Results 1 to 3 of 3

Thread: apache2 and .htaccess

  1. #1

    Default apache2 and .htaccess

    Is there any way to tell Apache2 to prompt for username and password
    when it sees a .htaccess file in a directory?

    At the moment, I need to define the directory in the following
    fashion in Apache2 conf file but it becomes a problem as I have thousands of directories that needs .htaccess files.

    For example, assuming /website is DirectoryRoot then protect /website/a1, /website/b2 etc. I am aware of the fact that protecting one directory would protect all directories below it.


    Code:
    <Directory "/website/dir">
    AllowOverride All
    Options Indexes
    Order allow,deny
    Allow from all
    AuthUserFile /website/dir/.htaccess
    </Directory>
    Here is my .htaccess file

    Code:
    AuthName "Restricted"
    AuthType Basic
    AuthLDAPURL ldap://ad.company.com:389/ou=marketing,dc=company,dc=com?sAMAccountName?sub
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative off
    require valid-user
    In /etc/apache2/default-server.conf, I have changed

    Code:
    DocumentRoot "/srv/www/htdocs"
    <Directory "/srv/www/htdocs/">
    Options None
    AllowOverride None
    Order allow,deny
    Allow from all
    </Directory>

    to

    Code:
    DocumentRoot "/website"
    <Directory "/website/">
    Options None
    AllowOverride All
    Order allow,deny
    Allow from all
    </Directory>
    but it don't seem to work. Thanks for any help.

  2. #2
    Camalen NNTP User

    Default Re: apache2 and .htaccess

    henders254 wrote:

    > Is there any way to tell Apache2 to prompt for username and password
    > when it sees a .htaccess file in a directory?


    Apache site has a very good faq on this subject. Just take a look to check
    for any missing step (assuming apache 2.2):

    ***
    Authentication, Authorization and Access Control
    http://httpd.apache.org/docs/2.2/howto/auth.html
    ***

    Greetings,

    --
    Camalen

  3. #3
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: apache2 and .htaccess

    I just noticed from this line that you misunderstand the AuthUserFile directive:

    Code:
    AuthUserFile /website/dir/.htaccess
    The AuthUserFile contains the usernames and passwords. However a .htaccess file is not meant to hold that, and you seem to understand that. Rather a .htaccess file contains Apache directives, similar to those in httpd.conf but only a subset of the directives is allowed.

    In fact the AuthUserFile should not be located within the web content directories, otherwise it could be fetched by web client and then all your passwords are known.

    If you had wanted to change the "htaccess" file from the default of .htaccess, the directive you want is AccessFileName. Since you are already using .htaccess, you don't need such a directive.

    So remove the AuthUserFile directive and look for the reason it's not paying attention to your LDAP directives. Do you have the ldap auth module loaded and are the directives correct? Check those things.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •