Password Protecting Directories

[Alain2k5]

How do I password protect directories?

 

**Nevermind! Figured it out**

Edited December 25, 2005 by Alain2k5

[olajideolaolorun]

[Matd]

Could you share it with me and tell me how please?

[Ric]

The Wiki is a good place to start! These pages may be of help:

 

Extending Apache’s basic authentication using mod rewrite.

 

4.0-Mona: Enable SSL

 

All the best

Ric

[selym]

Thanks, that was very helpful.

 

Using that first wiki page, I was able to password protect my site, but the problem I'm having is that it prompts me twice. If I login once, the login box pops up again...and if I login again, I'm fine...but if I hit cancel that second time, it still lets me in, but prompts me on every single click going forward until I login again.

 

Anyone ever experience something like that?

 

 

The Wiki is a good place to start! These pages may be of help:

 

Extending Apache’s basic authentication using mod rewrite.

 

4.0-Mona: Enable SSL

 

All the best

Ric

[Ric]

Without knowing your server configuration it’s difficult to determine the cause of the double login.

 

Where have you located your site, is it in folder UniServer\udrive\www or UniServer\udrive\ssl?

 

What is the content of .htaccess file (folder where you located the site).

 

At each login what does the browser address bar display.

 

All the best

Ric

[selym]

Hi Ric,

 

Thanks for responding. Although I'm away from the machine at the moment, I can start this reply and give you some info now. I'll have to add the contents of my .htaccess to this post a bit later.

 

My site is located in UniServer\udrive\www

 

I am password protecting a picture gallery installed in a subdirectory called gallery. When I click the link to this gallery from my home page (mydomain.com) I get the password prompt, and them my address reverts to my IP (123.45.67.89/gallery and I get the password prompt again.

 

Thanks very much for the help.

 

 

Selym

 

 

 

Without knowing your server configuration it’s difficult to determine the cause of the double login.

 

Where have you located your site, is it in folder UniServer\udrive\www or UniServer\udrive\ssl?

 

What is the content of .htaccess file (folder where you located the site).

 

At each login what does the browser address bar display.

 

All the best

Ric

[Ric]

Ok Try this:

 

Edit file UniServer\udrive\htpasswd\www\.htpasswd

 

Add your name password pair to the end of this file e.g.

 

root:root

me:me123

 

(Note: Change root:root to something else or just delete it.)

 

Copy .htaccess from www to folder UniServer\udrive\www\gallery

Edit the copied file:

Delete its content and add these lines:

 

AuthName "Uniform Server - Server Access"

AuthType Basic

AuthUserFile /htpasswd/www/.htpasswd

Require user me

 

Note 1: In both of the files replace me with your user name change me123 with a password you want to use.

Note 2: If your name contains spaces enclose it in quotes “me mate”

 

Access the gallery folder using http://localhost/gallery/ or http://your_domain/gallery/

 

Note 3: Make sure these four lines in UniServer\udrive\www\.htpasswd are commented out as shown:

 

#AuthName "Uniform Server - Server Access"

#AuthType Basic

#AuthUserFile /htpasswd/www/.htpasswd

#Require valid-user

 

I will be interested if that prevents the double login.

 

All the best

Ric

[selym]

Hi Ric,

 

Thanks again for the response. I've commented on your post below.

 

 

Ok Try this:

 

Edit file UniServer\udrive\htpasswd\www\.htpasswd

 

Add your name password pair to the end of this file e.g.

 

root:root

me:me123

 

(Note: Change root:root to something else or just delete it.)

 

Yes, this part above I had already done. This file has my login credentials like so: myusername:password

 

 

Copy .htaccess from www to folder UniServer\udrive\www\gallery

 

So far so good. I had already done the above part as well.

 

 

Edit the copied file:

 

Delete its content and add these lines:

 

AuthName "Uniform Server - Server Access"

AuthType Basic

AuthUserFile /htpasswd/www/.htpasswd

Require user myusername

 

Note 1: In both of the files replace me with your user name change me123 with a password you want to use.

Note 2: If your name contains spaces enclose it in quotes “me mate”

 

Okay, this is where I had to make a change. This is what I had in my .htaccess in the gallery subdirectory:

 

AuthName "Please login to access MyDomain.com"

AuthType Basic

AuthUserFile W:\htpasswd\www\.htpasswd

Require valid-user

 

and I changed it to...

 

AuthName "Please login to access MyDomain.com"

AuthType Basic

AuthUserFile /htpasswd/www/.htpasswd

Require user myusername

 

 

Access the gallery folder using http://localhost/gallery/ or http://your_domain/gallery/

 

When I use localhost on the local machine, I only have to login once. When I use my domain name on my local machine, it's once as well. It's when I enter my domain name from an external machine, it requires two logins.

 

 

Note 3: Make sure these four lines in UniServer\udrive\www\.htpasswd are commented out as shown:

 

#AuthName "Uniform Server - Server Access"

#AuthType Basic

#AuthUserFile /htpasswd/www/.htpasswd

#Require valid-user

 

 

Okay, this part threw me for a bit of a loop. Did you mean UniServer\udrive\htpasswd\www\.htpasswd? I don't have an .htpasswd at UniServer\udrive\www and even at UniServer\udrive\htpasswd\www\.htpasswd I don't have anything like the above to comment out. All I have is the myusername:password in that file.

 

What also throws me off is that after the first login, the domain name reverts to the IP when prompting me for another login. It's like it's not resolving properly...I'm just not sure what I may have done wrong.

 

If there's any other info I can provide, please don't hesitate to ask. Thanks so much for taking the time to help!

 

 

Selym

[Ric]

Yep I gave the wrong file name for this:

 

Note 3: Make sure these four lines in UniServer\udrive\www\.htpasswd are commented out as shown:

 

Should have been:

Note 3: Make sure these four lines in UniServer\udrive\www\.htaccess are commented out as shown:

 

The other changes you made look OK (works because you can login correctly locally)

 

What’s interesting is this

Changes from http://fred.com to http://123.45.67.89!

It looks as if Apache is seeing two different domains hence the double login. This generally is self-inflicted for example http://fred.com/gallery gets redirected to http://fred.com/gallery/ because the last forward slash is added the redirection forces another security check (browser login).

 

1] Try using http://fred.com/gallery/ add the last forward slash to see if it resolves the problem.

 

2] I have seen UseCanonicalName on causing some strange problems I think in all versions of US this is off by default hence not an issue.

 

3] ServerName could be the problem!

 

Edit: UniServer\udrive\usr\local\apache2\conf\httpd.conf

 

Locate this at the bottom of the file:

 

ServerName localhost:80

DocumentRoot /www

 

Add this

 

ServerName fred.com

DocumentRoot /www

 

If you are using www.fred.com use that instead of fred.com

 

All the best

Ric

[selym]

Hi Ric,

 

I checked/tried everything you suggested with no luck. I do appreciate all the time you spent trying to help. I am going to continue to try and hunt down a root cause, and if there's anything else you can think of or info I can provide that may help arrive at a solution, please don't hesitate to ask.

 

It's a tough one since it could be a number of different things or a combination of many things. While it's not the end of the world if I don't find an answer, my stubborn side does hope I can figure it out eventually.

 

Thanks again Ric!

 

 

Sel

 

 

Yep I gave the wrong file name for this:

 

Note 3: Make sure these four lines in UniServer\udrive\www\.htpasswd are commented out as shown:

 

Should have been:

Note 3: Make sure these four lines in UniServer\udrive\www\.htaccess are commented out as shown:

 

The other changes you made look OK (works because you can login correctly locally)

 

What’s interesting is this

Changes from http://fred.com to http://123.45.67.89!

It looks as if Apache is seeing two different domains hence the double login. This generally is self-inflicted for example http://fred.com/gallery gets redirected to http://fred.com/gallery/ because the last forward slash is added the redirection forces another security check (browser login).

 

1] Try using http://fred.com/gallery/ add the last forward slash to see if it resolves the problem.

 

2] I have seen UseCanonicalName on causing some strange problems I think in all versions of US this is off by default hence not an issue.

 

3] ServerName could be the problem!

 

Edit: UniServer\udrive\usr\local\apache2\conf\httpd.conf

 

Locate this at the bottom of the file:

 

<VirtualHost *>

ServerName localhost:80

DocumentRoot /www

</VirtualHost>

 

Add this

 

<VirtualHost *>

ServerName fred.com

DocumentRoot /www

</VirtualHost>

 

If you are using www.fred.com use that instead of fred.com

 

All the best

Ric

[Ric]

You may be interested in this Wiki write-up!

It covers Apache’s basic authentication, viable over the Internet when secured using SSL.

The techniques shown eliminate the need for additional programming and remove the requirement to have mod-rewrite enabled.

A full-blown secure server is not required! Double logins eliminated.

 

All the best

Ric