
  RewriteRule does not work as documented
I've read copious documentation and examples, and cannot get this to work, using Apache-1.3.20.

RewriteEngine On
RewriteRule ^/twig(.*) https://mydomain.net/twig$1 [R]

According to the documentation, this is correct. But it doesn't work.

  
  Jul 8, 2001, 21:59:02
  setting up httpd.conf to allow htaccess
I'm pretty sure I've got my .htaccess and .htpasswd files set correctly, but for some reason my httpd.conf file isn't even reading them. How exactly am I supposed to edit the config file to make this work?   
  Jul 10, 2001, 18:38:24
  Apoyo su iniciativa....
Creo que una excelente idea esto de las listas de correo para temas de esta indole. En Chile tambien lo hacemos.
Aqui se habla mucho de Linux y su potencial....


chao...   
  Jul 11, 2001, 17:57:35
  Re: I need help to redirect my domain to a file! [some domains but not others!]

| Try this in your .htaccess file:
|
| redirect permanent /(directory) (url)
|
| example:
| redirect permanent /jethro http://cool.jethro.com/
|
| Hope this helps.

I had the same question (if I'm understanding the original poster correctly). However, this solution (above) redirects a subdir. of the original URL to a second, different URL. I need exactly the reverse of that.

My clients have several different domains pointing to the same doc. root dir. on our webhost's server, all bringing up the same default page. We want some but not all of those domains to either bring up a different default page, or otherwise redirect to a subdir. of our doc. root dir.

Unfortunately, the webhost they paid for in advance will bill them for hosting a second, separate website to set this up, even if we only want a couple domains to point to a subdir. of the original doc. root dir. (geez, pay for a whole separate site, just for a one-time alteration to their httpd.conf ?) Obviously, I don't have access to the host's httpd.conf myself, so I'm investigating the use of .htaccess for this before I resort to JS trickery (and could use some pointers for that as well, FWIW, but hopefully not necessary :-).

E.g., we've got [www.]foo.com, [www.]foo.net, [www.]bar.com, and [www.]bar.net all pointing to the same default page in the same doc. root dir. We want: http://[www.]foo.com/ and http://[www.]foo.net/ to bring up the original default page in the original doc. root dir.
http://[www.]bar.com/ and http://[www.]bar.net/ to either bring up a different default page, or otherwise redirect to a subdir. of the original doc. root dir. (e.g. redirect those to http://bar.com/barsubdir/ ) - whichever is easiest :-J.
Got any ideers?
- Mnsgr. Laszlo
(Remove .SPAM.B.GONE from email addy to reply by that method.)   

  Jul 12, 2001, 01:03:03
  Bandwidth Theft
My former web hosting service provider was taken over by another company. The new company has moved my domain to a new server and they refuse to include the mod_rewrite module in that server configuration (Apache 1.3.20). I had used the following directives in certain .htaccess files to limit bandwidth theft at my former provider:

# Rewrite Rule for images
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://mydomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com/.*$ [NC]
RewriteRule .*\.[Jj][Pp][Gg]$|.*\.[Gg][Ii][Ff]$ /graphic1/offlink2.gif

which resulted in a tremendous decrease in "image theft" (the offlink2.gif file essentially stated that my domain doesn't allow offsite linking to its image files). They intend to begin charging based on bandwidth usage, but they have no alternative to my method of preventing bandwidth theft. What, if any, are the problems with allowing the mod_rewrite directives on a "shared hosting" server (assuming they have the rest of their act together)? And/or is there some other way of dealing with this issue?

Bob   
  Jul 12, 2001, 02:52:23
  Problems htaccess & WinNT
Hi all of you !
It seems to be a really complicated problem to secure pages or directories with apaches htaccess functionalities.
I followed almost every documentation and tutorial but it is not possible for me to secure any page in our net.
Apaches seems to override the .htaccess files because I never saw any of those user/password prompts on screen.
I really dont know what the problem is, but I need help to fix it.

Thanks, Thomas
  
  Jul 12, 2001, 06:38:18
  Re: HTACCESS to redirect specific users
I don't think you can do this from within the .htaccess file, but you could use PHP to do it. In PHP getevn("REMOTE_USER") will give you the username with which the current user authenticated. So you could use the function header("Location: http://www.yoursite.com/".getenv("REMOTE_USER")."/") in PHP to redirect authorized requests to a subdirectory that matches the user's login.   
  Jul 24, 2001, 16:57:49
  Multiple Login Rejections
As my .htaccess file is currently set up, if a user mistakenly enters a bad username or password, the server will not allow a second attempt at login (they just are shunted to the "Authorization Failed" screen. How do I change this to allow for multiple tries?   
  Jul 26, 2001, 18:46:30
  Can I make .htaccess for a single file?
Is there a way that I can make .htaccess only work for a specific file in a directory with many other files in it?   
  Jul 29, 2001, 22:50:18
  htaccess
wat should i put in a htaccess if i just want 404 error processing   
  Aug 1, 2001, 11:59:21
   Re: htaccess
No, you can put an entire nation in the htaccess file if you want to.   
  Aug 6, 2001, 11:47:25
  htaccess group authentication
My Application has a tree structure with top 2 branches as A, B.
The htaccess file also has 2 groups A,B.
Now users under each group should only be able to see the children
nodes inside its own group.

Ex. say Group A has members-a1,a2
Group B has -b1,b2
now when the user a1 or a2 logs in they see data only inside Branch A.
Similarly when user b1 or b2 logs in they see data only inside Branch B.

Can I accomplish this using htaccess file.
Any assistance would be greatly appreciated.   
  Aug 1, 2001, 21:39:17
  zope .htaccess
is there any way to add Rewrite Rule in .htaccess   
  Aug 3, 2001, 13:22:48
  hiding directory index
Hello,

I just want to know how you best can hide a directory index. All visitors should be able to use the files, but they must not be able to view the directory index. How is this problem solved?

Please send me an email with the answer. Thank you!   
  Aug 4, 2001, 11:39:21
  What meen FDN
Can somebody tell me what this message meens?

In the error_log (Apache/1.3.19,Unix,Suse 7.1):

[Wed Aug 8 00:28:21 2001] [error] [client 212.212.212.100] thomas: not a valid FDN: /server-status   
  Aug 8, 2001, 14:24:48
   Re: What meen FDN
Hmm it seems i have the same error ... well everything works fine: the user/password prompt appears in the Browser (and even shows the AuthName as normal, so he reads the .htaccess!!) but then i dont get access and my error_log says about the same thing as yours .... here are my files :
(hmm well the AllowOverride AuthConfig is set :),the file passwd was set up using htpasswd)


located in my "privat" pages :))(which dont exist yet)
.htaccess
AuthName Privat
AuthType Basic
AuthUserFile /etc/httpd/passwd
AuthGroupFile /dev/null
Require user ???

located in /etc/httpd/
passwd
???:Password

hope someone can help :))
  
  Aug 13, 2001, 10:50:45
  Local script-access with deny all ?
access question:

I want to have several directories to be accessable from some domains,
but I want the same directories to be accessable from the scripts on that domain. How do I do that? I tried:


order deny,allow
deny from all
allow from 24.132.133.42
allow from 24.132.45.198
allow from 194.109.167.
allow from 129.125.142.

ErrorDocument 403 http://jthz.com/sorry.htm

but now I have to somehow add allowance for access
from local scripts, how do I get that done? I tried
adding: "allow from thatdomain.com" but that didnt work...   
  Nov 4, 2000, 04:23:47
  htaccess and IE
Hi there,
I have a problem with a site that is using htaccess authentication. Users who want to gain access to a part of the site and who are using Netscape are being challenged with userid and password like it should be. Users who are using IE 5.x are having problems. Some people don't get a challenge and are directly prompted with a http 401, others get a challenge but for some reason userid and password are not sent correctly, after 3 times they get this message:

Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required

Is there anyone who can help me solving this problem??

Best Regards,

Gerwin   
  Aug 9, 2001, 08:00:44
   Re: Local script-access with deny all ?
Did you ever find an answer to this problem as I am facing the same : 0(
Any help is appricitaed!
Thank you.
please send any coorespondance to compuca@aol.com


> access question:
I want to have several directories to be accessable from some domains,
but I want the same directories to be accessable from the scripts on that domain. How do I do that? I tried:

order deny,allow
deny from all
allow from 24.132.133.42
allow from 24.132.45.198
allow from 194.109.167.
allow from 129.125.142.

ErrorDocument 403 http://jthz.com/sorry.htm
but now I have to somehow add allowance for access
from local scripts, how do I get that done? I tried
adding: "allow from thatdomain.com" but that didnt work...   
  Nov 14, 2000, 07:11:36
  please help about 500 Erro!!!
I am getting a 500 internal server error...
error log reported the following:

[Mon Jul 02 17:52:57 2001] [alert] [client 127.0.0.1] /.htaccess: AuthUserFile takes 1-2 arguments, text file containing user IDs and passwords

wats wrong??, please help!   
  Aug 9, 2001, 10:25:31
  How to manage acces
Hi!
Im having Apache on WinNT 5 with a NTFS filesystem.
Is there a possibility to manage acces via NTFS?
If not can anybody tell me what to do that Apache will ask for a username and password and how ill install that.
Please explain it that newbies like me understand it too!
Thanks a lot
CU
cfreak84   
  Aug 12, 2001, 14:07:56
  Storing Credit Card Information Safely

Thanks for taking a moment to look at this:

I'm currently building my first e-commerce web site and I'll be doing all of the PHP coding myself.

I'd like shoppers to be able to store their information including shipping & billing address and credit card number(s), etc. Is there a way I can do this safely with .htaccess or .htpasswd files?

Thanks for your help,
Christopher

  
  Aug 12, 2001, 21:04:41
  htaccess usage and implementation
Hi everybody,
I am a newbie in this field. I read a lot about using htaccess and things like

htpasswd -c .htpasswd buddy

I have a web site that runs on Apache server and I would like to make a password protected URL. I read some documents about that but I couldn't find out how to access or where to write and implement the commands like
AuthGroupFile /dev/null
AuthName My Secret Stuff
AuthType Basic
I know php, do I have to write those commands in a php file? AND can I use WS_FTP program to create the involved directories? I am so much confused!!
Could anyone tell me Where and How to start? OR give me a URL that deals with that? Your cooperation is appreciated.
Thank you.
  
  Aug 13, 2001, 09:17:48
  .htaccess config
Hi,

I need to know how the .htacctss file is written, what is the option to validate to all subfolders. I tried to set this format


AllowOverride None
Options None


On the Apache server config file but it denied the access to all. Any clue or hint ?

Thanks,

  
  Aug 14, 2001, 23:29:33
  how to shut down apache
How do you shut down apache server?
What command is needed?   
  Aug 15, 2001, 16:51:26
   Re: how to shut down apache
> How do you shut down apache server?
What command is needed?

net stop apache
net start apache   
  Aug 19, 2001, 16:25:27
  htaccess
HI,
Is there any limit in the numbers of users which can be included into the .htaccess file and the password file? If there is, how many?
  
  Sep 21, 2000, 04:41:04
  Is it possible to define relative paths in .htaccess?
Hi, I want to define my include path for my entire www directory to a directory outside (eg ../inc). Apache is running on Linux.

Can I use relative paths (ie ../inc) or do I have to define the whole path, eg:
include_path='./:/usr/local/lib/php' (this came up in an error message when an include file was missing).

I keep getting an internal server error/misconfiguration. Can anyone help on this one?

Thanks,
Zubin   
  Aug 18, 2001, 22:58:43
  Same username, different passwords
Is there a configuration setting or directive for apache server, that will let my .htpasswd file contain various lines of the same username with different passwords? For example, line 1 - username1:encpassword1, line 2 - username1:encpassword2... etc. We have a one to many relationship between username and password and would like to set up the password file this way. Does anyone know if this can be done?   
  Aug 20, 2001, 20:59:24
  htaccess and User Name
Is there anyway to get the User Name box in the auth window to be pre-populated? Basically I just want the user to fill out the password not both user/pass.   
  Aug 20, 2001, 22:11:20
  let us know about FDN
Please send a message here if anyone finds an answer what that "not a valid FDN" means in error log file.
I'm working on this problem for quite a while, checking whatever is possible, but my .htaccess still doesn't work. Everything seems to be set up properly, "AllowOverride All" in httpd.conf file as well as .htaccess file itself, which worked fine on older server.
It only stopped working after I upgraded to SuSe 7.2 with Apache 1.3.19.
I heard more people have exactly the same problem with the same combination of Linux and Apache. Although I didn't see anyone offering a solution so far. Please write to this forum or send me an e-mail if you find out something.
  
  Aug 21, 2001, 14:50:00
   Re: let us know about FDN
I am also having the EXACT same problem as you have and I have been searching for days to find the answer to this one. Unfortunately I have been unable to find a solution. I am so disgusted that I have backed up all of my files and will be going back to SuSE 7.1 as soon as I finish posting this message. I will still be looking for the solution however and you can be sure that I will post is here if I find it.   
  Sep 14, 2001, 10:04:10
   Re: Re: let us know about FDN
http://sdb.suse.de/en/sdb/html/htaccess72.html   
  Sep 17, 2001, 17:50:09
  htaccess and SSI
Hi all,

I am having problem with .htaccess and SSI. I read that to turn on SSI you need to add XBitHack to your .htaccess. Well, I did that, but the server does not see anything. Still I am not able to see mi SSI files. I read all about how set up the httpd.conf, so on and so for, but not success. Any help will be apreciated.

Thanks in avanced,
Alex   
  Aug 23, 2001, 02:13:23
  Deny,alow: allowing one-and-only-one IP to access
Hi,

In httpd.conf, how to limit access to locations so that it allow one and only one IP to access it? Is it like this?

Order deny,allow
Deny from all
Allow from 123.123.123.201

Thanks,
Kenny.   
  Aug 24, 2001, 08:58:55
  internal server error despite correct directive?
No matter what I tried, I kept getting an internal server error.
But I think that the directive in my .htaccess-file is right and complete. Are there other mistakes that can cause this error?

My .htaccess-file:

------------------

AuthName Support
AuthType Basic
AuthUserFile
/home/sites/www.mysite.de/web/mysite/AktuellerOrdner/Support/bereich/.htpasswd
require valid-user

------------------

btw, when ftp-ing I'm using ASCII-mode. That's not my mistake. So what else?   
  Aug 28, 2001, 15:35:37
  how do you allow put method.
i need to allow put method.current default config doesnt allow the put method.how do i change it.   
  Sep 12, 2001, 08:19:16
  Undoing user privileges in subdirectories
If I grant a particular user access to a directory in the .htaccess file, what can I do to prevent this same user from having access to the subdirectories?   
  Nov 8, 2000, 18:03:21
  Unprotected sub folder
I have my entire doc folder protected by an .htaccess file. I want to make a sub-directory open to everyone, but I can't get it to work. It takes its preferences from the root folder and rewuires a password.
ANy ideas?
ta   
  Sep 20, 2001, 12:12:32
  http.config Questions.
Hi,
Can anyone please tell me how to set up the username and password for certain files only? Not the directory!!
I have a file called admin.html inside test directory....(ie. C:\program\apache\test\admin.thml). I want user to be able to go to test directory, but cannot access admin.html. When they click on admin.html, it should pop up a window to ask for password.
Please tell me what I should do in http.config file. I have no problem with .htaccess and .htpasswd!!
Thanks. I hope to hear from you guys.


  
  Sep 25, 2001, 04:00:53
  Disallow download from server if not from certain referrer?
Please help me, how can i make sure (with htaccess), that NOT A SINGLE file can be downloaded if the referrer isn't http://mypage.com/mypage.html ?
Thank you very much.
Clemens   
  Sep 26, 2001, 17:55:34
  After entering the password there are problems
After I enter the user and password in the password box, another password box appears while Apache server seems to be attempting to authenticate. It seems that the .htpasswd might never be found. Any suggestions?   
  Oct 3, 2001, 03:26:58
  Command parameters for .pfr
I am intersted in creating a web site which invvolves high volume of non-English text. In my case the langiage is Kannada. To save the visitors from downloading requirred fonts to view pages in the language it is intended at I created .pfr files (Dynamic fonts with webfont wizard: http://www.bitstream.com) Now, I have to create a command parameter for Add type command parameters for application/fot-tdpfr for exrtension .pfr. How do I do it is the problem. considering my novice position any guidance/relevent step by step details will be appreciated.   
  Oct 3, 2001, 17:47:35
  with .htaccess can't access dir's
I installed apache 1.3.20, and it works great. I followed the instructions on http://www.sakuralover.com/raq3/upgrade_raq3.htm

I only have a problem that my .htaccess files aren't working anymore. I can't access directories with an .htaccess file. I don't even get a popup asking for the passwords, only a page not found error page. I only get a "The page cannot be displayed" error.

