Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 1st February 2010, 10:24
smartin smartin is offline
Member
 
Join Date: Dec 2007
Posts: 82
Thanks: 3
Thanked 0 Times in 0 Posts
Default Newb: Desperately need help to password protect a directory SOLVED

EDIT:

(Please read the whole thread but I hope this is the solution...)

This is simplicity itself. Only took me just over two weeks

I am running Ubuntu server 8.04 LTS, set up with ISPc3.

I need to protect a folder /var/www/lockthisfolder . I want to use Digest authentication.

I created a directory "lockbydigest" in / to contain the htdigest file.

NOTE: Only use the -c flag the first time you create the htdigest file. Otherwise a new one will be created for you and you will lose the details of the existing users you have set up.

Code:
root@mybox:/lockbydigest# htdigest -c digest private myname
Adding password for myname in realm private.
New password: 
Re-type new password: 
root@mybox:/lockbydigest# ls
digest
root@mybox:/lockbydigest# locate lockthisfolder
/var/www/lockthisfolder
root@mybox:/var/www/lockthisfolder# touch .htaccess
root@mybox:/var/www/lockthisfolder# ls
pma
root@mybox:/var/www/lockthisfolder# ls -a
.  ..  .htaccess  pma
root@mybox:/var/www/lockthisfolder# sudo nano .htaccess
root@mybox:/var/www/lockthisfolder# /etc/init.d/apache2 restart
 * Restarting web server apache2
   ...done.
root@mybox:/var/www/lockthisfolder# exit
The /var/www/lockthisfolder/.htaccess file contains:
Code:
AuthType Digest
AuthName "private"
AuthDigestDomain /var/www/lockthisfolder http://www.my.servername.com/lockthisfolder
AuthUserFile /etc/apache2/lockbydigest/digest
Require valid-user
Restart apache
Code:
sudo /etc/init.d/apache2 restart
Be sure to do
Code:
sudo chown root:www-data digest
sudo chmod 640 .htaccess
on the digest file and the .htaccess file.

I think that was all I did! Look through the rest of the thread if something isn't working.

S


Hi,

(Starting this here as it's probably to do with the ISPc3 htaccess file...?)

I urgently need to password protect a directory and seem to be getting things wrong, as usual...

I'm running Ubuntu 8.04 LTS server with ISPc3 running fine.

I need to protect a folder /var/www/lockthisfolder . I want to use Digest authentication.

I created a directory "lockbydigest" in / to contain the htdigest file.

Then I did:
Code:
root@mybox:/lockbydigest# htdigest -c digest private myname
Adding password for myname in realm private.
New password: 
Re-type new password: 
root@mybox:/lockbydigest# ls
digest
root@mybox:/lockbydigest# locate lockthisfolder
/var/www/lockthisfolder
root@mybox:/var/www/lockthisfolder# touch .htaccess
root@mybox:/var/www/lockthisfolder# ls
pma
root@mybox:/var/www/lockthisfolder# ls -a
.  ..  .htaccess  pma
root@mybox:/var/www/lockthisfolder# sudo nano .htaccess
root@mybox:/var/www/lockthisfolder# /etc/init.d/apache2 restart
 * Restarting web server apache2
   ...done.
root@mybox:/var/www/lockthisfolder# exit
The /var/www/lockthisfolder/.htaccess file contains:
Code:
<Directory /var/www/lockthisfolder>
        AuthType Digest
        AuthName "Private"
        AuthDigestFile /etc/apache2/lockbydigest/digest
        Require user myname
</Directory>
Why don't I get a username/password challenge when I go to /var/www/lockthisfolder ?

Thanks as always :-)

S

Last edited by smartin; 17th February 2010 at 18:19.
Reply With Quote
Sponsored Links
  #2  
Old 1st February 2010, 14:09
prisfeo prisfeo is offline
Member
 
Join Date: Jan 2010
Posts: 37
Thanks: 3
Thanked 2 Times in 2 Posts
Default

did you check that .htaccess directive are read by Apache webserver ?
i am referring to the "AllowOverride" setting directive inside apache httpd.conf

look here:
http://httpd.apache.org/docs/2.0/mod...#allowoverride

When this directive is set to "None",
then .htaccess files are completely ignored.

Last edited by prisfeo; 1st February 2010 at 14:16.
Reply With Quote
  #3  
Old 1st February 2010, 14:46
smartin smartin is offline
Member
 
Join Date: Dec 2007
Posts: 82
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by prisfeo View Post
did you check that .htaccess directive are read by Apache webserver ?
i am referring to the "AllowOverride" setting directive inside apache httpd.conf

look here:
http://httpd.apache.org/docs/2.0/mod...#allowoverride

When this directive is set to "None",
then .htaccess files are completely ignored.
prisfeo,

Thanks for chipping in...

ISPc3 relies on Apache directives so I'm sure they must be activated. No?

