Web Design Forums

stealthcow · 18-09-2007, 10:45

I've been developing our "Default Folder Structure" for a number of years now (which contains folders, files, code snippets, images etc which are used in every project)

We now have a new requirement to password protect a specific directory in this folder structure for every new website, I've got this working by creating a .htpasswd file with a generic username/password and a .htaccess file which points to the correct file

Code:

RewriteEngine on
AuthType Basic
AuthName "Preview Stage"
AuthUserFile /home/boldpoin/pubilc_html/preview/.htpasswd
Require valid-user

The only problem with this method is that we have to change the username each time we create a new site ("boldpoin" in this case). I've tried the following but it is no longer finding the .htpasswd file - am I close or missing something by using %{DOCUMENT_ROOT}?

Code:

RewriteEngine on
AuthType Basic
AuthName "Preview Stage"
AuthUserFile %{DOCUMENT_ROOT}preview/.htpasswd
Require valid-user

p.s i tried it with and without the trailing slash after the %{DOCUMENT_ROOT}

stealthcow · 19-09-2007, 05:14

come on you lot!

stealthcow · 27-09-2007, 06:50

stickmus · 27-09-2007, 08:10

have you tried using relative paths? Or no paths and having both in the same directory?

stealthcow · 27-09-2007, 08:20

yup, tried both, neither worked

stickmus · 27-09-2007, 08:46

"The AuthUserFile directive sets the name of a textual file containing the list of users and passwords for user authentication. File-path is the path to the user file. If it is not absolute (i.e., if it doesn't begin with a slash), it is treated as relative to the ServerRoot."

Apache module mod_auth

stealthcow · 27-09-2007, 09:30

interesting, thanks... made me think in a different direction (although still not working)

Code:

RewriteEngine on
AuthType Basic
AuthName "Preview Stage"
RewriteCond %{DOCUMENT_ROOT}	.*
AuthUserFile /%1/preview/.htpasswd
Require valid-user

stickmus · 27-09-2007, 09:42

Did you try just:

Code:

AuthType Basic
AuthName "Preview Stage"
AuthUserFile preview/.htpasswd
Require valid-user

stealthcow · 27-09-2007, 10:04

yes, but that would make it relative to the server root (usr/apache or equiv) where we need it to be /home/username/public_html/preview/.htpasswd

bit of a bugger this one!

stickmus · 27-09-2007, 10:33

Ah I see.

What about the squigly one:

Code:

~/preview/.htpasswd

Does that work?

stealthcow · 27-09-2007, 10:37

what does the squiggly do?

stickmus · 27-09-2007, 10:43

It's Unix for home

Shiro · 27-09-2007, 11:11

Quote:

what does the squiggly do?

I dont know what it does (well actually I do know cause I read the post before this), but what I do know is that the little squiggly thing is called a tilda.

My random knowledge of the minute.

stealthcow · 27-09-2007, 11:52

nope, didnt work

thanks for all the ideas though, keep em coming!

stickmus · 28-09-2007, 04:18

Afraid I'm all out. Other than to say have you access to your log files? Might be something useful in the errors/access logs.

proc355 · 28-09-2007, 04:45

2 things i don't get:

why don't you have a global .htpasswd in server root, or /etc/htpasswd or somewhere? fyi storing .htpasswd files beneath doc root isn't exactly safe...

why aren't you pushing new user:password combinations on to it during skeleton generation?

even using your structure, why can't you generate the files containing the correct information as part of your setup script? it would be simple in any language

ok, 3 things

stealthcow · 28-09-2007, 04:54

1) because not all our sites are hosted in the same place and hosting that the client buys seperately often doesnt allow root access
2 & 3) we don't have a script for generating a skeleton (as there's no need for this) - it's simply a collection of files/folders

proc355 · 28-09-2007, 05:54

1 fair nuff - assumed this was a location controlled by yourselves, and we all know assumption makes...

2/3 that's what a skeleton is... i say tomahtoe...

looking @ the docs i don't believe mod_auth can access env vars

if it's any consolation it's annoying the fuck out of me now too, haven't dealt much with apache conf nightmares of late

ok, you said having the .htaccess & .htpasswd in the same dir doesn't work, am i right saying that? because it works for me

Code:

proc355@soylentgreen:/var/www/apache2-default
$ tree -a
.
├── index.html
└── protected
    ├── .htaccess
    └── .htpasswd

1 directory, 3 files

$ cat protected/.htaccess 
AuthType Basic
AuthName "Preview Stage"
AuthUserFile .htpasswd
Require valid-user

$ cat protected/.htpasswd 
test:ksdr49BajUl0w

stickmus · 28-09-2007, 10:16

Quote:

ok, you said having the .htaccess & .htpasswd in the same dir doesn't work, am i right saying that? because it works for me

FWIW That's how I remember doing it too...

18-09-2007, 10:45	#1 (permalink)
stealthcow knocking heads Join Date: Jul 2003 Location: London, UK Posts: 1,914	HTACCESS password protect directory I've been developing our "Default Folder Structure" for a number of years now (which contains folders, files, code snippets, images etc which are used in every project) We now have a new requirement to password protect a specific directory in this folder structure for every new website, I've got this working by creating a .htpasswd file with a generic username/password and a .htaccess file which points to the correct file Code: RewriteEngine on AuthType Basic AuthName "Preview Stage" AuthUserFile /home/boldpoin/pubilc_html/preview/.htpasswd Require valid-user The only problem with this method is that we have to change the username each time we create a new site ("boldpoin" in this case). I've tried the following but it is no longer finding the .htpasswd file - am I close or missing something by using %{DOCUMENT_ROOT}? Code: RewriteEngine on AuthType Basic AuthName "Preview Stage" AuthUserFile %{DOCUMENT_ROOT}preview/.htpasswd Require valid-user p.s i tried it with and without the trailing slash after the %{DOCUMENT_ROOT}

27-09-2007, 06:50	#3 (permalink)
stealthcow knocking heads Join Date: Jul 2003 Location: London, UK Posts: 1,914	:\|

27-09-2007, 08:10	#4 (permalink)
stickmus hmmm... Join Date: Jan 2004 Location: Yorkuk Posts: 2,127	have you tried using relative paths? Or no paths and having both in the same directory? __________________ George Smith - a vain attempt to get higher on google for my name

27-09-2007, 08:46	#6 (permalink)
stickmus hmmm... Join Date: Jan 2004 Location: Yorkuk Posts: 2,127	"The AuthUserFile directive sets the name of a textual file containing the list of users and passwords for user authentication. File-path is the path to the user file. If it is not absolute (i.e., if it doesn't begin with a slash), it is treated as relative to the ServerRoot." Apache module mod_auth __________________ George Smith - a vain attempt to get higher on google for my name

27-09-2007, 09:30	#7 (permalink)
stealthcow knocking heads Join Date: Jul 2003 Location: London, UK Posts: 1,914	interesting, thanks... made me think in a different direction (although still not working) Code: RewriteEngine on AuthType Basic AuthName "Preview Stage" RewriteCond %{DOCUMENT_ROOT} .* AuthUserFile /%1/preview/.htpasswd Require valid-user

19-09-2007, 05:14	#2 (permalink)
stealthcow knocking heads Join Date: Jul 2003 Location: London, UK Posts: 1,914	come on you lot!

27-09-2007, 08:20	#5 (permalink)
stealthcow knocking heads Join Date: Jul 2003 Location: London, UK Posts: 1,914	yup, tried both, neither worked

27-09-2007, 09:42	#8 (permalink)
stickmus hmmm... Join Date: Jan 2004 Location: Yorkuk Posts: 2,127	Did you try just: Code: AuthType Basic AuthName "Preview Stage" AuthUserFile preview/.htpasswd Require valid-user __________________ George Smith - a vain attempt to get higher on google for my name

27-09-2007, 10:04	#9 (permalink)
stealthcow knocking heads Join Date: Jul 2003 Location: London, UK Posts: 1,914	yes, but that would make it relative to the server root (usr/apache or equiv) where we need it to be /home/username/public_html/preview/.htpasswd bit of a bugger this one!

27-09-2007, 10:33	#10 (permalink)
stickmus hmmm... Join Date: Jan 2004 Location: Yorkuk Posts: 2,127	Ah I see. What about the squigly one: Code: ~/preview/.htpasswd Does that work? __________________ George Smith - a vain attempt to get higher on google for my name

27-09-2007, 10:37	#11 (permalink)
stealthcow knocking heads Join Date: Jul 2003 Location: London, UK Posts: 1,914	what does the squiggly do?

27-09-2007, 10:43	#12 (permalink)
stickmus hmmm... Join Date: Jan 2004 Location: Yorkuk Posts: 2,127	It's Unix for home __________________ George Smith - a vain attempt to get higher on google for my name

27-09-2007, 11:52	#14 (permalink)
stealthcow knocking heads Join Date: Jul 2003 Location: London, UK Posts: 1,914	nope, didnt work thanks for all the ideas though, keep em coming!

28-09-2007, 04:18	#15 (permalink)
stickmus hmmm... Join Date: Jan 2004 Location: Yorkuk Posts: 2,127	Afraid I'm all out. Other than to say have you access to your log files? Might be something useful in the errors/access logs. __________________ George Smith - a vain attempt to get higher on google for my name

28-09-2007, 04:45	#16 (permalink)
proc355 Senior Member Join Date: Sep 2006 Location: Glasvegas Posts: 865	2 things i don't get: why don't you have a global .htpasswd in server root, or /etc/htpasswd or somewhere? fyi storing .htpasswd files beneath doc root isn't exactly safe... why aren't you pushing new user:password combinations on to it during skeleton generation? even using your structure, why can't you generate the files containing the correct information as part of your setup script? it would be simple in any language ok, 3 things __________________ meh.

28-09-2007, 04:54	#17 (permalink)
stealthcow knocking heads Join Date: Jul 2003 Location: London, UK Posts: 1,914	1) because not all our sites are hosted in the same place and hosting that the client buys seperately often doesnt allow root access 2 & 3) we don't have a script for generating a skeleton (as there's no need for this) - it's simply a collection of files/folders

28-09-2007, 05:54	#18 (permalink)
proc355 Senior Member Join Date: Sep 2006 Location: Glasvegas Posts: 865	1 fair nuff - assumed this was a location controlled by yourselves, and we all know assumption makes... 2/3 that's what a skeleton is... i say tomahtoe... looking @ the docs i don't believe mod_auth can access env vars if it's any consolation it's annoying the fuck out of me now too, haven't dealt much with apache conf nightmares of late ok, you said having the .htaccess & .htpasswd in the same dir doesn't work, am i right saying that? because it works for me Code: proc355@soylentgreen:/var/www/apache2-default $ tree -a . ├── index.html └── protected ├── .htaccess └── .htpasswd 1 directory, 3 files $ cat protected/.htaccess AuthType Basic AuthName "Preview Stage" AuthUserFile .htpasswd Require valid-user $ cat protected/.htpasswd test:ksdr49BajUl0w __________________ meh. Last edited by proc355 : 28-09-2007 at 06:08.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search