Ask Experts Questions for FREE Help !
    F1_Fan's Avatar
    F1_Fan Posts: 4, Reputation: 1
    New Member

    May 11, 2005, 12:26 PM
    Apache User Authentication issue.pls help
    I'm trying to restrict access to a directory on my apache webserver. Before I go into detail I'll show what I've got so far.

    I've successfully created the Password file.

    Here's the code in httpd.conf

    DocumentRoot "C:/Program Files/Apache Group/Apache2/htdocs"
    <Directory />
    Options FollowSymLinks
    AllowOverride AuthConfig Indexes
    <Directory "C:/Program Files/Apache Group/Apache2/htdocs/thewedding">
    AllowOverride AuthConfig
    Options FollowSymLinks

    Here's the .htaccess file.
    AuthType Basic
    AuthName "test User Authentication"
    AuthUserFile "C:/Program Files/Apache Group/Apache2/conf/passwords"
    Require valid-user

    Okay.. looks good right? Well here's the problem. When I open index.html in the root directory, I get prompted for a password. (which I don't want.) If I cancel the authentication request, the index.html is displayed.

    When I click the link n the index.html that takes me to the restricted directory, I get prompted again for password, and this time I need it. If I cancel I get the authentication error. If I supply the password I can access the directory.

    So my authentication works for the sub directory, but it's also prompting for the root directory although it doesn't authenticate.

    Any ideas?

    LTheobald's Avatar
    LTheobald Posts: 1,051, Reputation: 127
    Ultra Member

    May 12, 2005, 04:50 AM
    Your <Directory> tags look a little short to me. I'm not 100% as I haven't seen an apache conf file in a while, but should there be some Allow... / Deny... lines?
    psi42's Avatar
    psi42 Posts: 599, Reputation: 13
    Senior Member

    May 12, 2005, 06:24 AM
    Are you sure you don't have any additional authorization stuff in your httpd.conf?

    Are you sure you don't have another .htaccess file in your document root directory?

    Are you sure you put the .htaccess file in the right place?

    What happens if you change

    AllowOverride AuthConfig Indexes

    AllowOverride None
    F1_Fan's Avatar
    F1_Fan Posts: 4, Reputation: 1
    New Member

    May 12, 2005, 08:46 AM
    Thanks for the suggestions. But is I change my allow override to

    AllowOverride none, then .htaccess files won't work. It's required for the .htaccess. That being said, I've tried defining the authentication in the httpd.conf file and deleting the .htaccess file. I have the same problem.

    As for the other reply asking about the allow deny line, that is for restricting which ip addresses/hosts can access the server, it doesn't pertain to the authentication. (according to the documentation.) Either way I've tried this too without luck.

    Thanks for the suggestions. Unfortunately neither helped.

    If anyone else can help I'd appreciate it.

    Here's a thought, do I have to specifically indicate that the root does not require authentication? Normally inheritance does down the levels not up, but could this be a bug in apache?
    psi42's Avatar
    psi42 Posts: 599, Reputation: 13
    Senior Member

    May 17, 2005, 05:20 AM
    Quote Originally Posted by F1_Fan
    could this be a bug in apache?

    Could you post your entire httpd.conf?
    F1_Fan's Avatar
    F1_Fan Posts: 4, Reputation: 1
    New Member

    May 17, 2005, 08:01 AM
    Quote Originally Posted by psi42

    Could you post your entire httpd.conf?
    Here you go.. Thanks for your help.

