Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

password protect folders

Status
Not open for further replies.
maxtan

maxtan

Technical User
Joined
Jul 7, 2002
Messages
8
Location
US
I just installed apache for windows but having problems password protecting the folder. I put the .htaccess in one of my folders and then go and run the htpasswd command from the dos prompt... htpasswd -c c:\.htpasswd rob passwordrob

i get the microsoft send report error... then i restarted apache. i go to check the protected folder and the folder doesn't appear, it vanished. then I remove .htaccess from it and it appears again.

my issue is concerning the error report..you know the one that has options to debug, send report or don't.

i have yet to solve this problem. any help would be appreciated. and I also followed the steps posted up by wullie.
 
Sort by date Sort by votes
A few more details, please.

"I put the .htaccess in one of my folders and then go and run the htpasswd command from the dos prompt... htpasswd -c c:\.htpasswd rob passwordrob

i get the microsoft send report error... "

Did you run the htpasswd command from its directory, or from a root directory which doesn't allow it to execute? I had to open a cmd window and change the prompt to the folder that contains htpasswd.exe in order to run the command.

"i go to check the protected folder and the folder doesn't appear, it vanished. then I remove .htaccess from it and it appears again."

The folder doesn't appear in your browser, or in Windows Explorer? If the former, then maybe your httpd.conf has permissions too restrictive.

It's easy to make a setup mistake, but we can get you working with more details. Wullie got my password protection up and running, and I'm a rank amateur.

Newposter
"Good judgment comes from experience. Experience comes from bad judgment."
 
Upvote 0 Downvote
I put the .htaccess file in the directory that i want protected then i open a dos prompt and cd to the directory where htpasswd.exe is. I created .htpasswd and put in c:I run the htpasswd.exe like this ... htpasswd -c c:\.htpasswd rob. before it asks for me to input password the microsoft error report comes up.
 
Upvote 0 Downvote
Just for the heck of it, leave out the destination path and type htpasswd -c .htpasswd rob and then fill out the password, then move the file to the protected directory using Windows Explorer. Seems to me I had a problem when specifying the whole destination path of the .htpasswd file once. Newposter
"Good judgment comes from experience. Experience comes from bad judgment."
 
Upvote 0 Downvote
hey, i got it working but now whenever i want to create another account it overwrites the previous one. I use the htpasswd -c d:\.htpasswd rob ...prompts for password. then if i want to create another user htpasswd -c d:\.htpasswd joe ...it overwrites the rob account in the .htpasswd. what is going on here??
 
Upvote 0 Downvote
The -c option is a software switch that creates a new .htpasswd file, not a new user. So use the "htpasswd -c d:\.htpasswd rob" to create a new password file, then for additional accounts remove the -c (in other words, for new user jane the command would be: htpasswd d:\.htpasswd jane). Newposter
"Good judgment comes from experience. Experience comes from bad judgment."
 
Upvote 0 Downvote
Additionally, since you're not using the option of encrypting the password in the .htpasswd file, you can simply add, edit or delete users by using a text editor for the .htpasswd file. The format of the file contents is:

rob:password1
joe:password2
jane:password3

There is a software switch you can use with the htpasswd.exe to encrypt the passwords, which is always a good idea. At the DOS prompt, just type htpasswd to see a list of software switch options. Newposter
"Good judgment comes from experience. Experience comes from bad judgment."
 
Upvote 0 Downvote
thanks...i got it..now, i have another issue which i can't seem to figure out.. i put the .htaccess in the directory i wanna password protect. but when i go to the site. that directory that is protected is gone. the other directories that aren't password protected are showing...whats going on? I think i'm suppose to see the password protected directory still.
 
Upvote 0 Downvote
You should get a dialog box prompting for Username and Password if all is well.

Check your .htaccess to make sure it's in this format:

AuthUserFile "D:/AuthGroupFile /null
AuthName "Restricted Area"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

where D:/ is the directory in question.

