KevinReichard
07-17-2002, 02:47 PM
These talkbacks are in response to the article Using .htaccess Files with Apache (http://www.serverwatch.com/stypes/servers/article.php/1127711).
Sandi writes:
My .htaccess was working fine until I tried to add the group file directive, AuthGroupFile. I created the AuthGroupFile, and it looks like this:
sa:username1,username2
When I try to login as either of these users, which are valid users, I get a 401 Authorization Required. My require looks like this:
require group sa
Anyone have any idea what I might be missing?
Rainer Jentgens responds:
Yes - Try to use
sa:username1 username2
instead of
sa:username1,username2
Does it work? - Rainer
Ronald Frederick responds:
You have to leave spaces between the user names in the group file.
m writes:
Can anyone tell me how I change the page someone is sent to if they enter the wrong password for my password protected areas (as controlled by .htaccess and .htpasswd files)?
Afkamm responds:
Try putting this at the end of your .htaccess file.
ErrorDocument 401 /Unauthorized.html
or
ErrorDocument 401 http://www.domain.com/Unauthorized.html
As long as the error document is on the same server it should work.
Khozeima Faizullabhoy
I was successful in setting up the user name/password authentication and thought it would be useful to share with all the members of this forum.
1. Created a directory called secure under c:\ and copied the program C:\Program Files\Apache Group\Apache\bin\htpasswd.exe to it.
2. After going to the command prompt i executed the above program
htpasswd -c .htpasswd buddy
Here i was prompted to enter the password twice.
This created a file called .htpasswd under c:\secure
3. Now to secure the directory c:\mystuff\docs i created a file called .htaccess
and the added the following lines
satisfy all
AuthUserFile c:/secure/.htpasswd
AuthGroupFile null
AuthName "Only For Me"
AuthType Basic
require user buddy
I had mapped c:\mystuff as my default document directory.
This set it all up. So when i tried http://localhost/docs it prompted me to enter a user name and password.
Hope this helps anybody trying to set up this feature.
Diana Velasquez writes
Okay - I love this idea but how can I change the file from .htaccess.txt to .htaccess? I've tried changing the file type in Notepad, Wordpad, Frontpage and Word and none of these applications will let me remove the .txt
How do you guys do it?
Peter responds:
Don't worry about the name of the file containing your htaccess directives. You can call it anything you like, while you're editing it.
Just ftp your '.htaccess.txt' file to the required directory on the server and rename it there, to '.htaccess'.
Michael Wihsböck writes:
My provider only supports .php3 for php files but I would like to have a .php extension for php files. Is it possible to handle this problem with .htaccess ?
micha responds:
hi michael,
if your php-version=3.x try one this line:
AddType application/x-httpd-php3 .php
if your php-version=4.x try one this line:
AddType application/x-httpd-php .php
Art Minds writes:
Does anyone have a solution for the language to include in an .htaccess file that will prohibit images from being served up to any web pages other than the web pages that exist in my web site? I'm attempting to keep others from posting links to my images and poaching my bandwidth, which I am charged dearly for.
danae responds:,/I]
Put the following htaccess file in your images directory :
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomainip.* [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomain.comip:80.* [NC]
RewriteRule /* http://www.domain.com/redirectpage.html [R,L]
[I]Stuart writes:
I have read the tutorial on .htaccess files, but it doesnt seem to explain how to create usernames and passwords! I am running Apache on a linux system. It is possible to specify in the .htaccess file what 'password' file to use (similar to /etc/passwd), but how do I create a password file??
Philip Handley responds
You have to use the htpasswd command. the command should reside in apache's bin directory. run it with something like:
htpasswd -c /path/to/.htpasswd usernameyouwant
It will then prompt you for a password. It will write
usernameyouwant:encriptedversionofpassword into the file /path/to/.htpasswd
If you want to add anothername to this file, omit the -c option (c "creates"
the password file, and will overwrite previous entries).
Joe responds:
In the directory you want to protect, create a file called .htaccess. It should look something like this.
