htpasswd works only for valid-user
Hi
I'm using htpasswd to write the user password form my htaccess. It works only if I put "require valid-user" not if I put "require specificuser" any idea? thx Laurent |
htpasswd works only for valid-user
On Monday 08 March 2010 21:48:12 Laurent Kappler wrote:
> Hi > > I'm using htpasswd to write the user password form my htaccess. > > It works only if I put "require valid-user" not if I put "require > specificuser" > > any idea? It should work, if everything else is correct. With that in mind, What do you mean by "doesn't work?" i.e. what exact error is in the logs as the reason for the failure. Also, please provide the relevant config for the directory in question? -- alan dot mckinnon at gmail dot com |
htpasswd works only for valid-user
On Monday 08 March 2010 19:48:12 Laurent Kappler wrote:
> Hi > > I'm using htpasswd to write the user password form my htaccess. > > It works only if I put "require valid-user" not if I put "require > specificuser" > > any idea? Have you tried: AuthType Basic (or Digest) AuthUserFile /usr/local/apache/passwd/htpasswords Require user specificuser Make sure that the path to the htpasswords file is outside your webroot - you don't want visitors to be able to access it! -- Regards, Mick |
htpasswd works only for valid-user
Alan McKinnon <alan.mckinnon@gmail.com> writes:
> On Monday 08 March 2010 21:48:12 Laurent Kappler wrote: >> Hi >> >> I'm using htpasswd to write the user password form my htaccess. >> >> It works only if I put "require valid-user" not if I put "require >> specificuser" >> >> any idea? > > It should work, if everything else is correct. With that in mind, > > > What do you mean by "doesn't work?" i.e. what exact error is in the logs as > the reason for the failure. > > Also, please provide the relevant config for the directory in question? also... what is in .htaccess (with any sensitive data x'ed out) |
htpasswd works only for valid-user
Mick a écrit :
On Monday 08 March 2010 19:48:12 Laurent Kappler wrote: Hi I'm using htpasswd to write the user password form my htaccess. It works only if I put "require valid-user" not if I put "require specificuser" any idea? Have you tried: AuthType Basic (or Digest) AuthUserFile /usr/local/apache/passwd/htpasswords Require user specificuser Make sure that the path to the htpasswords file is outside your webroot - you don't want visitors to be able to access it! I check the log file here is the line: 77.54.124.11 - specificuser [09/Mar/2010:16:46:35 +0100] "GET /admin HTTP/1.1" 401 472 it does not auth. My .htaccess: AuthUserFile /so/secret/path/.htpasswd AuthGroupFile /dev/null AuthName "Shoot the password" AuthType Basic <Limit GET POST> require specificuser </limit> <FilesMatch "^([_a-z0-9A-Z])+$"> RewriteEngine On RewriteRule (.*) /admin/index.n </FilesMatch> so I shall avoir this <Limit> keyword...? Actually I don't get why just specify that for GET and POST if someone arrive with a PUT does it mean it will let it pass?? Laurent |
htpasswd works only for valid-user
Mick a écrit :
On Monday 08 March 2010 19:48:12 Laurent Kappler wrote: Hi I'm using htpasswd to write the user password form my htaccess. It works only if I put "require valid-user" not if I put "require specificuser" any idea? Have you tried: AuthType Basic (or Digest) AuthUserFile /usr/local/apache/passwd/htpasswords Require user specificuser Make sure that the path to the htpasswords file is outside your webroot - you don't want visitors to be able to access it! it works with require valid-user, like it finds the htpasswd file. |
htpasswd works only for valid-user
Mick a écrit :
On Monday 08 March 2010 19:48:12 Laurent Kappler wrote: Hi I'm using htpasswd to write the user password form my htaccess. It works only if I put "require valid-user" not if I put "require specificuser" any idea? Have you tried: AuthType Basic (or Digest) AuthUserFile /usr/local/apache/passwd/htpasswords Require user specificuser Make sure that the path to the htpasswords file is outside your webroot - you don't want visitors to be able to access it! ;) ok got it it was Require user not Require user. Still my question about Limit GET POST ... it seems risky... thank you!! Laurent |
htpasswd works only for valid-user
On Tuesday 09 March 2010 15:50:11 Laurent Kappler wrote:
> Mick a écrit : > > On Monday 08 March 2010 19:48:12 Laurent Kappler wrote: > >> Hi > >> > >> I'm using htpasswd to write the user password form my htaccess. > >> > >> It works only if I put "require valid-user" not if I put "require > >> specificuser" > >> > >> any idea? > > > > Have you tried: > > > > AuthType Basic (or Digest) > > AuthUserFile /usr/local/apache/passwd/htpasswords > > Require user specificuser > > > > Make sure that the path to the htpasswords file is outside your webroot - > > you don't want visitors to be able to access it! > > I check the log file here is the line: > 77.54.124.11 - specificuser [09/Mar/2010:16:46:35 +0100] "GET /admin > HTTP/1.1" 401 472 > > it does not auth. > My .htaccess: > > AuthUserFile /so/secret/path/.htpasswd > AuthGroupFile /dev/null > AuthName "Shoot the password" > AuthType Basic > <Limit GET POST> > require specificuser > </limit> > > <FilesMatch "^([_a-z0-9A-Z])+$"> > RewriteEngine On > RewriteRule (.*) /admin/index.n > </FilesMatch> > > so I shall avoir this <Limit> keyword...? Actually I don't get why just > specify that for GET and POST if someone arrive with a PUT does it mean > it will let it pass?? Well, as I said you need to add type "user" after "Require" and before the name of the user, in your case specificuser: Required user specificuser Now, as the manual tells you the <Limit GET POST> means that the authentication mechanism applies only for GET POST requests sent to the server. It does not apply for any other type of requests. PUT, DELETE, COPY, etc will be allowed to get through. Instead you may want to limit access on part or all of the fs of your site; e.g. <Location /htdocs/my_website> Require user specificuser </Location> HTH. -- Regards, Mick |
| All times are GMT. The time now is 02:16 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.