Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 1st February 2010, 10:24
smartin smartin is offline
Member
 
Join Date: Dec 2007
Posts: 82
Thanks: 3
Thanked 0 Times in 0 Posts
Default Newb: Desperately need help to password protect a directory SOLVED

EDIT:

(Please read the whole thread but I hope this is the solution...)

This is simplicity itself. Only took me just over two weeks

I am running Ubuntu server 8.04 LTS, set up with ISPc3.

I need to protect a folder /var/www/lockthisfolder . I want to use Digest authentication.

I created a directory "lockbydigest" in / to contain the htdigest file.

NOTE: Only use the -c flag the first time you create the htdigest file. Otherwise a new one will be created for you and you will lose the details of the existing users you have set up.

Code:
root@mybox:/lockbydigest# htdigest -c digest private myname
Adding password for myname in realm private.
New password: 
Re-type new password: 
root@mybox:/lockbydigest# ls
digest
root@mybox:/lockbydigest# locate lockthisfolder
/var/www/lockthisfolder
root@mybox:/var/www/lockthisfolder# touch .htaccess
root@mybox:/var/www/lockthisfolder# ls
pma
root@mybox:/var/www/lockthisfolder# ls -a
.  ..  .htaccess  pma
root@mybox:/var/www/lockthisfolder# sudo nano .htaccess
root@mybox:/var/www/lockthisfolder# /etc/init.d/apache2 restart
 * Restarting web server apache2
   ...done.
root@mybox:/var/www/lockthisfolder# exit
The /var/www/lockthisfolder/.htaccess file contains:
Code:
AuthType Digest
AuthName "private"
AuthDigestDomain /var/www/lockthisfolder http://www.my.servername.com/lockthisfolder
AuthUserFile /etc/apache2/lockbydigest/digest
Require valid-user
Restart apache
Code:
sudo /etc/init.d/apache2 restart
Be sure to do
Code:
sudo chown root:www-data digest
sudo chmod 640 .htaccess
on the digest file and the .htaccess file.

I think that was all I did! Look through the rest of the thread if something isn't working.

S


Hi,

(Starting this here as it's probably to do with the ISPc3 htaccess file...?)

I urgently need to password protect a directory and seem to be getting things wrong, as usual...

I'm running Ubuntu 8.04 LTS server with ISPc3 running fine.

I need to protect a folder /var/www/lockthisfolder . I want to use Digest authentication.

I created a directory "lockbydigest" in / to contain the htdigest file.

Then I did:
Code:
root@mybox:/lockbydigest# htdigest -c digest private myname
Adding password for myname in realm private.
New password: 
Re-type new password: 
root@mybox:/lockbydigest# ls
digest
root@mybox:/lockbydigest# locate lockthisfolder
/var/www/lockthisfolder
root@mybox:/var/www/lockthisfolder# touch .htaccess
root@mybox:/var/www/lockthisfolder# ls
pma
root@mybox:/var/www/lockthisfolder# ls -a
.  ..  .htaccess  pma
root@mybox:/var/www/lockthisfolder# sudo nano .htaccess
root@mybox:/var/www/lockthisfolder# /etc/init.d/apache2 restart
 * Restarting web server apache2
   ...done.
root@mybox:/var/www/lockthisfolder# exit
The /var/www/lockthisfolder/.htaccess file contains:
Code:
<Directory /var/www/lockthisfolder>
        AuthType Digest
        AuthName "Private"
        AuthDigestFile /etc/apache2/lockbydigest/digest
        Require user myname
</Directory>
Why don't I get a username/password challenge when I go to /var/www/lockthisfolder ?

Thanks as always :-)

S

Last edited by smartin; 17th February 2010 at 18:19.
Reply With Quote
Sponsored Links
  #2  
Old 1st February 2010, 14:09
prisfeo prisfeo is offline
Member
 
Join Date: Jan 2010
Posts: 38
Thanks: 3
Thanked 2 Times in 2 Posts
Default

did you check that .htaccess directive are read by Apache webserver ?
i am referring to the "AllowOverride" setting directive inside apache httpd.conf

look here:
http://httpd.apache.org/docs/2.0/mod...#allowoverride

When this directive is set to "None",
then .htaccess files are completely ignored.