With apache 1.3.6 all was working fine

My AllowOverride is set to all in the access.conf and the .htaccess files aren't changed.


Maybe someone can help, thanks

Alexander   
  Oct 3, 2001, 23:43:57
  hiding directory index
Hello,

I just want to know how you best can hide a directory index. All visitors should be able to use the files, but they must not be able to view the directory index. How is this problem solved?

Please send me an email with the answer. Thank you!   
  Oct 5, 2001, 12:56:43
  nullify the effects in subdirectories
hi,
how to nullify the effects of an htaccess file in subdirectories ?   
  Oct 19, 2001, 16:51:34
  htaccess uses the main system password file
This is an example of my .htaccess file
AuthUserFile /home/sites/.htpasswd
Authname DirectoryName
Authtype Basic
require user roman

I created the /home/sites/.htpasswd file using htpasswd. The file is at that location, and has read permissions.
The problem is that it does not seem to bother reading that file and takes its passwords from the main system password file. So the user roman exists in the above htpasswd file and also as a user on the system, htaccess just checks against the main system password.
NB. If the user does not exist as a system user, then they are still unable to gain access, even if they have a password in the above file.   
  Oct 24, 2001, 10:55:21
  htaccess restricting image file access except from my web pages
Does anyone have a solution for the language to include in an .htaccess file that will prohibit images from being served up to any web pages other than the web pages that exist in my web site? I'm attempting to keep others from posting links to my images and poaching my bandwidth, which I am charged dearly for.
My web site is http://www.artminds.com

Cheers,
Art Minds
art@artminds.com   
  Oct 27, 2001, 20:34:09
   Re: htaccess restricting image file access except from my web pages
Put the following htaccess file in your images directory :

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomainip.* [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomain.comip:80.* [NC]
RewriteRule /* http://www.domain.com/redirectpage.html [R,L]   
  Nov 14, 2001, 15:02:17
  size of htaccess
Hi all out there!

I wonder if it makes sense to add RedirectPermanent directives on a file by file base to .htaccess like

RedirectPermanent /abc/preview/xyz.html /abc/final1/xyz.html
RedirectPermanent /abc/preview/uvw.html /abc/final2/uvw.html

Reason is I have a "Preview" folder with about 1200 files. But as "Preview" says these files will go to other folders by a slow step-by-step approach as they are finally edited. Till now I copy the edited file to its final location, then delete the content in the preview page, add fixed links to the new location and a refresh command in each file's head. It would be much easier for me and much more elegant for the visitor to just add a line to .htaccess in the preview folder and delete the preview file. But what load would give this to the server? In the end .htaccess would have about 1200 such RedirectPermanent lines.

If search engines honor RedirectPermanent and remove such URIs from their index requests for files in the preview folder should become less and less and thus the burden for the server to read .htaccess time and again might be not that significant. Could anyone experienced with servers answer these thoughts?

TIA - Sindbad sindbad.the.seafarer@gmx.net   
  Nov 2, 2001, 20:42:01
  Redirecting SUBdomains
Hi @ll!

My provider told me that I can use a .htaccess file to redirect from i.e. http://subdomain.mydomain.com to a sub-folder which is for example http://www.mydomain.com/subdomain. How do I do this?

I don't think it'll work with the redirect command. So, what do I have to do?

Bye
Max Senft   
  Nov 11, 2001, 09:38:35
  exact url-redirection
i am searching a solution for following problem: if somebody gets error 40x on "www.domain_1.com/exact.html" he should be redirected to "www.domain_2.com/exact.html". is this possible to realize with .htaccess?   
  Nov 11, 2001, 11:03:36
  Redirecting after # of page views
Is there a way to redirect a surfer to another domain after a preset number of page views on my server?

For example if I have 1000 page hits to my server....click 1001 would load a page from another url.

Thanks.
  
  Nov 23, 2001, 17:23:50
  How to get the username once authenicated?

eg. once authenicated thru htaccess, how can i display the username on the index.html???

ie. how do i pass the username to html pages?   
  Jan 2, 2002, 03:40:24
  htaccess
-------------------------------------------
AuthType Basic
AuthName "Protected Directory"
AuthUserFile /my-url/test/.htpasswd
Require user someguy
-------------------------------------------
i added this in a .htaccess and put it in the folder test on my website then i created .htpasswd and put it in the test directory too
and i still get that the Error page.

Plz reply by email too , thnx   
  Jan 4, 2002, 17:19:11
  ssl+apache+tomcat
Hi,
Actually,i'm developing a system that incorporates apache+ssl+tomcat.
Basically,i managed to developed have of the project wih apache and tomcat.Unfortunately,i encounter some problem when it comes to getting ssl+apache+tomcat under win98.
Do u have any experience in getting ssl work together with apache+tomcat?
Thanks in advance.   
  Jan 6, 2002, 05:44:48
  custom login popup skin
Don't think this is possible but, thought I'd ask...

Any way to change the look of the login popup dialog skin and add more messages to the user and stuff?

Thanks, Dan   
  Jan 9, 2002, 00:24:21
  log username + password submitted
I have a member's only section on my website that I have restricted access to with .htaccess.

Is there anyway to have it log the usernames & passwords people are submitting?

I would prefer it to email me this information, but a logfile would be fine.

Thanks!

Algernon   
  Jan 14, 2002, 18:04:15
  Redirecting a domain to a page
I have two domains: www.one.com and www.two.com (for example). www.two.com has the same DNS as www.one.com

I want to redirect everyone that goes to www.two.com to www.one.com/test/sample.htm

I have also tried using http.conf but do not know what is going on with it...   
  Jan 20, 2002, 22:00:04
  .htaccess file problem
k, this is my configuration for .htaccess file
satisfy all
AuthUserFile d:/secure/.htpasswd
AuthGroupFile null
AuthName "Only For Me"
AuthType Basic
require test

I'm running Apache under winXP, and when I try accessing my homepage on my server, it asks me for the username/password like it should. But when I enter them, it doesn't let me through. After 3 time it gives me the Authorization Required page.

I have no idea what I'm doing wrong, so if anyone does, please help me..

Thanks
Mike   
  Jan 24, 2002, 13:44:34
  Sample .htaccess
Can you hel me, where can I fine a sample of .htaccess?


thanks,


Jolas   
  Jan 25, 2002, 03:53:36
   Re: Sample .htaccess
AuthUserFile /usr/local/www/data/somedirectory/restricted/.htpasswd
AuthType Basic
AuthName whoever

require valid-user
  
  Jan 31, 2002, 09:04:29
  Number of Login Attempts Action
Is there some way to, say, run a script if you have a certain number of incorrect login attempts? It feels like there *should* be a way to do this...

What I want to do is set it up so that if you have 5 incorrect login attempts from the same machine in a row, to send an email.

Thanks,

-rosie   
  Jan 27, 2002, 21:21:43
  deny hotlinking generator
If anyone wants to stop illegal linking of their images, try http://www.htmlbasix.com/disablehotlinking.shtml

It makes the code for you.   
  Feb 3, 2002, 06:51:45
  Directory listing
How can we allow users to get a listing of a certain directory?

Thanks.
======   
  Feb 3, 2002, 14:01:36
  Authorized
I want to make my Images directory not allow a directory listing if there is no index.html file in the directory does any one know how?   
  Nov 16, 2000, 23:51:33
  Re: need save to window
I dont believe this to be an issue with your web server. Files on a computer are associated to files by their extensions: .doc (word) .xls (Excel) .zip (WinZip) . pdf (Adobe), etc. When clicking on a link (via a browser) the computer will associate itself to a program on your computer. If it finds a compatible program for that extension it will use the program to open it without prompting the user to download it. It is possible that older browsers (such as Interet Explorer 3.x or Netscape 3.x) didnt support this Windows feature. The tech rep was probably actually suggesting that you edit your .htaccess file to force this file type (.w2o) to download. I am guessing that the individuals downloading this file type would probably have the supporting program installed on thier computers. (?)   
  Feb 5, 2002, 18:59:23
  Excepting one file from a .htaccess pw-protection
Hi,

I have the following question:

can I except a single file in a directory from the password protection set in the .htaccess file?

My example would be:
the directory "stuff" is pw-protected by an .htaccess file
the file "index.html" in that directory should be accessible without knowing the password
can I do that (without moving the index.html file to another directory - I know that this works, but it's not what I wanna do - also I don't want to use sud-directories)

Thanks for your help!

