apache configuration

Discussion in 'Installation/Configuration' started by pcburner, Mar 10, 2008.

  1. pcburner

    pcburner New Member

    Ok here's the deal I learned how to protect some directories that require username and password to gain access. Now I've changed the password several times along with the username and still no luck. Now here's the thing that puzzles me, for the information that I've been able to gather everyone states this command- htpasswd -c /path/to/passwords/passwd username but when I use that command I keep get an error. So I tried this- htpasswd -c /path/directory/.htpasswd username and that worked. Now when I click on the link for the directory I get a username and password pop-up. I enter in the info, and nothing happens it keeps coming back blank as though the info I gave it is not correct. What is it the I don't have correct? Also perhaps this might help for the apache config?

    <Directory /path/to/directory>
    AuthUserFile /path/to/.htpasswd
    AuthName Protected
    AuthType Basic
    require valid-user
    Allow 192.168.1.*

    I also have in the .htpasswd file the path as the location of the .htpasswd file. I also believe I chmod the password file with a 644, and the .htaccess file as well. As matter of fact I just tested those files with 777 and still nothing. So what am I missing in the configuration?

    I also changed the ownership and groups to apache for the protected directory before any of this.
  2. topdog

    topdog Active Member

    Actually the first command should work, what is the error you get when you run the command ?

    P.S the .htaccess file is supposed to be used to override configurations not as a passwd file.
  3. pcburner

    pcburner New Member

    The error is this - access to /path/to/directory failed, reason:verification of user id 'username' not configured, referer http://servername/
    Last edited: Mar 10, 2008
  4. topdog

    topdog Active Member

    But your post states that you get an error
  5. pcburner

    pcburner New Member

    Sorry about that- the error that I get is this - htpasswd can't create the directory /var/www/passwords/passwd
  6. pcburner

    pcburner New Member

    I also tried this - htpasswd - c /var/www/passwd/passwords/ username and still nothing I get the same error as above htpasswd can't create the directory /var/www/passwd/passwords.
    I even tried to create the directory manually and that still didn't work.
  7. pcburner

    pcburner New Member

    I figured out the htpasswd command thanks to TopDog! But I think there is a conflict between Apache and the .htaccess file. I have tried different codes but nothing has worked. Here is what I have thus far in my .htaccess file.

    AuthUserFile /etc/httpd/conf.d/users
    AuthName "Protected Public Files"
    AuthType Basic
    require valid-user

    Is there anything in here that I missing also what should the permissions be set at 644, 755? I've tried even 777 and that still didn't work I 've also set the permissions the .htpasswd file to 777 and that didn't work also what should those permissions be?
  8. zetnsh

    zetnsh New Member

    Apache can be notoriously tricky on this one. A shot in the dark, but it may be related to the relevant feature (AuthConfig in this case) simply not being allowed on the server. Are you seeing something like:

    "Client denied by server configuration" in the error logs?

    You could try putting somewhere appropriate in your httpd.conf file (the configuration file for Apache) near the bottom (above the virtual hosts) something like:

    <Directory /path/to/webuser/root>
    AllowOverride +AuthConfig
    This directive controls what Apache allows in .htaccess files. It may well be that something earlier in the config file is disabling the use of the AuthConfig functions directive.

    Remember - the error log is your friend!

    I have to say - I wasn't completely clear on what your problem was from your description, but there's chance this might help.

    Maybe you could post an appropriate extract from your server's error log that shows what error you're getting.

    Good luck!
  9. pcburner

    pcburner New Member

    Here is the error that I am getting-

    [Mon Mar 10 13:02:24 2008] [error] [client:]access to /path/to failed, reason: user 'username' does not meet 'require'ments for user

    I am not sure what this means? Is there some kind of password requirements that I don't know about or is this because it is unable to read the htpasswd file?
    I have changed the permissions on it to several different settings and that didn't change anything.
  10. zetnsh

    zetnsh New Member

    I think all that's saying is that you said "require valid-user" in your .htaccess file, and the authentication data supplied didn't meet that criteria. Incidentally, have you tried that with an upper case "R" at the beginning? eg. "Require valid-user" rather than "require valid-user" ?

    Could it simply be that the username/password combination in your .htpasswd file have invalid characters?

    You could try changing it to read something like

    Require user <username>
    Where obviously you replace <username> with the, erm, username!

    You may get a different error if it's a .htpasswd problem, which might give you more of a clue!

    Sorry I can't solve it for you, but I do try ;-)
  11. pcburner

    pcburner New Member

    ok now here's something might help as well. In the .htaccess file I also created custom error documents. But when I do something to create an error it isn't displaying those documents either.
  12. pcburner

    pcburner New Member

    Ok, I put AllowOverride in the httpd.conf and I got a different error. When I clicked on the link I got a Forbidden Page.
  13. zetnsh

    zetnsh New Member

    That's progress of some sort I suppose ;-)

    Would you mind posting a) the appropriate slice of the error log and b) the contents of the .htaccess file?

    I know you've sent these before, but they might have changed!
  14. pcburner

    pcburner New Member

    You were right about one thing that when using .htaccess AuthConfig has to be utilized in the httpd.conf. Now I have the opposite problem as before. After working with it more I found out that I had to change the permissions on the parent folder that holds the two child directories. Now the problem is I have made so many changes I don't where to go from here.
  15. topdog

    topdog Active Member

    I dont understand why you insist on using .htaccess files when you have access to modifying the httpd.conf file. The configuration i gave you works from within the httpd.conf file and should just work.
  16. pcburner

    pcburner New Member

    Because I didn't know that is what the code was for. Plus I have the understanding that in order for it to work you had to have the .htaccess file to work. TopDog I want you to know that I sincerely appreciate your help!!! I did try your coding that you sent, I wasn't sure if it was for the .htaccess file or the httpd.conf so I had tried it in both places and it wouldn't work and after each change I would restart httpd. But I got it now.
    Last edited: Mar 11, 2008
  17. zetnsh

    zetnsh New Member

    Worth mentioning here, I reckon that although .htaccess is probably the wrong place for <Directory> configurations, it tends to be considered as the right place for User authentication stuff, not least of which because you don't need a restart for it to see any changes!

    So is it working now?


  18. rama646

    rama646 New Member

    I gor different error

    Hi all,
    I am getting different error in apache server log
    [client ::1] (13)Permission denied: Could not open password file:

    <Directory "/srv/www/cgi-bin/testmaster">
    AllowOverride AuthConfig

    Alias /testmaster "/srv/www/htdocs/testmaster"
    <Directory "/srv/www/htdocs/testmaster">
    AllowOverride AuthConfig
  19. falko

    falko Super Moderator ISPConfig Developer

    What are the permissions of your password file?

Share This Page