* [gentoo-user] htpasswd works only for valid-user
@ 2010-03-08 19:48 Laurent Kappler
2010-03-08 20:02 ` Alan McKinnon
2010-03-08 23:12 ` [gentoo-user] " Mick
0 siblings, 2 replies; 8+ messages in thread
From: Laurent Kappler @ 2010-03-08 19:48 UTC (permalink / raw
To: gentoo-user
Hi
I'm using htpasswd to write the user password form my htaccess.
It works only if I put "require valid-user" not if I put "require
specificuser"
any idea?
thx
Laurent
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [gentoo-user] htpasswd works only for valid-user
2010-03-08 19:48 [gentoo-user] htpasswd works only for valid-user Laurent Kappler
@ 2010-03-08 20:02 ` Alan McKinnon
2010-03-09 2:54 ` [gentoo-user] " Harry Putnam
2010-03-08 23:12 ` [gentoo-user] " Mick
1 sibling, 1 reply; 8+ messages in thread
From: Alan McKinnon @ 2010-03-08 20:02 UTC (permalink / raw
To: gentoo-user
On Monday 08 March 2010 21:48:12 Laurent Kappler wrote:
> Hi
>
> I'm using htpasswd to write the user password form my htaccess.
>
> It works only if I put "require valid-user" not if I put "require
> specificuser"
>
> any idea?
It should work, if everything else is correct. With that in mind,
What do you mean by "doesn't work?" i.e. what exact error is in the logs as
the reason for the failure.
Also, please provide the relevant config for the directory in question?
--
alan dot mckinnon at gmail dot com
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [gentoo-user] htpasswd works only for valid-user
2010-03-08 19:48 [gentoo-user] htpasswd works only for valid-user Laurent Kappler
2010-03-08 20:02 ` Alan McKinnon
@ 2010-03-08 23:12 ` Mick
2010-03-09 15:50 ` Laurent Kappler
` (2 more replies)
1 sibling, 3 replies; 8+ messages in thread
From: Mick @ 2010-03-08 23:12 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: Text/Plain, Size: 520 bytes --]
On Monday 08 March 2010 19:48:12 Laurent Kappler wrote:
> Hi
>
> I'm using htpasswd to write the user password form my htaccess.
>
> It works only if I put "require valid-user" not if I put "require
> specificuser"
>
> any idea?
Have you tried:
AuthType Basic (or Digest)
AuthUserFile /usr/local/apache/passwd/htpasswords
Require user specificuser
Make sure that the path to the htpasswords file is outside your webroot - you
don't want visitors to be able to access it!
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* [gentoo-user] Re: htpasswd works only for valid-user
2010-03-08 20:02 ` Alan McKinnon
@ 2010-03-09 2:54 ` Harry Putnam
0 siblings, 0 replies; 8+ messages in thread
From: Harry Putnam @ 2010-03-09 2:54 UTC (permalink / raw
To: gentoo-user
Alan McKinnon <alan.mckinnon@gmail.com> writes:
> On Monday 08 March 2010 21:48:12 Laurent Kappler wrote:
>> Hi
>>
>> I'm using htpasswd to write the user password form my htaccess.
>>
>> It works only if I put "require valid-user" not if I put "require
>> specificuser"
>>
>> any idea?
>
> It should work, if everything else is correct. With that in mind,
>
>
> What do you mean by "doesn't work?" i.e. what exact error is in the logs as
> the reason for the failure.
>
> Also, please provide the relevant config for the directory in question?
also... what is in .htaccess (with any sensitive data x'ed out)
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [gentoo-user] htpasswd works only for valid-user
2010-03-08 23:12 ` [gentoo-user] " Mick
@ 2010-03-09 15:50 ` Laurent Kappler
2010-03-09 20:14 ` Mick
2010-03-09 15:53 ` Laurent Kappler
2010-03-09 15:55 ` Laurent Kappler
2 siblings, 1 reply; 8+ messages in thread
From: Laurent Kappler @ 2010-03-09 15:50 UTC (permalink / raw
To: gentoo-user
Mick a écrit :
> On Monday 08 March 2010 19:48:12 Laurent Kappler wrote:
>
>> Hi
>>
>> I'm using htpasswd to write the user password form my htaccess.
>>
>> It works only if I put "require valid-user" not if I put "require
>> specificuser"
>>
>> any idea?
>>
>
> Have you tried:
>
> AuthType Basic (or Digest)
> AuthUserFile /usr/local/apache/passwd/htpasswords
> Require user specificuser
>
> Make sure that the path to the htpasswords file is outside your webroot - you
> don't want visitors to be able to access it!
>
I check the log file here is the line:
77.54.124.11 - specificuser [09/Mar/2010:16:46:35 +0100] "GET /admin
HTTP/1.1" 401 472
it does not auth.
My .htaccess:
AuthUserFile /so/secret/path/.htpasswd
AuthGroupFile /dev/null
AuthName "Shoot the password"
AuthType Basic
<Limit GET POST>
require specificuser
</limit>
<FilesMatch "^([_a-z0-9A-Z])+$">
RewriteEngine On
RewriteRule (.*) /admin/index.n
</FilesMatch>
so I shall avoir this <Limit> keyword...? Actually I don't get why just
specify that for GET and POST if someone arrive with a PUT does it mean
it will let it pass??