AuthUserFile /usr/www/dirname/.htpasswd
AuthGroupFile /dev/null
AuthName "The Secret Page"
AuthType Basic
require valid-user
Next, change the path at "AuthUserFile" to be the path of the dir you're protecting. (plus the .htpasswd filename)
Run htpasswd -c .htpasswd user_name (where user_name is a name)
You'll then be prompted for a passwd to enter and once again for verification.
You can add users to this .htpasswd file by running the htpasswd command over again, but it is only necessary to use the "-c" option when creating an htpasswd file for the first time. To disable, simply remove the .htpasswd file.
jason writes:
I have several perl scripts that live in my httpd/cgi-bin/*.pl directory. I would like to use .htaccess for authentication, however when I tried it, the htaccess file is ignored. is this possible?
Marcel responds:
Most likely you have set "Allowoverride None" in "httpd.conf" for your cgi-bin directory. This setting disables .htaccess files.
jminadeo writes:
i am attempting to use .htaccess files to password protect a website. i have set up the user file and i am pointing to it with directives on the .htaccess file. everything seems in order and when i hit the pages with a browser, i am prompted BUT when i enter the username and password, it rejects it. i have tried from multiple client machines and different browsers. what am i doing wrong?
Manuel responds:
you must fill in the full path name e.g.
/var/www/virtual/your/path/to/.htpasswd
danny
what htpaccess.exe did you use?
it has to be under the same platform
Paul V responds:
I picked up on your e-mail as I was suffering with the same prob..... but on NT.
I typed in the FULL Path i.e
AuthuserFile C:\webserver\htdocs\private\ht.acl
And low and behold... IT WORKED
Andre writes:
I have an Apache web-server. On it is installed PHP4. But php-commands executes only in files with php-extentions. But in htm and html files PHP commands doesn't executs. Is it possible to hanle tis problem with .htaccess and httpd.conf?
earthsci responds:
It is easy, but may not be recommened.
add the following in httpd.conf
AddType application/x-httpd-php .html
erich responds:
add this to your .htaccess file
AddType application/x-httpd-php .php3 .phtml .php .php4 .html .htm
that will send html files to the php parser also.
Sandi writes:
My .htaccess was working fine until I tried to add the group file directive, AuthGroupFile. I created the AuthGroupFile, and it looks like this:
sa:username1,username2
When I try to login as either of these users, which are valid users, I get a 401 Authorization Required. My require looks like this:
require group sa
Anyone have any idea what I might be missing?
Rainer Jentgens responds:
Yes - Try to use
sa:username1 username2
instead of
sa:username1,username2
Does it work? - Rainer
Ronald Frederick responds:
You have to leave spaces between the user names in the group file.
m writes:
Can anyone tell me how I change the page someone is sent to if they enter the wrong password for my password protected areas (as controlled by .htaccess and .htpasswd files)?
Afkamm responds:
Try putting this at the end of your .htaccess file.
ErrorDocument 401 /Unauthorized.html
or
ErrorDocument 401 http://www.domain.com/Unauthorized.html
As long as the error document is on the same server it should work.
Khozeima Faizullabhoy
I was successful in setting up the user name/password authentication and thought it would be useful to share with all the members of this forum.
1. Created a directory called secure under c:\ and copied the program C:\Program Files\Apache Group\Apache\bin\htpasswd.exe to it.
2. After going to the command prompt i executed the above program
htpasswd -c .htpasswd buddy
Here i was prompted to enter the password twice.
This created a file called .htpasswd under c:\secure
3. Now to secure the directory c:\mystuff\docs i created a file called .htaccess
and the added the following lines
satisfy all
AuthUserFile c:/secure/.htpasswd
AuthGroupFile null
AuthName "Only For Me"
AuthType Basic
require user buddy
I had mapped c:\mystuff as my default document directory.
This set it all up. So when i tried http://localhost/docs it prompted me to enter a user name and password.
Hope this helps anybody trying to set up this feature.
Diana Velasquez writes
Okay - I love this idea but how can I change the file from .htaccess.txt to .htaccess? I've tried changing the file type in Notepad, Wordpad, Frontpage and Word and none of these applications will let me remove the .txt
How do you guys do it?
Peter responds:
Don't worry about the name of the file containing your htaccess directives. You can call it anything you like, while you're editing it.
Just ftp your '.htaccess.txt' file to the required directory on the server and rename it there, to '.htaccess'.
Michael Wihsböck writes:
My provider only supports .php3 for php files but I would like to have a .php extension for php files. Is it possible to handle this problem with .htaccess ?
micha responds:
hi michael,
if your php-version=3.x try one this line:
AddType application/x-httpd-php3 .php
if your php-version=4.x try one this line:
AddType application/x-httpd-php .php
Art Minds writes:
Does anyone have a solution for the language to include in an .htaccess file that will prohibit images from being served up to any web pages other than the web pages that exist in my web site? I'm attempting to keep others from posting links to my images and poaching my bandwidth, which I am charged dearly for.
danae responds:,/I]
Put the following htaccess file in your images directory :
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomainip.* [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomain.comip:80.* [NC]
RewriteRule /* http://www.domain.com/redirectpage.html [R,L]
[I]Stuart writes:
I have read the tutorial on .htaccess files, but it doesnt seem to explain how to create usernames and passwords! I am running Apache on a linux system. It is possible to specify in the .htaccess file what 'password' file to use (similar to /etc/passwd), but how do I create a password file??
Philip Handley responds
You have to use the htpasswd command. the command should reside in apache's bin directory. run it with something like:
htpasswd -c /path/to/.htpasswd usernameyouwant
It will then prompt you for a password. It will write
usernameyouwant:encriptedversionofpassword into the file /path/to/.htpasswd
If you want to add anothername to this file, omit the -c option (c "creates"
the password file, and will overwrite previous entries).
Joe responds:
In the directory you want to protect, create a file called .htaccess. It should look something like this.
AuthUserFile /usr/www/dirname/.htpasswd
AuthGroupFile /dev/null
AuthName "The Secret Page"
AuthType Basic
require valid-user
Next, change the path at "AuthUserFile" to be the path of the dir you're protecting. (plus the .htpasswd filename)
Run htpasswd -c .htpasswd user_name (where user_name is a name)
You'll then be prompted for a passwd to enter and once again for verification.
You can add users to this .htpasswd file by running the htpasswd command over again, but it is only necessary to use the "-c" option when creating an htpasswd file for the first time. To disable, simply remove the .htpasswd file.
jason writes:
I have several perl scripts that live in my httpd/cgi-bin/*.pl directory. I would like to use .htaccess for authentication, however when I tried it, the htaccess file is ignored. is this possible?
Marcel responds:
Most likely you have set "Allowoverride None" in "httpd.conf" for your cgi-bin directory. This setting disables .htaccess files.
jminadeo writes:
i am attempting to use .htaccess files to password protect a website. i have set up the user file and i am pointing to it with directives on the .htaccess file. everything seems in order and when i hit the pages with a browser, i am prompted BUT when i enter the username and password, it rejects it. i have tried from multiple client machines and different browsers. what am i doing wrong?
Manuel responds:
you must fill in the full path name e.g.
/var/www/virtual/your/path/to/.htpasswd
danny
what htpaccess.exe did you use?
it has to be under the same platform
Paul V responds:
I picked up on your e-mail as I was suffering with the same prob..... but on NT.
I typed in the FULL Path i.e
AuthuserFile C:\webserver\htdocs\private\ht.acl
And low and behold... IT WORKED
Andre writes:
I have an Apache web-server. On it is installed PHP4. But php-commands executes only in files with php-extentions. But in htm and html files PHP commands doesn't executs. Is it possible to hanle tis problem with .htaccess and httpd.conf?
earthsci responds:
It is easy, but may not be recommened.
add the following in httpd.conf
AddType application/x-httpd-php .html
erich responds:
add this to your .htaccess file
AddType application/x-httpd-php .php3 .phtml .php .php4 .html .htm
that will send html files to the php parser also.