Relaff   
  Feb 8, 2002, 13:00:09
  htaccess and Apache on NT
I am having trouble trying to follow the instructions for setting up an htaccess file on an NT system. All I want to do is restrict access to a certain part of the web site to a small list of users. What I need to understand is how to implement basic authnetication in an NT environment. Or, alternartively, how to get the NTFS security system to work with Apache. I know this is trivial with Apache on Linux and with IIS on NT -- how about Apache on NT?   
  Nov 21, 2000, 02:57:30
   Re: htaccess and Apache on NT
> I am having trouble trying to follow the instructions for setting up an htaccess file on an NT system. All I want to do is restrict access to a certain part of the web site to a small list of users. What I need to understand is how to implement basic authnetication in an NT environment. Or, alternartively, how to get the NTFS security system to work with Apache. I know this is trivial with Apache on Linux and with IIS on NT -- how about Apache on NT?

========

In hopes that others stuck with Windoze are having this same problem (I know this response if rather late for the original requester)...

Check the bin directory where you installed Apache. You should find the file htpasswd.exe there! Make sure it's in your path, and execute it, just like the Big Guys lucky enough to be working on a Linux box!

I modified my Apache httpd.conf file and added the following:

===cut below===

AccessFileName _htaccess

AllowOverride All


===cut above===

The above now looks for files named _htaccess in place of .htaccess. Make it whatever pleases your eyes (I followed the boys and girls of World's best text editor, Vim, on this one!).

In the file _htaccess in my "protected" directory, I added:

===cut below===

AuthUserFile c:/usr/www/myfakedomain/protected/_htpasswd
AuthGroupFile nul
AuthName "PWD Protected Directory!"
AuthType Basic
require user Spock

===cut above===

Now, in the protected directory, open a DOS box. Execute htpasswd such as:

htpasswd -c _htpasswd Spock

Enter the password twice, and you be a-running(?).

Yes: documentation everywhere warns NOT to place the password file in the same directory. But, ya gotta learn somehow, wrong???

Enjoy!

Terrill

"I think. Therefore, I am confused."   
  Sep 24, 2001, 20:58:53
  Multiple domains
I know this question was asked before by Eric but I didn't see any response posted... So I'll ask it again. How do I set up a .htaccess file to redirect certain names to subdomains?

I know it can be done and its bugging the hell out of me.

Thanks in advance for any help.

Chris Thady   
  Nov 25, 2000, 22:05:47
   Re: Multiple domains
I pulled the following off the Webmonkey site. I haven't tried it yet but am going to. If you come up with anything else please let me know.

What happens during a server-side redirect? When the server receives a URL that's been redirected, it sends an error code (301 to be exact), along with the new location, to the client, which then resends back a request for the new URL. The computer user shouldn't notice anything unusual until the page is served with an address different from the one she typed in.

In order for this to happen, though, you must first tell the server what to do. The process varies depending on what type of server you are using and how it's configured, but essentially you'll just be providing the server with a redirect command, the old path, and the new path. If you're using an ISP to host your pages, you can probably place this information in your home directory in a file named .htaccess, but you should check with them first. Using Unix, it would look something like this:

Redirect pathname url
In this example, pathname is the old location, and url is the new.

If your ISP doesn't allow this or you're running your own server, you can put the information in one of the server's configuration files. Apache and NCSA servers keep this information in the Resource Configuration (srm.conf) file.


> I know this question was asked before by Eric but I didn't see any response posted... So I'll ask it again. How do I set up a .htaccess file to redirect certain names to subdomains?
I know it can be done and its bugging the hell out of me.
Thanks in advance for any help.
Chris Thady   
  Dec 11, 2000, 06:12:11
  .htaccess example
After reading this entire tutorial, I still don't know
how to set a simple user/password on a directory on
my website.

  
  Nov 27, 2000, 16:33:01
   Re: .htaccess example
Hi there. In a nut shell here's what you need to do.

Create a .htaccess file in the directory you want to protect ie /home/www/domain/html/private/.htaccess

In that file, place some authentication directives and a directive to the path of a user file like so:

AuthType Basic
AuthName "Protected Directory"
AuthUserFile /home/www/domain/auth/.htpasswd
Require user someguy

Now, you need to create the .htpasswd file (or any other arbritary named file) in the path you specified (in this case /home/www/domain/auth) by running the program htpasswd. Type "htpasswd -c .htpasswd someguy". You will then be prompted to enter a password for someguy. Finish that and then viola - your directory should be protected. Check out the directives in the Apache docs for a better understanding of what's going on.

ps, strip out the backslash before the quotes - this board is adding them...
  
  Dec 1, 2000, 06:32:08
   Re: Re: .htaccess example
HI!

I'm a windows user. :)
If I'm prompting "htpasswd -c .htpasswd someguy" (without quotes) into dos prompt, I'm getting an error message: "programm cannot be found"!
So where can i get this programm from, or where shall i prompt "htpasswd -c .htpasswd someguy" in?

CyA
http://www.flashsitez.com   
  Dec 6, 2000, 12:10:51
   Re: Re: Re: .htaccess example
Try using the Find program in windows to look for htpasswd program. Then go to where the program is located from dos and use it. It worked for mmme!   
  Jan 12, 2001, 11:32:09
   Re: Re: Re: Re: .htaccess example
The program is in the "bin" directory where you installed Apache. Most probably in the "C:\progam files\apache\bin".

Bye.   
  Jan 14, 2001, 11:59:37
  I need help to redirect my domian to a file!
Please if you can help me e-mail back.

I have been told that by altering my htaccess file I can make a domain name point to a specific file.

Current situation:
I have several domain names, they all point to the same direcory, I need some of them to point to sub directories.

Thanx Eric   
  Sep 23, 2000, 06:44:14
  server generated headers
hello,

i have to complete the following task:
on one server i have simple .html pages. they do NOT contain information of
the encoding the should be read in.
i need to set up the server (for that site) to automatically add an encoding header while sending each page.
i run apache 1.3.9. is it possible at all ?
if yes, i will appreciate you telling me :)

thanks in advance,

kosio   
  Nov 28, 2000, 11:20:44
   Re: I need help to redirect my domian to a file!
Try this in your .htaccess file:

redirect permanent /(directory) (url)

example:
redirect permanent /jethro http://cool.jethro.com

Hope this helps.   
  Dec 17, 2000, 07:58:51
   Re: I need help to redirect my domian to a file!
Create an .htaccess file with

redirect / http://www.yourdomain.com/your_directory/   
  Dec 28, 2000, 11:04:16
  cancelling shows page with .htaccess

I've set up my apache web server on an nt box and successfully implemented .htaccess. The problem is that the page loads, then asks for logon information. If I just keep pushing the cancel button the page still shows and the logon window goes away and I have full access to the page. What am I doing wrong?

Thanks.   
  Nov 29, 2000, 22:30:12
  Hi
I am a beginner in using .htaccess. Can anyone tell me how to encrypt passwords for .htaccess?

Thanks   
  Dec 7, 2000, 13:23:00
   Re: Hi
> I am a beginner in using .htaccess. Can anyone tell me how to encrypt passwords for .htaccess?

Use htpasswd. Read the manual page for htpasswd.
Basically, create a new password file with:
htpasswd -c passwd-file username
Then to add more:
htpasswd passwd-file username2   
  Dec 7, 2000, 22:15:28
   Re: Re: Hi
> > I am a beginner in using .htaccess. Can anyone tell me how to encrypt passwords for .htaccess?
Use htpasswd. Read the manual page for htpasswd.
Basically, create a new password file with:
htpasswd -c passwd-file username
Then to add more:
htpasswd passwd-file username2

Thanks, but the problem is that i don't have access to telnet or whatever. I only have a user account on a free host that allows .htaccess protection.

Jethro   
  Dec 18, 2000, 10:08:33
  My .htaccess doesn´t work!!
Hello,
I´m a begginer using .htaccess files and I have a problem. I´m a UNIX user.
I´m trying to restrict access using a typical .htaccess file and a file with the passwords, but when I enter my username and password it always refused them due to a password mismatch. I´m sure the password it´s correct but in the log file appears a password mismatch error. I don´t know what´s wrong, maybe something like permissions???....
Please give me a solution or some idea about the possible error.
Thanks in advance for any help.
Robert.

  
  Dec 12, 2000, 11:29:34
   Re: My .htaccess doesn´t work!!
Hi, not sure if you got a response yet but I thought I'ld try.