S
Reply With Quote
  #4  
Old 1st February 2010, 15:35
prisfeo prisfeo is offline
Member
 
Join Date: Jan 2010
Posts: 37
Thanks: 3
Thanked 2 Times in 2 Posts
Default

yes,
but pay attention that after regular ispconfig3 installation,
if you look inside /etc/httpd/conf/httpd.conf
you'll see this setting:
"AllowOverride None"

and only in /etc/httpd/conf/sites-available/www.yoursite.com.vhost apache config files there is:
"AllowOverride All"

that "enables" .htaccess "looking" by apache.
so that, check if your "/var/www/lockthisfolder"
is configured inside a httpd virtual host with that AllowOverride setting.

i mean the following:

<Directory /var/www/lockthisfolder>
AllowOverride All
.....
.....
</Directory>
Reply With Quote
  #5  
Old 1st February 2010, 15:48
smartin smartin is offline
Member
 
Join Date: Dec 2007
Posts: 82
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by prisfeo View Post
yes,
but pay attention that after regular ispconfig3 installation,
if you look inside /etc/httpd/conf/httpd.conf
you'll see this setting:
"AllowOverride None"

and only in /etc/httpd/conf/sites-available/www.yoursite.com.vhost apache config files there is:
"AllowOverride All"

that "enables" .htaccess "looking" by apache.
so that, check if your "/var/www/lockthisfolder"
is configured inside a httpd virtual host with that AllowOverride setting.

i mean the following:

<Directory /var/www/lockthisfolder>
AllowOverride All
.....
.....
</Directory>
prisfeo,

I'm not quite following...

Do you mean that the .htacess file inside /var/www/lockthisfolder should look like this?:

Code:
<Directory /var/www/lockthisfolder>
        AllowOverride All
        AuthType Digest
        AuthName "Private"
        AuthDigestFile /etc/apache2/lockbydigest/digest
        Require user myname
</Directory>
S
Reply With Quote
  #6  
Old 1st February 2010, 16:03
prisfeo prisfeo is offline
Member
 
Join Date: Jan 2010
Posts: 37
Thanks: 3
Thanked 2 Times in 2 Posts
Default

no.
...
as told before, i mean you have to check the apache configuration,
that is related to the "/var/www/lockthisfolder" folder.
is that folder configured inside a virtual host config file ?
if yes, check that configuration..
it's that configuration that must have inside the "Directory" directive
the "AllowOverride All" statement.
i hope to have explained better..(unfortunately i am not english)
Reply With Quote
  #7  
Old 1st February 2010, 16:46
smartin smartin is offline
Member
 
Join Date: Dec 2007
Posts: 82
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Quote:
no.
...
as told before, i mean you have to check the apache configuration,
that is related to the "/var/www/lockthisfolder" folder.
How do I know which file that is? I'm guessing it must be tha main /etc/apache2/httpd.conf file...?
Quote:
is that folder configured inside a virtual host config file ?
I'm guessing not... It's outside the ISPc3 structure, in the root of the /www directory.

Quote:
if yes, check that configuration..
it's that configuration that must have inside the "Directory" directive
the "AllowOverride All" statement.
My /etc/apache2/httpd.conf file is completely empty. Is that the relevant file? How should it look?

Code:
<Directory /var/www/lockthisfolder>
        AllowOverride All
</Directory>
?

Quote:
i hope to have explained better..(unfortunately i am not english)
No problem! I'm grateful for your help.

S
Reply With Quote
  #8  
Old 1st February 2010, 17:03
prisfeo prisfeo is offline
Member
 
Join Date: Jan 2010
Posts: 37
Thanks: 3
Thanked 2 Times in 2 Posts
Default

uhmm..if you tellin that above..i think your apache httpd.conf is not located
like mine (i use Centos) cause it cannot be empty..in Ubuntu maybe
located in /usr/local/apache2 ?
you can do the following find command inside terminal:

find / -iname 'httpd.conf'

mine is located at:
/etc/httpd/conf/httpd.conf

and it's not empty..but it has the "AllowOverride" directive
set to "None" since are the virtual host apache config files that
tune the per-site configurations.(as said before)
..
if you are telling that your folder is "out of the ispc3 struct"
so when you have find the "non-empty" httpd.conf
edit it, and find lines with "AllowOverride" directive
and try to set them to "All"

and after editing do an "apachectl restart"
a try to see if it works as expected
Reply With Quote
  #9  
Old 1st February 2010, 17:42
smartin smartin is offline
Member
 
Join Date: Dec 2007
Posts: 82
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by prisfeo View Post
uhmm..if you tellin that above..i think your apache httpd.conf is not located
like mine (i use Centos) cause it cannot be empty..in Ubuntu maybe
located in /usr/local/apache2 ?
you can do the following find command inside terminal:

find / -iname 'httpd.conf'

mine is located at:
/etc/httpd/conf/httpd.conf

and it's not empty..but it has the "AllowOverride" directive
set to "None" since are the virtual host apache config files that
tune the per-site configurations.(as said before)
..
if you are telling that your folder is "out of the ispc3 struct"
so when you have find the "non-empty" httpd.conf
edit it, and find lines with "AllowOverride" directive
and try to set them to "All"

and after editing do an "apachectl restart"
a try to see if it works as expected
I only seem to have one httpd.conf file, /etc/apache2/httpd.conf, and it's definitely empty.

Is this an Ubuntu quirk?

Is there another file which could do the same job?

Does it have another name in Ubuntu perhaps?

S
Reply With Quote
  #10  
Old 1st February 2010, 18:17
yoplait yoplait is offline
Senior Member
 
Join Date: Dec 2009
Posts: 143
Thanks: 48
Thanked 13 Times in 10 Posts
 
Default

maybe /etc/apache2/apache2.conf ? (for debian ...)
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Email problem 'Cannot set my user or group id.' (using ISPConfig 3 + OpenSuSE 11.2) urosm Installation/Configuration 5 19th June 2010 22:41
can't help ispconfig to install please help steve51184 Installation/Configuration 17 20th February 2009 10:37
ISPConfig install issues... flyingaggie Installation/Configuration 2 18th July 2008 10:46
Systemimager (rsync) doesn't copy all comedit HOWTO-Related Questions 11 19th January 2007 17:17
How to install BFD (Brute Force Detection) domino Tips/Tricks/Mods 9 31st March 2006 22:40


All times are GMT +2. The time now is 14:34.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.