Directory Protection Not Working

Discussion in 'Installation/Configuration' started by robin99, Jan 26, 2007.

  1. robin99

    robin99 New Member

    I created a new directory and then have tried to protect that directory through Web-FTP in ispconfig. I set up a username of "username" and a password of "password" to test the directory protection. The .htaccess and .htpasswd files are created, however when i access the folder through a web browser it asks for username and password and i enter these. But even though i am entering the correct username and password ( i have even tried copying and pasting to make sure it is correct ) but it does not accept the username and password.
    How can i solve this???
  2. falko

    falko Super Moderator ISPConfig Developer

    Which distribution are you using? Have you tried changing the password?

    What's in the .htaccess and the .htpasswd file?
  3. robin99

    robin99 New Member

    I am using ISPConfig Version: 2.2.9 installed on ubuntu 6.06.1 server
    I installed ubuntu and ISPConfig using the Perfect Setup Ubuntu 6.06

    .htaccess file

    AuthType Basic
    AuthName "Members Only"
    AuthUserFile /var/www/web3/user/web3_user/web/private/.htpasswd
    <limit GET PUT POST>
    require valid-user

    .htpasswd file

    Last edited: Jan 27, 2007
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Please try to use the htpasswd command on the commandline to create a new password. Does the login work with this manually created password?
  5. robin99

    robin99 New Member

    OK i have managed to get it working. I had to change $go_info["server"]["password_hash"] = 'md5' as it was set to crypt. This was in the file /home/admispconfig/ispconfig/lib/
  6. aqua

    aqua New Member

    I am getting the same error as well. When I protect a directory, and I input the right password it will not let me in.

    I looked in the .htaccess file and I found it puts in the following stanzas:

    AuthType Basic
    AuthName "Members Only"
    AuthUserFile /var/www/web13/web/.htpasswd
    <limit GET PUT POST>
    require valid-user

    That is not the right location for the .htpasswd file as per how the system saves it, ISPconfig actually places it in /var/www/webxx/user/username/.htpasswd

    I corrected the location. It now actually takes the password, but I am presented with a 403 Forbidden Error when I try to login.

    Also, when logging in through the web-ftp, if you don't choose the right domain name, and proceed to login and protect the directory, ISPconfig will save the AuthUserFile variable to match the wrong domain you chose.
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    It might be that the directory protection does not work for user websites. It is designed for the main website only.

Share This Page