It's tough to say what the problem is because you haven't posted the contents of your htaccess file. That considered, my best advice is to try:

http://www.vhinside.com/faq/subject/htaccess.shtml

They have a really straightforward, step by step htaccess tutorial that has a section specifically for password protection of your directories.   
  Dec 19, 2000, 09:14:45
  .htaccess for charset=iso-8859-1?
Hello, maybe you can help me... we german-speaking people have a problem with äöü in the internet... since html 4 it isn't necessary to put it in the code like this: ä

Now my problem is, that the apache server ignores the meta-information with the iso-charset.

Have I to put something in the .htaccess to tell the server to render this meta-tag into the html? thanks!   
  Sep 23, 2000, 21:48:13
  Redirect permanent
Hello,

I need to redirect cgi-bin/something/* to http://mydomain.com

I know it is possible by using "Redirect", but I don't want the stuff behind the "something" directory to be apended to mydomain.com.

Can someone tell me the solution?

Jethro   
  Dec 18, 2000, 10:10:47
  redirect
Can I redirect based on user name? If user Dennis logs into a directory Clients can he be redirected to a Dennis directory? User Tom would be sent to his directory and so forth.

TIA,

Shifty   
  Dec 29, 2000, 20:45:46
   Re: redirect
I am sorry to ask this question again, but has anyone gotten an answer to this question?


> Can I redirect based on user name? If user Dennis logs into a directory Clients can he be redirected to a Dennis directory? User Tom would be sent to his directory and so forth.
TIA,
Shifty   
  May 22, 2001, 19:16:26
   Re: Re: redirect
if you are using PHP, you can get the username from this variable:
$HTTP_SERVER_VARS["REMOTE_USER"];
and then redirect using the "header" command, for example:
$username = $HTTP_SERVER_VARS["REMOTE_USER"];
if ($username == "buffy") {
header ("Location: vampires/slayer.html");
}

there are probably similar methods in other scripting languages, and you might be able to get the username from the apache environment as well. as far as having apache itself redirect based on username, i don't know whether or not this is possible.   
  Jun 17, 2001, 22:54:34
  How do I force an authentication
Hi!

I trying to "secure" access to a website. But it really bothers me that the user (A) is required to kill the browser if he wants to prevent another user(B) from exploiting the session user A authenticated. How do I do this?
Can I set a session timeout for the authentication???

Best regards

Thomas   
  Jan 3, 2001, 13:02:57
  htaccess problems
OK, so here's my problem:

I have a client with a Web site running under Unix and Apache. I want to do development work using a laptop. I have installed Apache for Win32 on the laptop. I am doing the development using 127.0.0.1.

All goes well, cgi runs OK, perl is fine, etc. But htaccess doesn't work. Here's the setup.

httpd.conf:

ServerRoot "C:/Program Files/Apache Group/Apache"

Port 80

ServerName 127.0.0.1

DocumentRoot "C:/Program Files/Apache Group/Apache/htdocs/clientdir"


Options Indexes FollowSymLinks MultiViews Includes
Allow Override All
Order allow,deny
Allow from all


AccessFileName .htaccess

LogLevel debug


ServerAdmin dbull@hyperionresearch.com
DocumentRoot "C:/Program Files/Apache Group/Apache/htdocs/clientdir/"
ServerName www.client.com
ErrorLog logs/client.com-error_log


In the directory I want to protect, the .htaccess file:

AuthUserFile "C:/Program Files/Apache Group/Apache/htdocs/clientdir/passwords/1.passwords"
AughGroupFile "C:/Program Files/Apache Group/Apache/htdocs/clientdir/passwords/1.groups"
AuthName "Client Subscription Area"
AuthType Basic

Require group xxx


The group and password files are present and contain exactly the same info as that in the corresponding Unix files. When I attampt to enter the restricted directory, the username and password are rejected, and I get a 404, Authorization failed.

In the file "client.com-error_log" is the error msg:

[Date][error][client 127.0.0.1]user danbull:Authentication failure for "(path to file.shtml)": password mismatch

This setup works OK on the Unix machine. What's wrong? Please help. I'm starting to look silly, and I don't want to lose the gig.

Thanks a million,

Dan Bull
Hyperion Research LLC

PS: I feel silly, too :-)
  
  Jan 4, 2001, 06:02:09
   Re: htaccess problems
Someone, or something, has filtered my msg and removed all text within angle brackets. Guess you, dear reader, will have to supply them via your imagination, but they are in the original.

Dan Bull
  
  Jan 4, 2001, 22:17:12
   Re: Re: htaccess problems
Dan, the server looks at it as HTML, therefore it is not visible

sheesh, some iditoz today(no offense, im one of those idiots)   
  Jan 20, 2001, 07:52:31
  Can anyone post an example that actually fuctions
Please include the directory directive for the httpd.conf file and the .htaccess. I can't seem to make this work and I've not seen anything in any documentation or tutoria that shows a working example.

I can't make this work. Why does this need to be so hard?

Curtis   
  Jan 8, 2001, 01:36:33
   Re: Can anyone post an example that actually fuctions
Hi Curtis
I put the following statements to the end of the access.conf file.
This working well for me. It is need no editing anything in the httpd.conf.

------------------------------------------

AllowOverride AuthConfig

#
AccessFileName .htaccess
#

Order allow,deny
Deny from all


----------------------------------------
For .htacess file and password file read here http://www.openup.com/justin/authentication/

Hope this helps you.

cucbsc

> Please include the directory directive for the httpd.conf file and the .htaccess. I can't seem to make this work and I've not seen anything in any documentation or tutoria that shows a working example.
I can't make this work. Why does this need to be so hard?
Curtis   
  Jan 22, 2001, 10:15:27
  This question will be cake for you, but for me it is impossible...
I am trying to upload a message board for my site.

It is not working. The instructions state that I should edit the .htaccess file and add xbithack to it. Fine. But for a know-nothing like me, this seems impossible.

I am able to see the .htaccess file using ws_ftp. I open it using edit. I see a bunch of text. Where do I add the xbithack command? There must be a specific place for it, right?

Also, once I change this, I don't see how I can upload this back to the server. Should I download the file to my computer, edit it, and then upload it BACK to the server? Should I also delete the .htaccess file that is present so that I don't have two .htaccess files?
  
  Jan 10, 2001, 22:09:35
  HTACCESS
Hi,

I would like to know if it is at all possible to be able to authenticate a user from a .htpasswd file, and then have it auto redirect them to a certain directory beneath the main protected directory.

If you're not sure, maybe this will help...

A user, called matthew, is able to be granted access to a certain directory, and then upon permission being granted, it redirects that person straight to a subdirectory called matthew ... the same would happen if any other users are in that htpasswd file as well, such a john, if john entered his username and password, it would then redirect john to a directory called john.

Has anybody got any ideas how I can do this, or any sort of script that can do it for me?

Any help would be greatly appreciated.

Thanks,
Matthew   
  Sep 26, 2000, 04:34:52
   Re: HTACCESS
Matthew,

I am trying to accomplish the same thing..I am sorry for my English..the way I thought it is to creat an account for a user and from the main directory I just do a softlink for a part of the documents that the spcific user could see to his directory..I hope you got what I am trying to say..

However, if you find out anything please let me know.

Muheeb   
  Sep 28, 2000, 16:52:46
   Re: HTACCESS
You could probably simply try and reverse
the use of denial for this person in this directory:


order allow,deny
allow from all
deny that particular user's IP
ErrorDocument 403 http://domain.com/the-redirect-URL-for-that-user

  
  Nov 4, 2000, 03:54:43
  Restricting file referal access
Hi. I’ve been struggling with this for several months with no success. I am finding various web sites using absolute URLs to imbed photos from my server within their pages. I’m trying to restrict these so only html pages within my site can link to the main jpg files. I only have .htaccess ability. Can this be done in an .htaccess file?

My html files and thumbnails are in directories
www.domain.net/gallery/thumbs/folder1/
www.domain.net/gallery/thumbs/folder2/

and the full size images are located in
www.domain.net/gallery/images/folder1/
www.domain.net/gallery/images/folder2/

I would like to restrict the pictures in the second directory group so they can only be opened by html links in the first group, without affecting files in the rest of my site.
Any assistance would be greatly appreciated.
  
  Jan 12, 2001, 17:04:57
   Re: Re: HTACCESS
You can do a cgi script. The script will be the default file for the protected directory, and when it executes reads who is the user using the appropriate environment varialble, and then redirects to that user's directory.
  