    ### Section 1: Global Environment
    ServerRoot "C:/Program Files/Apache Group/Apache2"
    PidFile logs/
    Timeout 300
    KeepAlive On
    MaxKeepAliveRequests 100
    KeepAliveTimeout 15
    <IfModule mpm_winnt.c>
    ThreadsPerChild 250
    MaxRequestsPerChild  0
    Listen 80
    LoadModule access_module modules/
    LoadModule actions_module modules/
    LoadModule alias_module modules/
    LoadModule asis_module modules/
    LoadModule auth_module modules/
    LoadModule autoindex_module modules/
    LoadModule cgi_module modules/
    LoadModule dir_module modules/
    LoadModule env_module modules/
    LoadModule imap_module modules/
    LoadModule include_module modules/
    LoadModule isapi_module modules/
    LoadModule log_config_module modules/
    LoadModule mime_module modules/
    LoadModule negotiation_module modules/
    LoadModule setenvif_module modules/
    LoadModule userdir_module modules/
    ServerAdmin [email protected]
    ServerName DT07061:80
    UseCanonicalName Off
    DocumentRoot "C:/Program Files/Apache Group/Apache2/htdocs"
    <Directory />
        Options FollowSymLinks
        AllowOverride None
        AuthAuthoritative Off
    <Location />
        Options FollowSymLinks
        AllowOverride None
        AuthAuthoritative Off
    <Directory "C:/Program Files/Apache Group/Apache2/htdocs">
        Options Indexes FollowSymLinks
        AllowOverride None
        Order deny,allow
        Allow from all
        AuthAuthoritative Off
    UserDir "My Documents/My Website"
    <Directory "C:/Program Files/Apache Group/Apache2/htdocs/thewedding">
        AuthType Basic
        AuthName "test User Authentication"
        AuthUserFile "C:/Program Files/Apache Group/Apache2/conf/passwords"
        Require valid-user
    DirectoryIndex index.html index.html.var
    AccessFileName .htaccess
    <Files ~ "^\.ht">
        Order allow,deny
        Deny from all
    TypesConfig conf/mime.types
    DefaultType text/plain
    <IfModule mod_mime_magic.c>
        MIMEMagicFile conf/magic
    HostnameLookups Off
    ErrorLog logs/error.log
    LogLevel warn
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    LogFormat "%{Referer}i -> %U" referer
    LogFormat "%{User-agent}i" agent
    CustomLog logs/access.log common
    ServerTokens Full
    ServerSignature On
    Alias /icons/ "C:/Program Files/Apache Group/Apache2/icons/"
    <Directory "C:/Program Files/Apache Group/Apache2/icons">
        Options Indexes MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
    AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "C:/Program Files/Apache Group/Apache2/manual$1"
    <Directory "C:/Program Files/Apache Group/Apache2/manual">
        Options Indexes
        AllowOverride None
        Order allow,deny
        Allow from all
        <Files *.html>
            SetHandler type-map
        SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|ru)/ prefer-language=$1
        RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2
    ScriptAlias /cgi-bin/ "C:/Program Files/Apache Group/Apache2/cgi-bin/"
    <Directory "C:/Program Files/Apache Group/Apache2/cgi-bin">
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
    IndexOptions FancyIndexing VersionSort
    AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
    AddIconByType (TXT,/icons/text.gif) text/*
    AddIconByType (IMG,/icons/image2.gif) image/*
    AddIconByType (SND,/icons/sound2.gif) audio/*
    AddIconByType (VID,/icons/movie.gif) video/*
    AddIcon /icons/binary.gif .bin .exe
    AddIcon /icons/binhex.gif .hqx
    AddIcon /icons/tar.gif .tar
    AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
    AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
    AddIcon /icons/a.gif .ps .ai .eps
    AddIcon /icons/layout.gif .html .shtml .htm .pdf
    AddIcon /icons/text.gif .txt
    AddIcon /icons/c.gif .c
    AddIcon /icons/p.gif .pl .py
    AddIcon /icons/f.gif .for
    AddIcon /icons/dvi.gif .dvi
    AddIcon /icons/uuencoded.gif .uu
    AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
    AddIcon /icons/tex.gif .tex
    AddIcon /icons/bomb.gif core
    AddIcon /icons/back.gif ..
    AddIcon /icons/hand.right.gif README
    AddIcon /icons/folder.gif ^^DIRECTORY^^
    AddIcon /icons/blank.gif ^^BLANKICON^^
    DefaultIcon /icons/unknown.gif
    ReadmeName README.html
    HeaderName HEADER.html
    IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
    AddLanguage ca .ca
    AddLanguage cs .cz .cs
    AddLanguage da .dk
    AddLanguage de .de
    AddLanguage el .el
    AddLanguage en .en
    AddLanguage eo .eo
    AddLanguage es .es
    AddLanguage et .et
    AddLanguage fr .fr
    AddLanguage he .he
    AddLanguage hr .hr
    AddLanguage it .it
    AddLanguage ja .ja
    AddLanguage ko .ko
    AddLanguage ltz .ltz
    AddLanguage nl .nl
    AddLanguage nn .nn
    AddLanguage no .no
    AddLanguage pl .po
    AddLanguage pt .pt
    AddLanguage pt-BR .pt-br
    AddLanguage ru .ru
    AddLanguage sv .sv
    AddLanguage zh-CN .zh-cn
    AddLanguage zh-TW .zh-tw
    LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
    ForceLanguagePriority Prefer Fallback
    AddCharset ISO-8859-1  .iso8859-1 .latin1
    AddCharset ISO-8859-2  .iso8859-2 .latin2 .cen
    AddCharset ISO-8859-3  .iso8859-3 .latin3
    AddCharset ISO-8859-4  .iso8859-4 .latin4
    AddCharset ISO-8859-5  .iso8859-5 .latin5 .cyr .iso-ru
    AddCharset ISO-8859-6  .iso8859-6 .latin6 .arb
    AddCharset ISO-8859-7  .iso8859-7 .latin7 .grk
    AddCharset ISO-8859-8  .iso8859-8 .latin8 .heb
    AddCharset ISO-8859-9  .iso8859-9 .latin9 .trk
    AddCharset ISO-2022-JP .iso2022-jp .jis
    AddCharset ISO-2022-KR .iso2022-kr .kis
    AddCharset ISO-2022-CN .iso2022-cn .cis
    AddCharset Big5        .Big5       .big5
    # For russian, more than one charset is used (depends on client, mostly):
    AddCharset WINDOWS-1251 .cp-1251   .win-1251
    AddCharset CP866       .cp866
    AddCharset KOI8-r      .koi8-r .koi8-ru
    AddCharset KOI8-ru     .koi8-uk .ua
    AddCharset ISO-10646-UCS-2 .ucs2
    AddCharset ISO-10646-UCS-4 .ucs4
    AddCharset UTF-8       .utf8
    AddCharset GB2312      .gb2312 .gb
    AddCharset utf-7       .utf7
    AddCharset utf-8       .utf8
    AddCharset big5        .big5 .b5
    AddCharset EUC-TW      .euc-tw
    AddCharset EUC-JP      .euc-jp
    AddCharset EUC-KR      .euc-kr
    AddCharset shift_jis   .sjis
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddHandler type-map var
    BrowserMatch "Mozilla/2" nokeepalive
    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
    BrowserMatch "RealPlayer 4\.0" force-response-1.0
    BrowserMatch "Java/1\.0" force-response-1.0
    BrowserMatch "JDK/1\.0" force-response-1.0
    BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
    BrowserMatch "^WebDrive" redirect-carefully
    BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
    BrowserMatch "^gnome-vfs" redirect-carefully
    <IfModule mod_ssl.c>
        Include conf/ssl.conf
    ### Section 3: Virtual Hosts
    # VirtualHost: If you want to maintain multiple domains/hostnames on your
    # machine you can setup VirtualHost containers for them. Most configurations
    # use only name-based virtual hosts so the server doesn't need to worry about
    # IP addresses. This is indicated by the asterisks in the directives below.
    # Please see the documentation at
    # <URL:>
    # for further details before you try to setup virtual hosts.
    # You may use the command line option '-S' to verify your virtual host
    # configuration.
    # Use name-based virtual hosting.
    #NameVirtualHost *:80
    # VirtualHost example:
    # Almost any Apache directive may go into a VirtualHost container.
    # The first VirtualHost section is used for requests without a known
    # server name.
    #<VirtualHost *:80>
    #    ServerAdmin [email protected]
    #    DocumentRoot /www/docs/
    #    ServerName
    #    ErrorLog logs/
    #    CustomLog logs/ common
    F1_Fan's Avatar
    F1_Fan Posts: 4, Reputation: 1
    New Member

