htaccess-forbidden

Web hosting, FTP/database access, mirror services and hosted blogs
Post Reply
Bill52
Posts: 5
Joined: Sat Dec 19, 2009 12:03 am
Location: perth

htaccess-forbidden

Post by Bill52 » Fri Jan 22, 2010 4:20 am

Hi,

This should work. I just can't see what I am doing wrong ...
Could someone point it out pls!

The htaccess

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/freeweb/web/mydir/public_html/private/pw
AuthGroupFile /dev/null
require valid-user

the pw file

bill:$apr1$x8xnU...$Np3695JiBL9xBwKd/itA20 //generated with http://www.htaccesstools.com/htpasswd-generator/

Both files edited in Notepad, saved as txt.
Uploaded as ASCII.
Both files are in the same directory: FTP_ROOT/private/

When accessing the 'private' directory the password requester comes up, i enter name/pw and get the Forbidden page.
What am i doing wrong?

Thanks,

Bill

Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: htaccess-forbidden

Post by Dazzled » Fri Jan 22, 2010 8:01 am

The official authentication manual is here: http://httpd.apache.org/docs/1.3/howto/auth.html
Is "mydir" the correct spelling for the site? Require has a capital. Group list in the byte bucket - I don't, but I have seen it suggested. Check that Notepad hasn't appended a Windows suffix to the password file.

JeremyP
Posts: 159
Joined: Wed Dec 13, 2006 2:22 pm
Location: Newcastle NSW

Re: htaccess-forbidden

Post by JeremyP » Fri Jan 22, 2010 9:09 am

From what i can see, at first it was just an incorrect user/pass problem, but i can see you are now logging in correctly.

The reason you are seeing that error is because there is no index page. eg. index.htm/.html/.php

If you place a page in there it will be fine.

If you want to show the contents of the folder, i suggest you look up .htaccess file directives for directory listing.

Also to note with your 'pw' file, regardless if you need a user/pass to get access to the folder, it is recommend to stick to the typical '.htpasswd' file name for the password file.

Files with the '.ht' prefix are protected by Apache to not be visible or downloadable to anyone, where as your current setup allows the 'pw' file to be downloaded.

Bill52
Posts: 5
Joined: Sat Dec 19, 2009 12:03 am
Location: perth

Re: htaccess-forbidden

Post by Bill52 » Sat Jan 23, 2010 5:16 am

... the index.html ... naturally. I donnow what was I expecting to see ... there was no file in the dir ... THOUGH! what a spatz! :oops:

Thanks everybod! JeremyP, thanks!

.ht prefix, sure. Still, being able to put password and config files into the user-root-dir rather than into the document-root, would be better security ...

On the other hand:

<Files ~ "^pw">
Order allow,deny
Deny from all
Satisfy All
</Files>

hides my 'secretly' named pw file.
Good htaccess tute at: http://vortexmind.net/2006-02-26-apache ... ial/#index

order deny,allow
deny from all

is good to stop inquisitive people yet the file is still readable by a code.

Still, the user-root is better ... can we have it Jeremy? Pleeese! :)

Cheers, thanks again,

Bill

Post Reply