>>>> I am trying to password protect a sub directory within the web space of a
>>>> domain that is serving site statistics of awstats generated pages. The path
>>> > to the dir is /home/user1/www/awstats. When testing, I am able to get a
>>> > username and password prompt for the front page of the site, i.e. for
>>> > www.mydomain.com, when I place the .htaccess file in www. But I can't get a
>>> > functional prompt for www.mydomain.com/awstats when I place the .htaccess in
>>> > the awstats dir. The login box comes up but it won't accept my username
>>> > password combo, even though it will accept it when I have the same .htaccess
>>> > file in the www dir.
>>>
>>> See:
>>> http://httpd.apache.org/docs/2.2/howto/htaccess.html
>>>
>>> Your problem is that you don't have AllowOverride s
et correctly for
>>> the relevant directory. But beyond that, you probably don't want to be
>>> using .htaccess at all. Just put the directives in the relevant
>>> <Directory> section in httpd.conf.
>>>
>>> Joshua.
>>
>>Thanks Joshua,
>>
>>I read the above DOC you posted thanks. Just to clarify, do you
>>reccomend that I use the <Directory> method in the main httpd.conf file
>>as described in the above, instead ot .htaccess?
>
>Oops, just re read your post :) appears that's what you meant.
OK I took the advice and have been trying to set up http username and password logins without using .htaccess files inside the web accessible directory I am trying to password protect. I checked my AllowOverride settings in httpd.conf and they appear to be set correctly and I’m still not getting a login prompt which accepts the correct username and password I type in for the script aliased directory. I posted all of my AllowOverride settings in the main httpd.conf file at the end of this post. <
/FONT>
I am trying to use the <Location> tag instead of the <Directory> tag within individual virtual domain httpd.conf files – files which were enabled by the main httpd.conf file’s “Include conf.d/*.conf” directive. In other words, I have virtual domain files - www.domain1.con.conf , www.domain2.com.conf , and so on in the /etc/httpd/conf.d directory which all contain (so far only) my virtual host tags for those domains.
Is using the <Location> tag advisable (or possible), instead of using the <directory> tag in my virtual host .conf files to enable username password logins?
I read this as a good method in my Apache 2.0 Wrox book, it’s a bit out dated though, and I’m using Apache 2.2 on a Centos 5.1 box.
The tag I just added to one of my test virtual domain files is this:
<Location /home/mydirectory/www/awstats>
AuthName "MembersOnly"
AuthType Basic
AuthUserFile /home/mydirectory/.htpasswd
Require user testuser
</Location>
The above virtual domain file includes the tag:
<VirtualHost 12.345.678.910:80>
ServerAdmin help@xxxxxxxxxx
DocumentRoot /home/mydirectory/www
ServerName www.blabla.com
ServerAlias blabla.com
ErrorLog logs/blabla.com-error_log
CustomLog logs/blabla.com-access_log combined
ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"
</VirtualHost>
After reloading apache and going to http.www.blabla.com, I did get a popup login box, but when I type in my username and password it won’t take it, even though I’m sure it’s the correct combo created by htpasswd –c .htpasswd testuser.
Any hints or suggestions as to what I am doing wrong?
Below are the AllowOverride settings in httpd.conf:
<Directory />
Options FollowSymLinks
AllowOverride AuthConfig
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
<Directory "/var/www/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
<Directory "/var/www/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en es de fr
ForceLanguagePriority Prefer Fallback
</Directory>
<IfModule mod_include.c>
<Directory "/var/www/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en es de fr
ForceLanguagePriority Prefer Fallback
</Directory>
