Comments on: Apache Authentication in htaccess http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html Advanced Web Development Wed, 18 Nov 2009 23:28:48 -0500 hourly 1 By: Bobby Kozora http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html#comment-110135 Bobby Kozora Wed, 18 Nov 2009 15:32:01 +0000 http://www.askapache.com.com/htaccess/apache-authentication-in-htaccess.html#comment-110135 I'm trying to use apache authentication as added protection to the password protected admin section of one of my sites. The site's using Wordpress. What's happening is when I access the admin section the .htaccess file in that directory isn't executing. Well, it will throw errors but if all's fine it passes back to my root .htaccess which then displays the 404 page. If I remove the .htaccess from my admin directory I can once again access my login page. Any ideas? I'm stumped. I’m trying to use apache authentication as added protection to the password protected admin section of one of my sites. The site’s using Wordpress. What’s happening is when I access the admin section the .htaccess file in that directory isn’t executing. Well, it will throw errors but if all’s fine it passes back to my root .htaccess which then displays the 404 page. If I remove the .htaccess from my admin directory I can once again access my login page. Any ideas? I’m stumped.

]]> By: chris jar http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html#comment-72822 chris jar Tue, 05 May 2009 10:22:35 +0000 http://www.askapache.com.com/htaccess/apache-authentication-in-htaccess.html#comment-72822 Hi, I encountered this problem. I have <code>.htaccess</code> file: <pre>AuthType Basic AuthName "RestrictedFilesmain" AuthUserFile "d:\Program Files\Apache Group\Apache2\htdocs\main\conf\c.htpasswd" ErrorDocument 401 "ERROR_ 441 Authorization Required" ErrorDocument 403 "ERROR_ 403 Forbidden" ErrorDocument 404 "ERROR_ 404 Not Found" Require user loggeduser Require user chris</pre> and <code>c.htpasswd</code> file <pre>loggeduser:10144831511059024327 chris:a2wssd</pre> When I log in into the protected page for the first time I enter chris:a2wssd and I am allowed to enter the page. Next I change password in the <code>c.httpasswd</code> file into <code>a2ws4ss</code>. And I still have access to the page just using refresh button in my Firefox browser. It looks like the Apache server didn't notice that I have change the password value in the mean time. What's wrong? I need to stop immediately the access to the protected page by changing the password in the file. Regards chris Hi,

I encountered this problem.

I have .htaccess file:

AuthType Basic
AuthName "RestrictedFilesmain"
AuthUserFile "d:\Program Files\Apache Group\Apache2\htdocs\main\conf\c.htpasswd"
ErrorDocument 401 "ERROR_ 441 Authorization Required"
ErrorDocument 403 "ERROR_ 403 Forbidden"
ErrorDocument 404 "ERROR_ 404 Not Found"
Require user loggeduser
Require user chris

and c.htpasswd file

loggeduser:10144831511059024327
chris:a2wssd

When I log in into the protected page for the first time I enter chris:a2wssd and I am allowed to enter the page. Next I change password in the c.httpasswd file into a2ws4ss. And I still have access to the page just using refresh button in my Firefox browser.

It looks like the Apache server didn’t notice that I have change the password value in the mean time. What’s wrong? I need to stop immediately the access to the protected page by changing the password in the file.

Regards chris

]]> By: Motosauro http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html#comment-65043 Motosauro Tue, 17 Feb 2009 09:08:34 +0000 http://www.askapache.com.com/htaccess/apache-authentication-in-htaccess.html#comment-65043 Thanks for the snippets, I pasted them into my blog since I tend to forget them very easily :) Just one question: why do you think it's better to put ErrorDocument override in .htaccess files rather than vhost definitions? I place them in vhost definition files because they don't ever change (almost). I guess it's just a matter of personal taste though Thanks mate :) Thanks for the snippets, I pasted them into my blog since I tend to forget them very easily :)

Just one question: why do you think it’s better to put ErrorDocument override in .htaccess files rather than vhost definitions?
I place them in vhost definition files because they don’t ever change (almost). I guess it’s just a matter of personal taste though

Thanks mate :)

]]> By: AskApache http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html#comment-44065 AskApache Mon, 11 Aug 2008 17:15:51 +0000 http://www.askapache.com.com/htaccess/apache-authentication-in-htaccess.html#comment-44065 <p><strong>@ Fred</strong></p> <p>Absolutely right. Thanks for the heads, thats a pretty big foul up on my part.</p> @ Fred

Absolutely right. Thanks for the heads, thats a pretty big foul up on my part.

]]> By: Fred http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html#comment-44060 Fred Mon, 11 Aug 2008 14:34:00 +0000 http://www.askapache.com.com/htaccess/apache-authentication-in-htaccess.html#comment-44060 Regarding "Require password for 1 file only", shouldn't this: <pre> AuthName "htaccess password prompt" AuthType Basic AuthUserFile /home/askapache.com/.htpasswd Require valid-user </pre> be this: <pre> AuthName "htaccess password prompt" AuthType Basic AuthUserFile /home/askapache.com/.htpasswd Order deny,allow Deny from all Require valid-user </pre> Your example allowed anyone on in two of my systems because of lack of a deny clause. Adding the two lines solved it. Regarding “Require password for 1 file only”, shouldn’t this:

AuthName "htaccess password prompt"
AuthType Basic
AuthUserFile /home/askapache.com/.htpasswd
Require valid-user

be this:

AuthName "htaccess password prompt"
AuthType Basic
AuthUserFile /home/askapache.com/.htpasswd
Order deny,allow
Deny from all
Require valid-user

Your example allowed anyone on in two of my systems because of lack of a deny clause. Adding the two lines solved it.

]]> By: Lauren http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html#comment-37576 Lauren Tue, 25 Mar 2008 23:29:14 +0000 http://www.askapache.com.com/htaccess/apache-authentication-in-htaccess.html#comment-37576 I deactivated the plugin, tried to modify the .htaccess in wp-admin, but still cannot get into my admin panel. Help!!!!!! I deactivated the plugin, tried to modify the .htaccess in wp-admin, but still cannot get into my admin panel. Help!!!!!!

]]>