    Jun 9, 2005, 12:31 PM
    Problem Solved!
    I'm almost embarrassed to post this, but since this may help others, I am swallowing my pride.

    First thing first. I deleted all my .htaccess files and then the httpd.conf. I then recreated the httpd.conf from httpd.conf.default. I added the following lines to by <Directory> directive

        AuthType Basic
        AuthName "Assyst Reports"
        AuthUserFile "C:/Program Files/Apache Group/Apache2/conf/passwords"
        Require valid-user
    Once I did this and restarted Apache, I started getting this error.
    configuration error: couldn't check user. No user file?:
    I recreated the htpasswd file and that went away. Now my original problem came back. I was about to throw in the towel when it dawned on me.

    Typical case of: PEBKAC or S.U.S if you prefer.

    My index.html in the htdocs directory contained a reference to a resource with in the protected directory, (a style sheet, in this case), so I was getting authentication prompts so apache could load the style sheet. When I hit cancel, the index.html still loaded since it wasn't restricted. I didn't notice that the style sheet didn't load. When I went to the protected directory and cancelled I'd get a forbidden error because I failed to log on.

    So, this whoe thing was "Stupid User Syndrome"!

Not your question? Ask your question View similar questions


Question Tools Search this Question
Search this Question:

Advanced Search

Add your answer here.

Check out some similar questions!

Authorized user [ 4 Answers ]

I was made a authorized user by my daughter not even knowing about it.Then started getting phone calls from collection agency that I was responsible for the debt that has went unpaid. I explained I was only a authorized user not a co-signer and at the time the credit card was issued to my daughter...

User name and password [ 5 Answers ]

Hi everyone, When ever I used to join this forum, I would automatically join without having to type password or user name, I do this each time now and I don't know why it is as if I am not really a member now. Can you please clarify this problem for me Thanx:confused:

How to get the Location of a user [ 2 Answers ]

I want to know how can I retrieve the location of every user when they visit my website. Are there any built in ASP functions for it.

User objectives [ 1 Answers ]

Let's say I just took a huge loan from a bank, and I determined they were my most important user. When making my financial statements, I choose to maximize income (within the limits of GAAP). Why would this serve to be useful if I show these statements to the bank?

CGI for Apache - Premature end of script headers [ 13 Answers ]

I have a post form on my Web site in Common Gateway Interface (CGI) but when people click in order to post it, the message Premature end of script headers: mailform.cgi appears. If you'd like to see what I'm talking about please go to this page : How can I...

View more questions Search