: .htaccess Apache and 10.1.5


Terry O'Leary
Jan 27th, 2004, 08:02 PM
Another question that is probably easily answered. I have a stock Apache webserver on 10.1.5 but I can't seem to get .htaccess to work.

here is a .htaccess file I have created and placed in
/User/terryole/Sites
and in /User/terryole/Sites/private

AuthType Basic
AuthName "By Invitation Only"
AuthUserFile /usr/local/apache/passwd/passwords
Require user terryole


and I created the directories
/usr/local/apache
and /usr/local/apache/passwd

and I created the passwd file with

sudo htpasswd -c /usr/local/apache/passwd/passwords terryole

but I might as well have done nothing. There are zero password screens that come up when I serve pages from those directories.

-HELP!

Script Kiddie
Jan 27th, 2004, 10:41 PM
I've used apache on a number of unix platforms but so much on OS X yet. Weird eh. But in general, have a looksee here (http://httpd.apache.org/docs/howto/htaccess.html)
and of course read the comments in /etc/httpd/httpd.conf
I'm assuming OS 10.1 used Apache 1.3.x
To confirm, say httpd -version

Terry O'Leary
Jan 28th, 2004, 05:29 PM
The version is ...

Server version: Apache/1.3.26 (Darwin)
Server built: 06/24/02 16:41:08

After I set terryole.conf up with

<Directory "/Users/terryole/Sites/">
Options Indexes MultiViews
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>

I can now get the password prompt in my webbrowser but it
does not let me in with
user:terryole
password:******** i.e. the user/password in

.../usr/local/apache/passwd/passwords

Terry O'Leary
Jan 28th, 2004, 06:48 PM
I put a space after ...

sudo htpasswd -c /usr/local/apache/passwd/passwords terryole

before hitting return. Maybe that did it but now it works.

This begs another question. Obviously I have access to the main configuration files of apache. Supposedly there is a preferred method of password protection if you have that access. I.E. you should not use .htaccess files unless you really HAVE to. What is the preferred method.

Thanks - Terry

Terry O'Leary
Jan 28th, 2004, 09:57 PM
I figured it out.

Well actually Google found this web page that helped smile.gif .

http://www.suse.de/en/private/support/online_help/howto/htpasswd/

Terry O'Leary
Jan 29th, 2004, 03:10 PM
Here is what I changed one of my apache.user.conf files to (found in /private/etc/httpd/users/ in 10.1.5)

...

<Directory "/Users/terryole/Sites/">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

<Directory "/Users/terryole/Sites/private">
AuthName "User.conf authorization"
Authtype Basic
AuthUserFile /usr/local/apache/passwd/passwords
Require user terryole terry terryoleary
</Directory>

...

Of course I had to create "passwords" the password file with htpasswd. .htaccess files are not looked at by Apache so there is not the files searching hit that .htaccess invokes.
Now I have basic password protection on /Users/terryole/Sites/private