Ask Me Help Desk - Apache User Authentication issue.please help

Apache User Authentication issue.pls help

I'm trying to restrict access to a directory on my apache webserver. Before I go into detail I'll show what I've got so far.

I've successfully created the Password file.

Here's the code in httpd.conf

DocumentRoot "C:/Program Files/Apache Group/Apache2/htdocs"
...
...
<Directory />
Options FollowSymLinks
AllowOverride AuthConfig Indexes
</Directory>
...
...
<Directory "C:/Program Files/Apache Group/Apache2/htdocs/thewedding">
AllowOverride AuthConfig
Options FollowSymLinks
</Directory>

Here's the .htaccess file.
"
AuthType Basic
AuthName "test User Authentication"
AuthUserFile "C:/Program Files/Apache Group/Apache2/conf/passwords"
Require valid-user
"

Okay.. looks good right? Well here's the problem. When I open index.html in the root directory, I get prompted for a password. (which I don't want.) If I cancel the authentication request, the index.html is displayed.

When I click the link n the index.html that takes me to the restricted directory, I get prompted again for password, and this time I need it. If I cancel I get the authentication error. If I supply the password I can access the directory.

So my authentication works for the sub directory, but it's also prompting for the root directory although it doesn't authenticate.

Any ideas?

Thanks.

Your <Directory> tags look a little short to me. I'm not 100% as I haven't seen an apache conf file in a while, but should there be some Allow... / Deny... lines?

Are you sure you don't have any additional authorization stuff in your httpd.conf?

Are you sure you don't have another .htaccess file in your document root directory?

Are you sure you put the .htaccess file in the right place?

What happens if you change

Code:

AllowOverride AuthConfig Indexes

To

Code:

AllowOverride None

Thanks for the suggestions. But is I change my allow override to

AllowOverride none, then .htaccess files won't work. It's required for the .htaccess. That being said, I've tried defining the authentication in the httpd.conf file and deleting the .htaccess file. I have the same problem.

As for the other reply asking about the allow deny line, that is for restricting which ip addresses/hosts can access the server, it doesn't pertain to the authentication. (according to the documentation.) Either way I've tried this too without luck.

Thanks for the suggestions. Unfortunately neither helped.

If anyone else can help I'd appreciate it.

Here's a thought, do I have to specifically indicate that the root does not require authentication? Normally inheritance does down the levels not up, but could this be a bug in apache?

Quote:

Originally Posted by F1_Fan

could this be a bug in apache?

No.

Could you post your entire httpd.conf?

Quote:

Originally Posted by psi42

Could you post your entire httpd.conf?

Here you go.. Thanks for your help.

Code:

### Section 1: Global Environment ServerRoot "C:/Program Files/Apache Group/Apache2" PidFile logs/httpd.pid Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 15 <IfModule mpm_winnt.c> ThreadsPerChild 250 MaxRequestsPerChild 0 </IfModule> Listen 80 # LoadModule access_module modules/mod_access.so LoadModule actions_module modules/mod_actions.so LoadModule alias_module modules/mod_alias.so LoadModule asis_module modules/mod_asis.so LoadModule auth_module modules/mod_auth.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule cgi_module modules/mod_cgi.so LoadModule dir_module modules/mod_dir.so LoadModule env_module modules/mod_env.so LoadModule imap_module modules/mod_imap.so LoadModule include_module modules/mod_include.so LoadModule isapi_module modules/mod_isapi.so LoadModule log_config_module modules/mod_log_config.so LoadModule mime_module modules/mod_mime.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule userdir_module modules/mod_userdir.so ServerAdmin [email protected] ServerName DT07061:80 UseCanonicalName Off DocumentRoot "C:/Program Files/Apache Group/Apache2/htdocs" <Directory /> Options FollowSymLinks AllowOverride None AuthAuthoritative Off </Directory> <Location /> Options FollowSymLinks AllowOverride None AuthAuthoritative Off </Location> <Directory "C:/Program Files/Apache Group/Apache2/htdocs"> Options Indexes FollowSymLinks AllowOverride None Order deny,allow Allow from all AuthAuthoritative Off </Directory> UserDir "My Documents/My Website" <Directory "C:/Program Files/Apache Group/Apache2/htdocs/thewedding"> AuthType Basic AuthName "test User Authentication" AuthUserFile "C:/Program Files/Apache Group/Apache2/conf/passwords" Require valid-user </Directory> DirectoryIndex index.html index.html.var AccessFileName .htaccess <Files ~ "^\.ht"> Order allow,deny Deny from all </Files> TypesConfig conf/mime.types DefaultType text/plain <IfModule mod_mime_magic.c> MIMEMagicFile conf/magic </IfModule> HostnameLookups Off ErrorLog logs/error.log LogLevel warn LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent CustomLog logs/access.log common ServerTokens Full ServerSignature On Alias /icons/ "C:/Program Files/Apache Group/Apache2/icons/" <Directory "C:/Program Files/Apache Group/Apache2/icons"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "C:/Program Files/Apache Group/Apache2/manual$1" <Directory "C:/Program Files/Apache Group/Apache2/manual"> Options Indexes AllowOverride None Order allow,deny Allow from all <Files *.html> SetHandler type-map </Files> SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|ru)/ prefer-language=$1 RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2 </Directory> ScriptAlias /cgi-bin/ "C:/Program Files/Apache Group/Apache2/cgi-bin/" <Directory "C:/Program Files/Apache Group/Apache2/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> IndexOptions FancyIndexing VersionSort AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip AddIconByType (TXT,/icons/text.gif) text/* AddIconByType (IMG,/icons/image2.gif) image/* AddIconByType (SND,/icons/sound2.gif) audio/* AddIconByType (VID,/icons/movie.gif) video/* AddIcon /icons/binary.gif .bin .exe AddIcon /icons/binhex.gif .hqx AddIcon /icons/tar.gif .tar AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip AddIcon /icons/a.gif .ps .ai .eps AddIcon /icons/layout.gif .html .shtml .htm .pdf AddIcon /icons/text.gif .txt AddIcon /icons/c.gif .c AddIcon /icons/p.gif .pl .py AddIcon /icons/f.gif .for AddIcon /icons/dvi.gif .dvi AddIcon /icons/uuencoded.gif .uu AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl AddIcon /icons/tex.gif .tex AddIcon /icons/bomb.gif core AddIcon /icons/back.gif .. AddIcon /icons/hand.right.gif README AddIcon /icons/folder.gif ^^DIRECTORY^^ AddIcon /icons/blank.gif ^^BLANKICON^^ DefaultIcon /icons/unknown.gif ReadmeName README.html HeaderName HEADER.html IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t AddLanguage ca .ca AddLanguage cs .cz .cs AddLanguage da .dk AddLanguage de .de AddLanguage el .el AddLanguage en .en AddLanguage eo .eo AddLanguage es .es AddLanguage et .et AddLanguage fr .fr AddLanguage he .he AddLanguage hr .hr AddLanguage it .it AddLanguage ja .ja AddLanguage ko .ko AddLanguage ltz .ltz AddLanguage nl .nl AddLanguage nn .nn AddLanguage no .no AddLanguage pl .po AddLanguage pt .pt AddLanguage pt-BR .pt-br AddLanguage ru .ru AddLanguage sv .sv AddLanguage zh-CN .zh-cn AddLanguage zh-TW .zh-tw LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW ForceLanguagePriority Prefer Fallback AddCharset ISO-8859-1 .iso8859-1 .latin1 AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen AddCharset ISO-8859-3 .iso8859-3 .latin3 AddCharset ISO-8859-4 .iso8859-4 .latin4 AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk AddCharset ISO-2022-JP .iso2022-jp .jis AddCharset ISO-2022-KR .iso2022-kr .kis AddCharset ISO-2022-CN .iso2022-cn .cis AddCharset Big5 .Big5 .big5 # For russian, more than one charset is used (depends on client, mostly): AddCharset WINDOWS-1251 .cp-1251 .win-1251 AddCharset CP866 .cp866 AddCharset KOI8-r .koi8-r .koi8-ru AddCharset KOI8-ru .koi8-uk .ua AddCharset ISO-10646-UCS-2 .ucs2 AddCharset ISO-10646-UCS-4 .ucs4 AddCharset UTF-8 .utf8 AddCharset GB2312 .gb2312 .gb AddCharset utf-7 .utf7 AddCharset utf-8 .utf8 AddCharset big5 .big5 .b5 AddCharset EUC-TW .euc-tw AddCharset EUC-JP .euc-jp AddCharset EUC-KR .euc-kr AddCharset shift_jis .sjis AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddHandler type-map var BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully BrowserMatch "^WebDrive" redirect-carefully BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully BrowserMatch "^gnome-vfs" redirect-carefully <IfModule mod_ssl.c> Include conf/ssl.conf </IfModule> ### Section 3: Virtual Hosts # # VirtualHost: If you want to maintain multiple domains/hostnames on your # machine you can setup VirtualHost containers for them. Most configurations # use only name-based virtual hosts so the server doesn't need to worry about # IP addresses. This is indicated by the asterisks in the directives below. # # Please see the documentation at # <URL:http://httpd.apache.org/docs-2.0/vhosts/> # for further details before you try to setup virtual hosts. # # You may use the command line option '-S' to verify your virtual host # configuration. # # Use name-based virtual hosting. # #NameVirtualHost *:80 # # VirtualHost example: # Almost any Apache directive may go into a VirtualHost container. # The first VirtualHost section is used for requests without a known # server name. # #<VirtualHost *:80> # ServerAdmin [email protected] # DocumentRoot /www/docs/dummy-host.example.com # ServerName dummy-host.example.com # ErrorLog logs/dummy-host.example.com-error_log # CustomLog logs/dummy-host.example.com-access_log common #</VirtualHost>

Problem Solved!

I'm almost embarrassed to post this, but since this may help others, I am swallowing my pride.

First thing first. I deleted all my .htaccess files and then the httpd.conf. I then recreated the httpd.conf from httpd.conf.default. I added the following lines to by <Directory> directive

Code:

AuthType Basic AuthName "Assyst Reports" AuthUserFile "C:/Program Files/Apache Group/Apache2/conf/passwords" Require valid-user

Once I did this and restarted Apache, I started getting this error.

Quote:

configuration error: couldn't check user. No user file?:

I recreated the htpasswd file and that went away. Now my original problem came back. I was about to throw in the towel when it dawned on me.

Typical case of: PEBKAC or S.U.S if you prefer.

My index.html in the htdocs directory contained a reference to a resource with in the protected directory, (a style sheet, in this case), so I was getting authentication prompts so apache could load the style sheet. When I hit cancel, the index.html still loaded since it wasn't restricted. I didn't notice that the style sheet didn't load. When I went to the protected directory and cancelled I'd get a forbidden error because I failed to log on.

So, this whoe thing was "Stupid User Syndrome"!