Apache Authentication Questions

Server Config
1

This is my first time playing with Apache. I have successfully setup Apache 2.2 on my windows machine as localhost. I have read plenty of tutorials, but cant get the .htaccess to work properly.

I used the htpasswd utility to set up the password and user name.
“c:\Apache2.2\passwd\password”

I then created the .htaccess file and saved it in my root.
“c:\Apache2.2\htdocs\.htaccess”

I changed the config file to AllowOveride AuthConfig

here is the .htaccess file I created

AuthType Basic
AuthName “Restricted area please log in”
AuthUserFile “c:\Apache2.2\passwd\password”

<Limit GET POST PUT>
require valid-user
</Limit>

When I go to localhost I can view the index page, but there is no user authentication. I also tried to change the directory in the config file, and there is no user authentication. I’m not sure what the problem is. I’m open to any sugestions, but my knowledge is limited. Thanks.

2 

ServerRoot "C:/Apache2.2"

Listen 80

LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule setenvif_module modules/mod_setenvif.so

<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User daemon
Group daemon

</IfModule>
</IfModule>


ServerAdmin webmaster@localhost


DocumentRoot "C:/Apache2.2/htdocs"

<Directory \\>
Options FollowSymLinks
AllowOverride AuthConfig
Order deny,allow
Deny from all
</Directory>


<Directory "C:/Apache2.2/htdocs">
Options Indexes FollowSymLinks

AllowOverride None

Order allow,deny
Allow from all

</Directory>

<IfModule dir_module>
DirectoryIndex index.html
</IfModule>

<FilesMatch "^\\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>

ErrorLog "logs/error.log"

LogLevel warn

<IfModule log_config_module>
LogFormat "&#37;h %l %u %t \\"%r\\" %>s %b \\"%{Referer}i\\" \\"%{User-Agent}i\\"" combined
LogFormat "%h %l %u %t \\"%r\\" %>s %b" common

<IfModule logio_module>
LogFormat "%h %l %u %t \\"%r\\" %>s %b \\"%{Referer}i\\" \\"%{User-Agent}i\\" %I %O" combinedio
</IfModule>

CustomLog "logs/access.log" common

</IfModule>

<IfModule alias_module>


ScriptAlias /cgi-bin/ "C:/Apache2.2/cgi-bin/"

</IfModule>

<IfModule cgid_module>
</IfModule>

<Directory "C:/Apache2.2/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>

DefaultType text/plain

<IfModule mime_module>
TypesConfig conf/mime.types

AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz

</IfModule>

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
3

You did create the password file using the appropriate tools I assume (e.g. htpasswd) ?
If so, could you post you httpd.conf ? Should be in the Apache dir somewhere (most probably in a \conf directory)

4

The problem is here:


<Directory "C:/Apache2.2/htdocs">
Options Indexes FollowSymLinks

[COLOR="Red"]AllowOverride None[/COLOR]

Order allow,deny
Allow from all

</Directory>

That line in red cause Apache not to process any .htaccess files.

Change to AllowOverride AuthConfig to enable Authentication in .htaccess files, or change it to AllowOverride All to enable everything.

AllowOverride: http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride

:slight_smile:

PS. Make sure to restart Apache when you changed the httpd.conf, otherwise the changes won’t take effect

5

I’m NOT an expert on the raw password authorization codes but suggest that you look at:

  1. Using M$ backslashes - Apache understands the OS it’s working on so it converts the /'s whenever necessary.

  2. Where is ‘valid-user’ defined.

I’ll refer you (for the time being) to http://apache.org to use their search function.

Regards,

DK

6

Thanks for your reply. I thought it might have something to do with the .htaccess file. I posted the entire file I created in the original post.

Here is is again:

AuthType Basic
AuthName “This is a private area, please log in”
AuthUserFile “c:\Apache2.2\passwd\password”

<Limit GET POST PUT>
require valid-user
</Limit>

7

sknatl,

A 500 error is the polite way to say “syntax error” in your .htaccess. You’ll need to show what you have now to have us review and comment.

Regards,

DK

8

Thanks a lot ScallioXTX. I was a bit unsure witch <directory> the setting were in. The authentication worked once. Now I’m getting a 500 server error.