Last edited by prisfeo; 1st February 2010 at 14:16.
Reply With Quote
  #3  
Old 1st February 2010, 14:46
smartin smartin is offline
Member
 
Join Date: Dec 2007
Posts: 82
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by prisfeo View Post
did you check that .htaccess directive are read by Apache webserver ?
i am referring to the "AllowOverride" setting directive inside apache httpd.conf

look here:
http://httpd.apache.org/docs/2.0/mod...#allowoverride

When this directive is set to "None",
then .htaccess files are completely ignored.
prisfeo,

Thanks for chipping in...

ISPc3 relies on Apache directives so I'm sure they must be activated. No?

S
Reply With Quote
  #4  
Old 1st February 2010, 15:35
prisfeo prisfeo is offline
Member
 
Join Date: Jan 2010
Posts: 38
Thanks: 3
Thanked 2 Times in 2 Posts
Default

yes,
but pay attention that after regular ispconfig3 installation,
if you look inside /etc/httpd/conf/httpd.conf
you'll see this setting:
"AllowOverride None"

and only in /etc/httpd/conf/sites-available/www.yoursite.com.vhost apache config files there is:
"AllowOverride All"

that "enables" .htaccess "looking" by apache.
so that, check if your "/var/www/lockthisfolder"
is configured inside a httpd virtual host with that AllowOverride setting.

i mean the following:

<Directory /var/www/lockthisfolder>
AllowOverride All
.....
.....
</Directory>
Reply With Quote
  #5  
Old 1st February 2010, 15:48
smartin smartin is offline
Member
 
Join Date: Dec 2007
Posts: 82
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by prisfeo View Post
yes,
but pay attention that after regular ispconfig3 installation,
if you look inside /etc/httpd/conf/httpd.conf
you'll see this setting:
"AllowOverride None"

and only in /etc/httpd/conf/sites-available/www.yoursite.com.vhost apache config files there is:
"AllowOverride All"

that "enables" .htaccess "looking" by apache.
so that, check if your "/var/www/lockthisfolder"
is configured inside a httpd virtual host with that AllowOverride setting.

i mean the following:

<Directory /var/www/lockthisfolder>
AllowOverride All
.....
.....
</Directory>
prisfeo,

I'm not quite following...

Do you mean that the .htacess file inside /var/www/lockthisfolder should look like this?:

Code:
<Directory /var/www/lockthisfolder>
        AllowOverride All
        AuthType Digest
        AuthName "Private"
        AuthDigestFile /etc/apache2/lockbydigest/digest
        Require user myname
</Directory>
S
Reply With Quote
  #6  
Old 1st February 2010, 16:03
prisfeo prisfeo is offline
Member
 
Join Date: Jan 2010
Posts: 38
Thanks: 3
Thanked 2 Times in 2 Posts
Default

no.
...
as told before, i mean you have to check the apache configuration,
that is related to the "/var/www/lockthisfolder" folder.
is that folder configured inside a virtual host config file ?
if yes, check that configuration..
it's that configuration that must have inside the "Directory" directive
the "AllowOverride All" statement.
i hope to have explained better..(unfortunately i am not english)
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Email problem 'Cannot set my user or group id.' (using ISPConfig 3 + OpenSuSE 11.2) urosm Installation/Configuration 5 19th June 2010 22:41
can't help ispconfig to install please help steve51184 Installation/Configuration 17 20th February 2009 10:37
ISPConfig install issues... flyingaggie Installation/Configuration 2 18th July 2008 10:46
Systemimager (rsync) doesn't copy all comedit HOWTO-Related Questions 11 19th January 2007 17:17
How to install BFD (Brute Force Detection) domino Tips/Tricks/Mods 9 31st March 2006 22:40


All times are GMT +2. The time now is 03:46.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.