Hi there,
Hacker has been kind enough to try and help me with getting an admin section of my site protected, but for some reason it's just not working. I'm hoping someone here can help me get this straightened out so I can get rid of the potential security leak.
This is what I currently have in my .htaccess (I've changed the path just for posting here):
<Limit GET POST>
order deny,allow
deny from all
allow from all
require valid-user
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName "You Are Entering A Password Protected Area"
AuthType Basic
AuthUserFile /home/path/to/.htpasswd
require valid-user
Originally I didn't have the "Limit" stuff in there, but that was the latest attempt.
And my .htpasswd file has the following (info changed to protect the innocent):
username:name
username
assword
Can anyone tell from this what may be wrong? When I try and access the page/directory I'm protecting I'm given 3 tries to enter in the correct username and password and then I get told that I'm not authorized. Eeek! I'm glad no one can get to the files, but gee it sure would be nice if *I* could get to them!!!
Thanks in advance.
Laurahi Laura and welcome to the forums! (havent seen your name in the new members forums yet)
everything appears correct on the .htaccess and i have just a couple of questions. where is your password file located, and what level of dir is your access being granted? (correct me if i'm wrong) it appears you are referancing the htpasswrd file from the root which is good if you will be using the same passwords and logins for mutiple locations in your site.
about the only other thing i can think of is mabey it's a config glitch on the IIS or appche part (not sure what os) check to see that the htpasswrd file is set to that and not htpasword.
O one more thing... have you configured a different htaccess file and password anywhere else on this server? (just currious)
yes! i do have a "Hit Head Here" sign in my cubical!
chris<pixelmonkey>:monkey:Hi Chris,
My .htpasswd and .htaccess files are located within the directory that I'm trying to protect. Nowhere else. I'm not sure I understand what you mean by "what level". without giving my actual paths, it would be like this:
home/laura/dealdivas/dir/dir/dir/dir and they're in there.
I'll check with my host to see if the spelling of the file needs to be different. That's a good thought.
Haven't ever been able to get any .htaccess file to work on this server (figured I was just brain-dead and doing something wrong), but this one is to fix a serious security glitch so it's rather necessary.
Thanks for looking at this stuff. If there's anything wrong with my path, please let me know.the paths to your file locations arent the problem here. i would check with your host to see if there are any limits on the server that would disable an htaccess. if you find anything out, please let us know!
thanks
chris<pixelmonkey>:monkey:Laura is suggestions given by the chirs are working and r u able to make ur site's administrative section secure..if yes...n u r using IIS please tell me about configuring .htaccess and .htpasswd with IIS i am using these too but these arenot working well...site access does not prompt me for login or deniel message...ur case was that u r prompted but not authenticated properly...
Please make me aware of settings u made to ur IIS to make .htaccess and .htpasswd work...
Thanks in advance
Gakhardo you get a password prompt ?
there are 2 .htaccess tutorials on <!-- m --><a class="postlink" href="http://www.joe2torials.com/">http://www.joe2torials.com/</a><!-- m --> and will shortly be an encryption form to encrypt your .htpasswd filesHi Gukhar, and welcome to HTMLForums.
If you didn't happen to notice, this thread is almost three years old... next time, would you please create a new thread instead of digging up an old oneOriginally posted by agent002
Hi Gukhar, and welcome to HTMLForums.
If you didn't happen to notice, this thread is almost three years old... next time, would you please create a new thread instead of digging up an old one :rofl: i didn't even notice that
Hacker has been kind enough to try and help me with getting an admin section of my site protected, but for some reason it's just not working. I'm hoping someone here can help me get this straightened out so I can get rid of the potential security leak.
This is what I currently have in my .htaccess (I've changed the path just for posting here):
<Limit GET POST>
order deny,allow
deny from all
allow from all
require valid-user
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName "You Are Entering A Password Protected Area"
AuthType Basic
AuthUserFile /home/path/to/.htpasswd
require valid-user
Originally I didn't have the "Limit" stuff in there, but that was the latest attempt.
And my .htpasswd file has the following (info changed to protect the innocent):
username:name
username
asswordCan anyone tell from this what may be wrong? When I try and access the page/directory I'm protecting I'm given 3 tries to enter in the correct username and password and then I get told that I'm not authorized. Eeek! I'm glad no one can get to the files, but gee it sure would be nice if *I* could get to them!!!
Thanks in advance.
Laurahi Laura and welcome to the forums! (havent seen your name in the new members forums yet)
everything appears correct on the .htaccess and i have just a couple of questions. where is your password file located, and what level of dir is your access being granted? (correct me if i'm wrong) it appears you are referancing the htpasswrd file from the root which is good if you will be using the same passwords and logins for mutiple locations in your site.
about the only other thing i can think of is mabey it's a config glitch on the IIS or appche part (not sure what os) check to see that the htpasswrd file is set to that and not htpasword.
O one more thing... have you configured a different htaccess file and password anywhere else on this server? (just currious)
yes! i do have a "Hit Head Here" sign in my cubical!
chris<pixelmonkey>:monkey:Hi Chris,
My .htpasswd and .htaccess files are located within the directory that I'm trying to protect. Nowhere else. I'm not sure I understand what you mean by "what level". without giving my actual paths, it would be like this:
home/laura/dealdivas/dir/dir/dir/dir and they're in there.
I'll check with my host to see if the spelling of the file needs to be different. That's a good thought.
Haven't ever been able to get any .htaccess file to work on this server (figured I was just brain-dead and doing something wrong), but this one is to fix a serious security glitch so it's rather necessary.
Thanks for looking at this stuff. If there's anything wrong with my path, please let me know.the paths to your file locations arent the problem here. i would check with your host to see if there are any limits on the server that would disable an htaccess. if you find anything out, please let us know!
thanks
chris<pixelmonkey>:monkey:Laura is suggestions given by the chirs are working and r u able to make ur site's administrative section secure..if yes...n u r using IIS please tell me about configuring .htaccess and .htpasswd with IIS i am using these too but these arenot working well...site access does not prompt me for login or deniel message...ur case was that u r prompted but not authenticated properly...
Please make me aware of settings u made to ur IIS to make .htaccess and .htpasswd work...
Thanks in advance
Gakhardo you get a password prompt ?
there are 2 .htaccess tutorials on <!-- m --><a class="postlink" href="http://www.joe2torials.com/">http://www.joe2torials.com/</a><!-- m --> and will shortly be an encryption form to encrypt your .htpasswd filesHi Gukhar, and welcome to HTMLForums.
If you didn't happen to notice, this thread is almost three years old... next time, would you please create a new thread instead of digging up an old one
Originally posted by agent002 Hi Gukhar, and welcome to HTMLForums.
If you didn't happen to notice, this thread is almost three years old... next time, would you please create a new thread instead of digging up an old one
:rofl: i didn't even notice that