Newb: Desperately need help to password protect a directory

[smartin]

EDIT:

(Please read the whole thread but I hope this is the solution...)

This is simplicity itself. Only took me just over two weeks

I am running Ubuntu server 8.04 LTS, set up with ISPc3.

I need to protect a folder /var/www/lockthisfolder . I want to use Digest authentication.

I created a directory "lockbydigest" in / to contain the htdigest file.

NOTE: Only use the -c flag the first time you create the htdigest file. Otherwise a new one will be created for you and you will lose the details of the existing users you have set up.

Code:

root@mybox:/lockbydigest# htdigest -c digest private myname
Adding password for myname in realm private.
New password: 
Re-type new password: 
root@mybox:/lockbydigest# ls
digest
root@mybox:/lockbydigest# locate lockthisfolder
/var/www/lockthisfolder
root@mybox:/var/www/lockthisfolder# touch .htaccess
root@mybox:/var/www/lockthisfolder# ls
pma
root@mybox:/var/www/lockthisfolder# ls -a
.  ..  .htaccess  pma
root@mybox:/var/www/lockthisfolder# sudo nano .htaccess
root@mybox:/var/www/lockthisfolder# /etc/init.d/apache2 restart
 * Restarting web server apache2
   ...done.
root@mybox:/var/www/lockthisfolder# exit

The /var/www/lockthisfolder/.htaccess file contains:

Code:

AuthType Digest
AuthName "private"
AuthDigestDomain /var/www/lockthisfolder http://www.my.servername.com/lockthisfolder
AuthUserFile /etc/apache2/lockbydigest/digest
Require valid-user

Restart apache

Code:

sudo /etc/init.d/apache2 restart

Be sure to do

Code:

sudo chown root:www-data digest
sudo chmod 640 .htaccess

on the digest file and the .htaccess file.

I think that was all I did! Look through the rest of the thread if something isn't working.

S


Hi,

(Starting this here as it's probably to do with the ISPc3 htaccess file...?)

I urgently need to password protect a directory and seem to be getting things wrong, as usual...

I'm running Ubuntu 8.04 LTS server with ISPc3 running fine.

I need to protect a folder /var/www/lockthisfolder . I want to use Digest authentication.

I created a directory "lockbydigest" in / to contain the htdigest file.

Then I did:

Code:

root@mybox:/lockbydigest# htdigest -c digest private myname
Adding password for myname in realm private.
New password: 
Re-type new password: 
root@mybox:/lockbydigest# ls
digest
root@mybox:/lockbydigest# locate lockthisfolder
/var/www/lockthisfolder
root@mybox:/var/www/lockthisfolder# touch .htaccess
root@mybox:/var/www/lockthisfolder# ls
pma
root@mybox:/var/www/lockthisfolder# ls -a
.  ..  .htaccess  pma
root@mybox:/var/www/lockthisfolder# sudo nano .htaccess
root@mybox:/var/www/lockthisfolder# /etc/init.d/apache2 restart
 * Restarting web server apache2
   ...done.
root@mybox:/var/www/lockthisfolder# exit

The /var/www/lockthisfolder/.htaccess file contains:

Code:

<Directory /var/www/lockthisfolder>
        AuthType Digest
        AuthName "Private"
        AuthDigestFile /etc/apache2/lockbydigest/digest
        Require user myname
</Directory>

Why don't I get a username/password challenge when I go to /var/www/lockthisfolder ?

Thanks as always :-)

S

[prisfeo]

did you check that .htaccess directive are read by Apache webserver ?
i am referring to the "AllowOverride" setting directive inside apache httpd.conf

look here:
http://httpd.apache.org/docs/2.0/mod...#allowoverride

When this directive is set to "None",
then .htaccess files are completely ignored.

[smartin]

Quote:

Originally Posted by prisfeo

did you check that .htaccess directive are read by Apache webserver ?
i am referring to the "AllowOverride" setting directive inside apache httpd.conf

look here:
http://httpd.apache.org/docs/2.0/mod...#allowoverride

When this directive is set to "None",
then .htaccess files are completely ignored.

prisfeo,

Thanks for chipping in...

ISPc3 relies on Apache directives so I'm sure they must be activated. No?

S

[prisfeo]

yes,
but pay attention that after regular ispconfig3 installation,
if you look inside /etc/httpd/conf/httpd.conf
you'll see this setting:
"AllowOverride None"

and only in /etc/httpd/conf/sites-available/www.yoursite.com.vhost apache config files there is:
"AllowOverride All"

that "enables" .htaccess "looking" by apache.
so that, check if your "/var/www/lockthisfolder"
is configured inside a httpd virtual host with that AllowOverride setting.

i mean the following:

<Directory /var/www/lockthisfolder>
AllowOverride All
.....
.....
</Directory>

[smartin]

Quote:

Originally Posted by prisfeo

yes,
but pay attention that after regular ispconfig3 installation,
if you look inside /etc/httpd/conf/httpd.conf
you'll see this setting:
"AllowOverride None"

and only in /etc/httpd/conf/sites-available/www.yoursite.com.vhost apache config files there is:
"AllowOverride All"

that "enables" .htaccess "looking" by apache.
so that, check if your "/var/www/lockthisfolder"
is configured inside a httpd virtual host with that AllowOverride setting.

i mean the following:

<Directory /var/www/lockthisfolder>
AllowOverride All
.....
.....
</Directory>

prisfeo,

I'm not quite following...

Do you mean that the .htacess file inside /var/www/lockthisfolder should look like this?:

Code:

<Directory /var/www/lockthisfolder>
        AllowOverride All
        AuthType Digest
        AuthName "Private"
        AuthDigestFile /etc/apache2/lockbydigest/digest
        Require user myname
</Directory>

S

[prisfeo]

no.
...
as told before, i mean you have to check the apache configuration,
that is related to the "/var/www/lockthisfolder" folder.
is that folder configured inside a virtual host config file ?
if yes, check that configuration..
it's that configuration that must have inside the "Directory" directive
the "AllowOverride All" statement.
i hope to have explained better..(unfortunately i am not english)