Also check that your httpd.conf file has sections set as follows:

# This controls which options the .htaccess files in directories can
# override. Can also be &quot;All&quot;, or any combination of &quot;Options&quot;, &quot;FileInfo&quot;,
# &quot;AuthConfig&quot;, and &quot;Limit&quot;
#
AllowOverride Authconfig

#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>

# AccessFileName: The name of the file to look for in each directory
# for access control information.
#
AccessFileName .htaccess

If you have this set to &quot;Deny from all&quot;, no one can get in, with or without password. Allow from all lets everyone in *subject to the restrictions of the .htaccess file*. Newposter
&quot;Good judgment comes from experience. Experience comes from bad judgment.&quot;
 
Upvote 0 Downvote
# This controls which options the .htaccess files in directories can
# override. Can also be &quot;All&quot;, or any combination of &quot;Options&quot;, &quot;FileInfo&quot;,
# &quot;AuthConfig&quot;, and &quot;Limit&quot;
#
AllowOverride Authconfig

#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>

# AccessFileName: The name of the file to look for in each directory
# for access control information.
#
AccessFileName .htaccess

If you have this set to &quot;Deny from all&quot;, no one can get in, with or without password. Allow from all lets everyone in *subject to the restrictions of the .htaccess file*.

I have all of those things done ... I'm still not able to see the folder. For example let's say my site is
I would have 3 folders in this site... stuff, games, music
I put the .htaccess file in the music directory.
okay, so now i go to the site but the only folders i see
are stuff and games. music ISN'T there...i have to append music to the end of the url to go there and it is password protected. I'm saying is..aren't i suppose to see the music directory regardless??
 
Upvote 0 Downvote
OK, so the index.html page for your site is a default that only lists the directories? And the password-protected one disappears from the list when activated? But if you manually type the path to that directory the dialog box does appear and the password works?

I've never tried that, to see if having a password-protection on a directory hides it in an index file. I suppose it would, and is a good thing in general. What you could do for convenience is place a hyperlink to that directory on your index page to click on, which would bring up the dialog box for login. Newposter
&quot;Good judgment comes from experience. Experience comes from bad judgment.&quot;
 
Upvote 0 Downvote
i moved the rootdirectory to point to another directory other than the default location c: &quot; &quot;/ &quot;&quot;/ &quot; /&quot;htdocs
I moved to d:
I suppose this good security for that protected site, however; i would still like to view that folder even if it is password protected. why is that password protected folder disappearing??
 
Upvote 0 Downvote
Hello,

I've got a problem with user authentication. I've makewith htpasswd a [assword file. Now I've made a .htaccess file with the following
content:

AuthName &quot;restricted&quot;
AuthType Basic
AuthUserFile /etc/httpd/users

I'm sure that the pad to the password file (users) is allright.
It's in an intranet with apache 1.3 and Red Hat Linux 7.1.

When I go to the site root I can view the site without a password. I've put the .htaccess file in the site root after that I've tryied
the folder with the html documents too, all no result.

I hope that someone can tell me what I do wrong.

Thanks,

Marcel
 
Upvote 0 Downvote
AuthUserFile /etc/httpd/users should be
AuthUserFile /etc/httpd/users/.htpasswd or whatever you named the password file itself. You are pointing to the directory instead of the password file. Place the .htaccess file in the directory you want to protect, and have it point to the password file.

After you fix this, Restart Apache and try again to see if it works. Newposter
&quot;Good judgment comes from experience. Experience comes from bad judgment.&quot;
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tyutghf
  • Locked
  • Question Question
htaccess password protect website
Replies
1
Views
322
feherke
feherke
Argonto
  • Locked
  • Question Question
2 Server Load Balancing and Fail-over Protection (Windows 2008 w/ xampp Apache)
Replies
2
Views
483
vacunita
vacunita
scon44
  • Locked
  • Question Question
SSH password less
Replies
4
Views
366
AIXLogician
AIXLogician
SpenceWaller
  • Locked
  • Question Question
Samba LDAP Domain - Password Expiry
Replies
0
Views
239
SpenceWaller
SpenceWaller
kepetersen
  • Locked
  • Question Question
tsc password locked
Replies
0
Views
170
kepetersen
kepetersen

Part and Inventory Search

Sponsor

Back
Top