Hi

I'm using htpasswd to write the user password form my htaccess.

It works only if I put "require valid-user" not if I put "require
specificuser"


any idea?

thx
Laurent

On Monday 08 March 2010 21:48:12 Laurent Kappler wrote:
> Hi
>
> I'm using htpasswd to write the user password form my htaccess.
>
> It works only if I put "require valid-user" not if I put "require
> specificuser"
>
> any idea?

It should work, if everything else is correct. With that in mind,


What do you mean by "doesn't work?" i.e. what exact error is in the logs as
the reason for the failure.

Also, please provide the relevant config for the directory in question?

--
alan dot mckinnon at gmail dot com

On Monday 08 March 2010 19:48:12 Laurent Kappler wrote:
> Hi
>
> I'm using htpasswd to write the user password form my htaccess.
>
> It works only if I put "require valid-user" not if I put "require
> specificuser"
>
> any idea?

Have you tried:

AuthType Basic (or Digest)
AuthUserFile /usr/local/apache/passwd/htpasswords
Require user specificuser

Make sure that the path to the htpasswords file is outside your webroot - you
don't want visitors to be able to access it!
--
Regards,
Mick

Alan McKinnon <alan.mckinnon@gmail.com> writes:

> On Monday 08 March 2010 21:48:12 Laurent Kappler wrote:
>> Hi
>>
>> I'm using htpasswd to write the user password form my htaccess.
>>
>> It works only if I put "require valid-user" not if I put "require
>> specificuser"
>>
>> any idea?
>
> It should work, if everything else is correct. With that in mind,
>
>
> What do you mean by "doesn't work?" i.e. what exact error is in the logs as
> the reason for the failure.
>
> Also, please provide the relevant config for the directory in question?

also... what is in .htaccess (with any sensitive data x'ed out)

Mick a écrit :

On Monday 08 March 2010 19:48:12 Laurent Kappler wrote:


Hi

I'm using htpasswd to write the user password form my htaccess.

It works only if I put "require valid-user" not if I put "require
specificuser"

any idea?



Have you tried:

AuthType Basic (or Digest)
AuthUserFile /usr/local/apache/passwd/htpasswords
Require user specificuser

Make sure that the path to the htpasswords file is outside your webroot - you
don't want visitors to be able to access it!


I check the log file here is the line:
77.54.124.11 - specificuser [09/Mar/2010:16:46:35 +0100] "GET /admin
HTTP/1.1" 401 472


it does not auth.
My .htaccess:

AuthUserFile /so/secret/path/.htpasswd
AuthGroupFile /dev/null
AuthName "Shoot the password"
AuthType Basic
<Limit GET POST>
require specificuser
</limit>

<FilesMatch "^([_a-z0-9A-Z])+$">
RewriteEngine On
RewriteRule (.*) /admin/index.n
</FilesMatch>

so I shall avoir this <Limit> keyword...? Actually I don't get why just
specify that for GET and POST if someone arrive with a PUT does it mean
it will let it pass??


Laurent

Mick a écrit :

On Monday 08 March 2010 19:48:12 Laurent Kappler wrote:


Hi

I'm using htpasswd to write the user password form my htaccess.

It works only if I put "require valid-user" not if I put "require
specificuser"

any idea?



Have you tried:

AuthType Basic (or Digest)
AuthUserFile /usr/local/apache/passwd/htpasswords
Require user specificuser

Make sure that the path to the htpasswords file is outside your webroot - you
don't want visitors to be able to access it!


it works with require valid-user, like it finds the htpasswd file.

Mick a écrit :

On Monday 08 March 2010 19:48:12 Laurent Kappler wrote:


Hi

I'm using htpasswd to write the user password form my htaccess.

It works only if I put "require valid-user" not if I put "require
specificuser"

any idea?



Have you tried:

AuthType Basic (or Digest)
AuthUserFile /usr/local/apache/passwd/htpasswords
Require user specificuser

Make sure that the path to the htpasswords file is outside your webroot - you
don't want visitors to be able to access it!


ok got it

it was Require user not Require user.

Still my question about Limit GET POST ... it seems risky...

thank you!!
Laurent

On Tuesday 09 March 2010 15:50:11 Laurent Kappler wrote:
> Mick a écrit :
> > On Monday 08 March 2010 19:48:12 Laurent Kappler wrote:
> >> Hi
> >>
> >> I'm using htpasswd to write the user password form my htaccess.
> >>
> >> It works only if I put "require valid-user" not if I put "require
> >> specificuser"
> >>
> >> any idea?
> >
> > Have you tried:
> >
> > AuthType Basic (or Digest)
> > AuthUserFile /usr/local/apache/passwd/htpasswords
> > Require user specificuser
> >
> > Make sure that the path to the htpasswords file is outside your webroot -
> > you don't want visitors to be able to access it!
>
> I check the log file here is the line:
> 77.54.124.11 - specificuser [09/Mar/2010:16:46:35 +0100] "GET /admin
> HTTP/1.1" 401 472
>
> it does not auth.
> My .htaccess:
>
> AuthUserFile /so/secret/path/.htpasswd
> AuthGroupFile /dev/null
> AuthName "Shoot the password"
> AuthType Basic
> <Limit GET POST>
> require specificuser
> </limit>
>
> <FilesMatch "^([_a-z0-9A-Z])+$">
> RewriteEngine On
> RewriteRule (.*) /admin/index.n
> </FilesMatch>
>
> so I shall avoir this <Limit> keyword...? Actually I don't get why just
> specify that for GET and POST if someone arrive with a PUT does it mean
> it will let it pass??

Well, as I said you need to add type "user" after "Require" and before the
name of the user, in your case specificuser:

Required user specificuser

Now, as the manual tells you the <Limit GET POST> means that the
authentication mechanism applies only for GET POST requests sent to the
server. It does not apply for any other type of requests. PUT, DELETE, COPY,
etc will be allowed to get through. Instead you may want to limit access on
part or all of the fs of your site; e.g.

<Location /htdocs/my_website>
Require user specificuser
</Location>

HTH.
--
Regards,
Mick