  Nov 6, 2000, 21:01:26
   Re: Restricting file referal access
Hello there,
I made a generic copy of my htaccess file.
The top section is set to allow access only from the domains you choose, including the domain the protected directory is in.
The middle section is to disallow access to a new trend of off line browsers that simply run through sites and steal content.
The third section, specically disallows certain referrers. Most of these are chatrooms. The chat room software is able to get through a basic .htaccess, this section works to stop those.

Specific to you: it is always best to have a directory for images only, just so you can put this big .htaccess file in that folder and not have to send all your traffic through such a large checkpoint. This file will work in the /gallery/ file, or it will even work in the root. It just seems like a big file to me to put in the root, but on several of my domains, that is where I have it running without any problems.
-hope this helps you
-keith
-------------------------------------------

Options Includes FollowSymLinks
AddType text/x-server-parsed-html .html .htm .shtml .htm

AuthUserFile /dev/null
AuthGroupFile /dev/null
RewriteEngine on
RewriteOptions inherit
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://.*domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://.*domain.com:80/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://xxx.xxx.xx.xx/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://xxx.xxx.xx.xx:80/.*$ [NC]
RewriteRule .*[Jj][Pp][Gg]$|.*[Gg][Ii][Ff]$ http://www.sendbadpeoplehere.com/page.html

RewriteCond %{HTTP_USER_AGENT} ^DISCo\Pump.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Drip.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Gets.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^IBrowse.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\Ninja.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^JustView.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\tool.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\PiX.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\Explorer.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\Foto.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Pockey.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Slurp.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^SpaceBison.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\Image\Collector.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\Sucker.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Webster.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^ia_archiver.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^lftp.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut.*
RewriteRule .[Jj][Pp][Gg]*$ /leeches.html [L]

RewriteCond %{HTTP_REFERER} ^http://.*adfilter.com.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://207.198.147.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://www.neocities.* [OR]
RewriteCond %{HTTP_REFERER} ^http://chat.passagen.s.* [OR]
RewriteCond %{HTTP_REFERER} ^http://volpi.sti.com.* [OR]
RewriteCond %{HTTP_REFERER} ^http://batepapo0.uol.com.* [OR]
RewriteCond %{HTTP_REFERER} ^http://batepapo1.uol.com.* [OR]
RewriteCond %{HTTP_REFERER} ^http://batepapo2.uol.com.* [OR]
RewriteCond %{HTTP_REFERER} ^http://batepapo3.uol.com.* [OR]
RewriteCond %{HTTP_REFERER} ^http://batepapo4.uol.com.* [OR]
RewriteCond %{HTTP_REFERER} ^http://batepapo6.uol.com.* [OR]
RewriteCond %{HTTP_REFERER} ^http://batepapo7.uol.com.* [OR]
RewriteCond %{HTTP_REFERER} ^http://209.2.137.* [OR]
RewriteCond %{HTTP_REFERER} ^http://207.126.121.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://.*bianca.com/.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://.*angelfire.com/.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://.*hotmail.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://.*yahoo.com.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://.*geocities.com.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://www.partyhouse.*$
RewriteRule .[Jj][Pp][Gg]*$ /leeches.html [L]   
  Jan 19, 2001, 21:32:38
   Re: Re: Restricting file referal access
I've been struggling with my .htaccess all day and, using your example, I was able to piece together a file that works... sort of. I'm hoping you might be able to shed some light on a problem I'm having with it.

Here's a sample of my tiny little .htaccess file:

AuthUserFile /dev/null
AuthGroupFile /dev/null
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^.*mysite.com/enter.htm.\*$ [NC]
RewriteRule ^.*$ http://www.mysite.com/error.htm [R]


It works perfectly in denying access from everywhere except my "enter" page but once I enter the protected directory, if I move into a sub-directory I get broken image files. If I attempt to enter a deeper sub-directory, I get taken to my error page.

Can you possibly suggest something that would solve the problem? Thanks!
  
  Jan 27, 2001, 01:24:54
  tftp
I have installed the Apache Webserver on a Linux box with the Redhat version7.

I would like to set up the server to work with a remote computer/device to work with in TFTP protocol.

Do I need more than the Apache software came with the Redhat?
And how do I set them up to work with the TFTP? Setting the 'Port' or 'Listen xx' to tftp port of 69 within the 'httpd.conf' file did not help.

Thanks   
  Jan 14, 2001, 20:34:08
  publíc_html directory and .htaccess
Hi.

How can I make my .htaccess work within /home/*/public_html directories?

I have added:

AllowOverride AuthConfig

to my apache configuration, but still It doesn't work.
But if I use my .htaccess and .htpasswd files my htdocs dir, it works.

I appriciate all help I can get.

/Andreas   
  Jan 17, 2001, 23:26:25
  Servlet authentication
Hello.

I'm trying to get client authentication when executing a servlet with Apache JServ. I have no problem with using the .htaccess file for static html pages.

When the servlet gets a request an HttpServletRequest object is sent to the get() and post() methods. This object can be asked to return the authenticated user with a method called getRemoteUser().

Can this be achieved with .htaccess usage or some other way ?

Very thankful for response...   
  Jan 19, 2001, 12:01:48
   Re: Servlet authentication
I am also facing the same problems. Can some one enlighten us on this?
Regards   
  Jun 8, 2001, 12:49:49
  Unable to Authenticate
Hey, I cant seem to be able to authenticate, i have made shure everything was in place, I re set-up the password a couple times to see if I just typed it wrong, but it turns out that i didnt, anyone want to help me? I would greatly appriciate it!   
  Jan 20, 2001, 08:43:00
  Authentication via DBM
Hi all!

I am trying to use DBM to authenticate users...
The only thing I know is, to exchange UserFile by UserDBMFile.
Exp: "UserFile /somewhere/.htpasswd" -> "UserDBMFile /somewhere/.userdbm" - this file I created using dbmmanage. But actually no given user can login :-\
Anyone got a hint for me what goes wrong?

Any other working method to control directory access in apache so I can manipulate the password file by using PHP welcome too, of course!

Thx, Richard   
  Jan 20, 2001, 18:34:44
  Forbidden 403
Hey, when i try to put 2 htaccess's in my web server... One works, the other one, well the server just forbidz me to access it... I dont know why!   
  Jan 23, 2001, 01:06:03
  mime change
I am a user of .htaccess.

Can you please tell me what to put in the file. I need to let my server handle files that are .htm as .shtml

Can someone help?

Daniel Osipov
dan@osipov.org
http://osipov.org/
  
  Jan 24, 2001, 03:45:14
  CGI gaining read/write access
I am currently sitting with the same problem with not knowing how to give read/write privlages to certain directories/cgi-bin .I was just wondering if you have had a response on you enquiry. If you know how to, I would appreciate it if you could inform me too. Thank you for your time.
Charl Marais   
  Jan 24, 2001, 11:17:26
  Read/write access
Does anyone know how to gain read/write access to directories on your server using apache?If so please e-mail me at wacycharl@usa.net.

Thank you Kindly   
  Jan 27, 2001, 13:26:51
  Apache-tomcat-jboss
Hi,
I'm wondering if I have to configure my apache http-server to be able to use it with my app-server that runs on another machine and if so how should I configure it?
Can I just redirect the traffic to my login side? or...

Thanks
Affe   
  Jan 31, 2001, 20:17:57
  protecting /usr/local/apache/htdocs(default directory)
how to protect my defaul documet directory ie' /usr/local/apache/htdocs??


Thx
Paras   
  Feb 1, 2001, 06:10:39
  .htaccess and ssl
How do you set up apache to allow only ssl conections to a virtual doamin? I found plenty of documentation on requiring a password but not requiring ssl. Any assistance will be appreciated.
Thanks   
  Feb 6, 2001, 17:02:34
   Re: .htaccess and ssl
You could use the mod_rewrite to automatically redirect all requests to the virtual domain to the https port.

Of course, you will be taking a small performance hit each time the rewrite engine is used.   
  Mar 31, 2001, 10:23:00
  Default document
How can i configure in the .htaccess file to open /cgi-bin/index.cgi?   
  Oct 2, 2000, 13:31:37
  Once the password fails I need to redirect to a webpage
Does anyone know how to redirect to a webpage when the logon is unsuccesful in authorizing the user.

My .htaccess is working fine but instead of an error "UNAUTHORIZED" I would like to redirect the user to a webpage where they can apply for permissions.

I would really appreciate a quick response.