Laurent
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [gentoo-user] htpasswd works only for valid-user
2010-03-08 23:12 ` [gentoo-user] " Mick
2010-03-09 15:50 ` Laurent Kappler
@ 2010-03-09 15:53 ` Laurent Kappler
2010-03-09 15:55 ` Laurent Kappler
2 siblings, 0 replies; 8+ messages in thread
From: Laurent Kappler @ 2010-03-09 15:53 UTC (permalink / raw
To: gentoo-user
Mick a écrit :
> On Monday 08 March 2010 19:48:12 Laurent Kappler wrote:
>
>> Hi
>>
>> I'm using htpasswd to write the user password form my htaccess.
>>
>> It works only if I put "require valid-user" not if I put "require
>> specificuser"
>>
>> any idea?
>>
>
> Have you tried:
>
> AuthType Basic (or Digest)
> AuthUserFile /usr/local/apache/passwd/htpasswords
> Require user specificuser
>
> Make sure that the path to the htpasswords file is outside your webroot - you
> don't want visitors to be able to access it!
>
it works with require valid-user, like it finds the htpasswd file.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [gentoo-user] htpasswd works only for valid-user
2010-03-08 23:12 ` [gentoo-user] " Mick
2010-03-09 15:50 ` Laurent Kappler
2010-03-09 15:53 ` Laurent Kappler
@ 2010-03-09 15:55 ` Laurent Kappler
2 siblings, 0 replies; 8+ messages in thread
From: Laurent Kappler @ 2010-03-09 15:55 UTC (permalink / raw
To: gentoo-user
Mick a écrit :
> On Monday 08 March 2010 19:48:12 Laurent Kappler wrote:
>
>> Hi
>>
>> I'm using htpasswd to write the user password form my htaccess.
>>
>> It works only if I put "require valid-user" not if I put "require
>> specificuser"
>>
>> any idea?
>>
>
> Have you tried:
>
> AuthType Basic (or Digest)
> AuthUserFile /usr/local/apache/passwd/htpasswords
> Require user specificuser
>
> Make sure that the path to the htpasswords file is outside your webroot - you
> don't want visitors to be able to access it!
>
;) ok got it
it was Require user not Require user.
Still my question about Limit GET POST ... it seems risky...
thank you!!
Laurent
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [gentoo-user] htpasswd works only for valid-user
2010-03-09 15:50 ` Laurent Kappler
@ 2010-03-09 20:14 ` Mick
0 siblings, 0 replies; 8+ messages in thread
From: Mick @ 2010-03-09 20:14 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: Text/Plain, Size: 1915 bytes --]
On Tuesday 09 March 2010 15:50:11 Laurent Kappler wrote:
> Mick a écrit :
> > On Monday 08 March 2010 19:48:12 Laurent Kappler wrote:
> >> Hi
> >>
> >> I'm using htpasswd to write the user password form my htaccess.
> >>
> >> It works only if I put "require valid-user" not if I put "require
> >> specificuser"
> >>
> >> any idea?
> >
> > Have you tried:
> >
> > AuthType Basic (or Digest)
> > AuthUserFile /usr/local/apache/passwd/htpasswords
> > Require user specificuser
> >
> > Make sure that the path to the htpasswords file is outside your webroot -
> > you don't want visitors to be able to access it!
>
> I check the log file here is the line:
> 77.54.124.11 - specificuser [09/Mar/2010:16:46:35 +0100] "GET /admin
> HTTP/1.1" 401 472
>
> it does not auth.
> My .htaccess:
>
> AuthUserFile /so/secret/path/.htpasswd
> AuthGroupFile /dev/null
> AuthName "Shoot the password"
> AuthType Basic
> <Limit GET POST>
> require specificuser
> </limit>
>
> <FilesMatch "^([_a-z0-9A-Z])+$">
> RewriteEngine On
> RewriteRule (.*) /admin/index.n
> </FilesMatch>
>
> so I shall avoir this <Limit> keyword...? Actually I don't get why just
> specify that for GET and POST if someone arrive with a PUT does it mean
> it will let it pass??
Well, as I said you need to add type "user" after "Require" and before the
name of the user, in your case specificuser:
Required user specificuser
Now, as the manual tells you the <Limit GET POST> means that the
authentication mechanism applies only for GET POST requests sent to the
server. It does not apply for any other type of requests. PUT, DELETE, COPY,
etc will be allowed to get through. Instead you may want to limit access on
part or all of the fs of your site; e.g.
<Location /htdocs/my_website>
Require user specificuser
</Location>
HTH.
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2010-03-09 20:15 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-03-08 19:48 [gentoo-user] htpasswd works only for valid-user Laurent Kappler
2010-03-08 20:02 ` Alan McKinnon
2010-03-09 2:54 ` [gentoo-user] " Harry Putnam
2010-03-08 23:12 ` [gentoo-user] " Mick
2010-03-09 15:50 ` Laurent Kappler
2010-03-09 20:14 ` Mick
2010-03-09 15:53 ` Laurent Kappler
2010-03-09 15:55 ` Laurent Kappler
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox