Hi,

I've been pulling my hair out with this so any pointers as to where I should
start would be appreciated.

I've a directory, 'admin' in my apache2 server that I want to protect from
access and be prompted for a user name and password- the complete directory
structure is:

/srv/www/ htdocs/admin

htdocs is the document root and I created an 'allowlist' in the www
directory. I've created a .htaccess file within the admin directory
containing:

AuthUserFile /srv/www/allowlist
AuthGroupFile /dev/null

AuthName "TheSecretpage"

AuthType Basic

<Limit GET POST>

require valid-user

</Limit>

The httpd.conf file has:


# forbid access to the entire filesystem by default

<Directory />

Options None

AllowOverride All

Order deny,allow

Deny from all

</Directory>



<Directory ~ "/admin">

Options All

AllowOverride All

Order deny,allow

Deny from all

</Directory>



# use .htaccess files for overriding,

AccessFileName .htaccess

# and never show them

#<Files ~ "^\.ht">

# Order allow,deny

# Deny from all

#</Files>



At present I am not getting prompted for a user/password and am getting
access denied when I try and access the directory.

Any ideas?

Thanks in advance

Tim

--
I never wish I was not what I was not when I didn't wish what I was not was
not what I am not.

Post removed (X-No-Archive: yes)

"Davide Bianchi" <davideyeahsure [at] onlyforfun.net> wrote in message
news:slrnfekh5o.2pn.davideyeahsure [at] fogg.onlyforfun.net...
> On 2007-09-14, Tim Gordon <tim [at] mgom.commercial.uk> wrote:
>> # forbid access to the entire filesystem by default
>>
>><Directory />
>> Options None
>> AllowOverride All
>> Order deny,allow
>> Deny from all <---- NOTE
>></Directory>
>>
>><Directory ~ "/admin">
>> Options All
>> AllowOverride All
>> Order deny,allow
>> Deny from all <--- NOTE
>></Directory>
>
> This way you basically deny any access to such directory.
>
>> At present I am not getting prompted for a user/password and am getting
>> access denied when I try and access the directory.
>>
>> Any ideas?
>
> Yeah, get rid of the 'deny' bit and put an 'allow from all' instead.
>
> Davide

Thanks, but that cannot be correct. My root directory is working for
annoymous browsing no problem at all. I did the change you suggested
though, to the admin directory, and now I have full access. Still no prompt
for user or password though.

Anyone else any thoughts or ideas?

Tim

--
I never wish I was not what I was not when I didn't wish what I was not was
not what I am not.

Post removed (X-No-Archive: yes)

"Davide Bianchi" <davideyeahsure [at] onlyforfun.net> wrote in message
news:slrnfeki69.2pn.davideyeahsure [at] fogg.onlyforfun.net...
> On 2007-09-14, Tim Gordon <tim [at] mgom.commercial.uk> wrote:
>> Thanks, but that cannot be correct. My root directory is working for
>> annoymous browsing no problem at all. I did the change you suggested
>> though, to the admin directory, and now I have full access. Still no
>> prompt
>> for user or password though.
>
> One step at a time. Now you have access to the directory, it's time
> to check if the .htaccess is read and why it doesn't work. Any
> informations
> in the error_log?

Nothing in the error log and the access log is normal too. I have a piece
of text at the end of my .htaccess file 'GARBAGE' which, if the file was
being read, I thought I'd get an error somewhere.

> How did you created the 'accesslist'?

Mmm. An online tool.

Tim

--
I never wish I was not what I was not when I didn't wish what I was not was
not what I am not.

Post removed (X-No-Archive: yes)

"Davide Bianchi" <davideyeahsure [at] onlyforfun.net> wrote in message
news:slrnfekjad.2pn.davideyeahsure [at] fogg.onlyforfun.net...
> On 2007-09-14, Tim Gordon <tim [at] mgom.commercial.uk> wrote:
>> Nothing in the error log and the access log is normal too. I have a
>> piece
>> of text at the end of my .htaccess file 'GARBAGE' which, if the file was
>> being read, I thought I'd get an error somewhere.
>
> Ok, so now the problem is that your .htaccess is not read. I think that
> somewhere in your configuration your <Directory> block is overridden,
> I'd start by changing the block as follow (if I remember correctly your
> original post and you haven't falsified anything) :
>
> <Directory "/srv/www/htdocs/admin">
> Options All
> AllowOverride All
> Order allow,deny
> Allow from all
> </Directory>
>
> (restart apache of course after doing this)
>
> then post your config file.
>
>> Mmm. An online tool.
>
> Watch out: if the password is encrypted with a different library than
> the one installed on the server it won't work. Always and only use
> the standard htpasswd program.


That's done it! Thanks very much.

I got a server error 500 to start with. I then remembered to take the
'garbage' text out from the .htaccess and now it works a dream.

Tim

--
I never wish I was not what I was not when I didn't wish what I was not was
not what I am not.