Thanks :-)   
  Feb 6, 2001, 23:41:42
   Re: Once the password fails I need to redirect to a webpage
httpd will return a 401 error if authorization fails so....
Use the ErrorDocument directive:

ErrorDocument 401 /unauthorized.html

where unauthorized.html is the page you want to redirect to.   
  Mar 31, 2001, 09:42:27
   Re: Default Document
Try:

DirectoryIndex /cgi-bin/index.cgi

That works if you want to just redirect the index page. If you want it to also show up when an error occurs, try this:

ErrorDocument 400 /cgi-bin/index.cgi
ErrorDocument 401 /cgi-bin/index.cgi
ErrorDocument 402 /cgi-bin/index.cgi
ErrorDocument 403 /cgi-bin/index.cgi
ErrorDocument 404 /cgi-bin/index.cgi
ErrorDocument 405 /cgi-bin/index.cgi
ErrorDocument 500 /cgi-bin/index.cgi

I use the DirectoryIndex to point certain directories to a index.php3 instead of an index.html. However, my host won't let me use ErrorDocument (arrghh!!).
  
  Oct 24, 2000, 22:28:36
  I am unable to see the .htaccess file using ws_ftp
Hi
After uploading some files (i didn't know that there was also a .htaccess file) for testing, I couldn't delete the folder ( i think it must be a .htaccess file)

here's the error message :

550 myphpboard: Directory not empty
! Delete of myphpboard failed

But the directory seems to be empty.

could somebody help me to delete the folder/file??

- Ingo   
  Feb 9, 2001, 14:17:25
   Re: I am unable to see the .htaccess file using ws_ftp
I know what you mean.

Personaly I use MSDOS for deleting these files. (if you are using windows)

1) Open the dos prompt and type "FTP"
2) Type "OPEN"
3) Type your ftp server name
4) When prompted enter your username and password
5) use "cd dirname" to change directory ("dir" will display the directories contents)
6) When you ate in the specified directory type "delete .htpasswd"

I hope that helps!

David...   
  Mar 1, 2001, 21:12:02
   Re: I am unable to see the .htaccess file using ws_ftp
you may have solved this already as your post is over a month old. if you type
-al in the box (under mkdir on the server side)in wsftp you'll see all the hidden files in the directory. You can then delete them as normal to empty the directory.   
  Apr 7, 2001, 12:00:55
   Re: Re: I am unable to see the .htaccess file using ws_ftp
Great hint!   
  Jun 18, 2001, 18:05:58
  using unix encripted passwords with apache under win32
Can I use unix encripted passwords generated by verotel company
(third party) which adds password to my user list remotely using perl,
my htaccess doesn't seem to reconize them, it only seems to work with mp5 type,
Is there some way to config apache under win32 to use unix type encription.
Please Help!   
  Feb 11, 2001, 01:35:54
  Win32 version does not install
"Internal Error 2735. ResolveServerName"
I can't install Apache 1.3.17 in Windows 98SE anymore

And this .msi stuff, is this really necessary?
I suddenly needed extra software from MS to be able to install at all (?why?).
Just compile the installable exe, like you used to. It has less problems.   
  Feb 12, 2001, 11:28:09
  How to create username/password?
Hello people,

I have read the tutorial on .htaccess files, but it doesnt seem to explain how to create usernames and passwords! I am running Apache on a linux system. It is possible to specify in the .htaccess file what 'password' file to use (similar to /etc/passwd), but how do I create a password file??
Any hints?

Regards,
Stuart   
  Feb 14, 2001, 01:19:58
   Re: How to create username/password?
You have to use the htpasswd command. the command should reside in apache's bin directory. run it with something like:

htpasswd -c /path/to/.htpasswd usernameyouwant
It will then prompt you for a password. It will write

usernameyouwant:encriptedversionofpassword into the file /path/to/.htpasswd

If you want to add anothername to this file, omit the -c option (c "creates"
the password file, and will overwrite previous entries).

Good Luck!

--Phil   
  Feb 16, 2001, 18:37:53
   Re: How to create username/password?
In the directory you want to protect, create a file called .htaccess. It should look something like this.

AuthUserFile /usr/www/dirname/.htpasswd
AuthGroupFile /dev/null
AuthName "The Secret Page"
AuthType Basic


require valid-user



Next, change the path at "AuthUserFile" to be the path of the dir you're protecting. (plus the .htpasswd filename)

Run htpasswd -c .htpasswd user_name (where user_name is a name)

You'll then be prompted for a passwd to enter and once again for verification.
You can add users to this .htpasswd file by running the htpasswd command over again, but it is only necessary to use the "-c" option when creating an htpasswd file for the first time. To disable, simply remove the .htpasswd file.   
  Feb 20, 2001, 18:38:49
   Re: How to create username/password?
You need to modify the httpd.conf file of the Apache.
Put lines like ---
AuthName
AuthType Basic
AuthUserFile


require valid-user


and then use the following Apache command to create
username/password lines in the password file as mentioned above in the
httpd.conf file.

Linux and Open Source Hurrrrrrrrah !!!!!!!!!!

Bye
Rakesh Raina   
  Aug 14, 2001, 07:34:00
   Re: Re: How to create username/password?
I need to store encrypted password in the oracle 8i database. How do i do it?
I am using mod_auth_oracle. i am able to use it if passwords are clear text   
  Jun 8, 2001, 12:57:56
   Re: Re: How to create username/password?
Good .A small correction .
The syntax should be

require user valid-user

instead of

require valid-user

If I try with later ,my login /password always fails. But with the first syntax,
authentication succeeds .

Magesh   
  Jun 28, 2001, 00:56:56
  authentication for perl scripts
I have several perl scripts that live in my httpd/cgi-bin/*.pl directory. I would like to use .htaccess for authentication, however when I tried it, the htaccess file is ignored. is this possible?   
  Feb 14, 2001, 22:07:49
  401 error - authorization required.
HI,

I have, as far as I can tell, setup .htaccess, .htpasswd, .htgroup correctly. When trying to access a page I get the password authentication box, but when I enter the password it does not give access. I'm running apache 1.3 on a pentium class/RedHat Linux v6.2. Apache was installed during linux setup.
the htdocs (www root directory for apache) is NFS mounted from another server.
The Linux box is setup as a standalone server (not in our NIS domain), and the NFS share is mounted read-only. All the web files are served properly, but I can't get authentication to work.

Details of what I've done (note ---- denotes begin and end of file):

.htaccess
----------
AuthUserFile .htaccess
AuthGroupFile .htgroup


in .htaccess file>
1)Require user ph
2)Require group sysadmin
3)
Require user ph

-----------


.htgroup
--------
sysadmin: ph
--------

Created .htpasswd using /usr/local/apache/bin -c /usr/local/apache/htdocs/ph/.htpasswd ph
then entered "blah" for passwd (no "'s)

.htpasswd
----------
ph:j1TcN2gefJFSs
----------

The only things I can think might be causing the problems:

1) do I need to give full path to the .htaccess file?
2) the htdocs directory (root www directory that apache is serving) is mounted via NFS to the linux box running apache)
3) I have created the .htpasswd file by running htpasswd from the linux box that
is serving the web pages. If I run htpasswd with same username and password on another machine running apache, I get a different encripted password (may be normal behavior??)

Any help appreciated. Please CC me (ph@ti.com) on any response.

Thanks!

Phil
  
  Feb 16, 2001, 18:55:02
  Authorization Required
I have ht.acl file in the directory
and
inside the ht.acl file
AuthUserFile /home/jspwd/htpasswd.acl
if have placed this file
so when ever i try to access that directory
it prompts with the login window
however, it never allows
even though i have created htpasswd.acl file with htpasswd.exe
and i am typing exactly same id and pass
does anyone know y?   
  Feb 18, 2001, 00:32:44
  How to prohibit 2 user using same login name at the same time?
I would like to ask if I want to prohibit 2 or more user use the same user name to login in at the same time. How can I do? I mean I want to run a one-user-one-password policy. Can htaccess do it? Thanx!   
  Feb 20, 2001, 08:04:06
  username and password rejected
i am attempting to use .htaccess files to password protect a website. i have set up the user file and i am pointing to it with directives on the .htaccess file. everything seems in order and when i hit the pages with a browser, i am prompted BUT when i enter the username and password, it rejects it. i have tried from multiple client machines and different browsers. what am i doing wrong?   
  Oct 6, 2000, 22:23:40
  Is there a tool for managing .htaccess files
Hello people,

I want to ask if there is a tool for managing .htaccess-files? Such as that users of special directories can enter their own entries into a .htaccess files for these directories. I have noticed that it is a problem for these users to edit the .htaccess file directly with a text editor (don't ask me why...), so it would be helpful to offer them a simple web based tool to edit the .htaccess-file. Does any one know if there is such a tool or do I have to write it on my own?

Regard
Bernd

  
  Feb 20, 2001, 09:56:17
   Re: username and password rejected
Hi

you must fill in the full path name e.g.

/var/www/virtual/your/path/to/.htpasswd


all right??

cu
manu   
  Oct 17, 2000, 12:42:16
   Re: username and password rejected
what htpaccess.exe did you use?
it has to be under the same platform   
  Mar 15, 2001, 07:11:24
   Re: Re: username and password rejected
I picked up on your e-mail as I was suffering with the same prob..... but on NT.

I typed in the FULL Path i.e

AuthuserFile C:\webserver\htdocs\private\ht.acl

And low and behold... IT WORKED

Nice one Manu   
  Oct 21, 2000, 17:03:01
  do not request username/password
hi guys,
i'm using the .htaccess file to control the access at one area of my website.
how can i configure the apache web server to don't request username/password in this area, from an especific ip??

thks
  
  Feb 22, 2001, 11:29:50
  how do I set username/password on NT
I already install Apache on my NT box and I created file .htaccess in Apache directory. How do I set username/password on my web? What program to generate password on NT? Thanks   
  Feb 28, 2001, 01:37:24
   Re: how do I set username/password on NT
> I already install Apache on my NT box and I created file .htaccess in Apache directory. How do I set username/password on my web? What program to generate password on NT? Thanks

So
under Windows NT, there is no encrypt function, so you just need password as plaintext. eg. if your name is aa and passwd is bb
so you put something as following in to the file .htuser,that's OK!
aa:bb

as I know, the Auth_dbm is the same
  
  Jul 2, 2001, 11:36:52
  Out of Memory Error
When I try to Compile the JSP File in Appache Server (Windows NT) I received the Following Problem

M025 /netz/empinfo/editempdebug.jsp:

java.lang.OutOfMemoryError
at org.gjt.jsp.HttpJspPageImpl.service(Compiled Code)
at javax.servlet.http.HttpServlet.service(Compiled Code)
at org.gjt.jsp.JspServlet$Page.process(Compiled Code)
at org.gjt.jsp.JspServlet.service(Compiled Code)
at javax.servlet.http.HttpServlet.service(Compiled Code)
at org.apache.jserv.JServConnection.processRequest(Compiled Code)
at org.apache.jserv.JServConnection.run(Compiled Code)
at java.lang.Thread.run(Compiled Code)


Pl. Help.

Regards
HARISH
  
  Feb 28, 2001, 08:10:25
  How to execute PHP commands in html files?
I have an Apache web-server. On it is installed PHP4. But php-commands executes only in files with php-extentions. But in htm and html files PHP commands doesn't executs. Is it possible to hanle tis problem with .htaccess and httpd.conf?   
  Feb 28, 2001, 12:03:34
   Re: How to execute PHP commands in html files?
> I have an Apache web-server. On it is installed PHP4. But php-commands executes only in files with php-extentions. But in htm and html files PHP commands doesn't executs. Is it possible to hanle tis problem with .htaccess and httpd.conf?


It is easy, but may not be recommened.

add the following in httpd.conf

AddType application/x-httpd-php .html   
  Jun 10, 2001, 14:39:01
  "save as" pop up window
Help !!
My web host (hostsave.com) has an apache server and he sent me the LINK to this article. Is he nuts or something? He wants ME (I just have a website on his APACHE server) to correct a problem that I have on HIS apache srever. He's telling me to READ this article and correct HIS problem.
Here's what's wrong. I have several files on his apache server in a DOWNLOADS directory. When a visitor clicks on a link to setup.exe, the saveto popup window appears. Fine. But when he clicks on a link to setup.W02 the file OPENS instead. This did not happen with my previous 3 web hosts. I need the saveto wibndow to appear so that the visitor can DOWNLOAD the setup.w02 file.

Please, please, tell me what to do, or really what to tell him to do with his APACHE server.

Thanks.

Professor Martin Weissman   
  Feb 28, 2001, 13:30:34
  403 Forbidden error when i try to access files
Hello, I get a forbidden 403 error everytime i try to access the directory listing... can anyone tell me why, and how to fix this?   
  Mar 3, 2001, 08:28:07
  CGI Read / Write Access
Many people here seem interested in specifically how you grant CGI scripts read / write access to a directory. Perhaps apachetoday.com should place an obvious link to such information somewhere on the page.

wdeans@wdeans.com

  
  Mar 4, 2001, 13:59:32
  htaccess multiple logins
I'm accessing two seperate web sites under the same domain. When I access the first site the first time I get the login prompt fine. When I login to the second website for the first time I get the login prompt fine. Now if I go to the first web site again I get another prompt for login. It then prompts me for every page I now try to browse to in the first site. This also works if I reverse the order of the sites. Everything works fine as long as I don't start browsing to my second site. Any help would be appreciated.   
  Mar 9, 2001, 20:24:25
  .htaccess
Please show me how do I restrict password protected only one file under the directory. I have a .htaccess under the directory, but not point to specific file that I want. I have not seen any concept of the authentication for specific file on the .htaccess.


Regards,
Judy   
  Mar 14, 2001, 01:17:17
   Re: HTACCESS
Instead of using HTAccess you could use a perl Script. The script could create directories and files on the fly and it could check for a user/password match just like HTACCESS. I am not sure what else I may be able to input, sorry if that was not helpfull.   
  May 25, 2001, 03:56:05
  Apache Server 1.3
i receive this error when i try to access to the webpage that i trying to host in my dns

Forbidden
You don't have permission to access / on this server.


--------------------------------------------------------------------------------

Apache/1.3.9 Server at www.fullcircledesign.com.sg Port 80

please assist

how can solve this error.

i will appreacite your help

hoay fern

  
  Mar 20, 2001, 03:06:10
  Autorization Required problem
I have the htaccess and the htpasswd files setup correctly. However when I go to my web page it prompts me for my username and password. I type in the user name and password and it tells me "Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required."

Here's my .htaccess file:

Satisfy All
AuthUserFile /blahblahblah/.htpasswd
AuthGroupFile /dev/null
AuthName "Test"
AuthType Basic

require valid-user

===

Does anyone have any ideas???

Thanks.   
  Mar 20, 2001, 20:44:05
  apache htaccess on NT4 Workstation
i follow the instructions to set up the htaccess and create user with the password. However, i didnt see any prompt which request the username and password. IT seems like it wont work at all...

i keep my .htpasswd in c:/apache/bin/

my .htaccess file look like this:

AuthUserFile c:\apache\bin\.htpasswd
AuthGroupFile null
AuthName "The Secret Page"
AuthType Basic

require user abc

i will be glad if anyone can give me any comment of this problem...
Thank you..   
  Mar 21, 2001, 06:54:55
  .htaccess to restict files for download
I have pdf files which I only want to the user to download, not view in the browser. I understand that an access file is the way to go in this situation so that the files are automatically downloaded. Can anyone help me with the specifics? I have only found direction on creating password authentication files. Thanks!   
  Mar 27, 2001, 00:14:32
  .htaccess not working
Hai
i have my apache running under the dir c:\program files\apache group\apache and my .htaccess file is in c:\program files\apache\html\.htaccess. the code in the .htaccess file is
AuthName my secret stuff
AuthType Basic
AuthUserFile c:/temp/users
require user martin
this
i want to restict the use of the file under the html dir. what should i have to next
is it matters if my htpasswd is under c:\temp\users?
if anyone can give me an answer, that will be great
bye   
  Mar 28, 2001, 16:07:24
  .htaccess on Exodus Server
umm... i found a .htaccess file in my root directory while ftp'ing but my webhost says they running a exodus server, is this file exclusive to apache, or is a 'Exodus Server' just a wrapper for a Apache server, or What ?

Also, is it safe to download and edit the file if i running windows, cause i know line breaks and stuff are different depending on your OS.

thanx
Noel   
  Mar 29, 2001, 02:46:25
Enter your comments below.
Your Name: Your Email Address:


Subject: CC: [will also send this talkback to an E-Mail address]
Comments:

See our talkback-policy for or guidelines on talkback content.

About Triggers Media Kit Security Triggers Login


All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux 2.4, Apache 1.3, and PHP 4
Copyright 2002 INT Media Group, Incorporated All Rights Reserved.
Legal Notices,  Licensing, Reprints, & Permissions,  Privacy Policy.
http://www.internet.com/