protected directory

[swebs]

I cant seem to get directories to be protected.

I've tried both using the CP and manually creating the .htaccess/.htpasswd files.

When I try in the control panel it acts as thought its not protected at all.

when I manually create the .htaccess/.htpasswd files I get an Authorization Error and it never even prompts me for a login/passwd.

This is 7.5.2 on linux.

I'm totally stuck. Anyone have any ideas?

Thanks in advance.

 

[serve-you.net]

Which directory are you trying to protect? If it's the docroot of a domain, I believe plesk is still unable to protect it. Creating an .htaccess file should work though.

 

[swebs]

I have an "admin" directory under the httpdocs directory that I am trying to password protect.

Neither the plesk "protected directories" or the .htaccess seem to be working.

very frustrating.

I know that mod_access is working because if I try and secure it by IP it seems to work but when I try and point it to a AuthUserFile I think that is where it is failing.

 

[serve-you.net]

For the manual way:
Where is the authfile being stored, and what are the contents of your .htaccess? And what method are you using for creating the user/pass file?

For the plesk way:
Have make sure there isn't an .htaccess file in the dir when you try to protect it. Also, you may wanna try and give apache a kick in the *** and restart it.

 

[swebs]

I created a new directory "test" and only put an index.html file in it. Then tried protecting it using the control panel. It still acts as though it is not protected. So I restarted apache and still the same.

As for using htaccess, here is what I have:
AuthType Basic
AuthName "Admin Area"
AuthUserFile /home/httpd/vhosts/shaare.org/httpdocs/admin/.htpasswd
AuthGroupFile /dev/null
<Limit GET POST>
require valid-user
</Limit>

and for the htpasswd I used the following to create it in the above listed directory:
htpasswd -c .htpasswd adam

thanks

 

[serve-you.net]

AuthGroupFile /dev/null

What's that all about?

 

[swebs]

I dont have a group file. I've always used the same thing and never had a problem.

I'd be happy to try and suggests.

I'm very curious to know why the protected directories are not working from the control panel too.

 

[serve-you.net]

Check the permissions on the pd directory. Should look like:
drwxr-x--- 2 root psaserv 4096 May 16 15:18 pd/

Check in it, does it actually create the passwd file?

Make sure you aren't making the mistake of making an ssl protected directory for a non ssl dir.

Check the httpd.include file for the domain. Is the comment being added to it?

<Directory "/home/httpd/vhosts/domain.name/httpdocs/test">
AuthType Basic
AuthName "admin"
AuthUserFile /home/httpd/vhosts/domain.name/pd/d..test
require valid-user
</Directory>

 

[swebs]

is the box in the CP that asks for the path an absolute path or relative to some home?

I've tried both and neither work so Im curious.

Someone must have this same problem.

 

[serve-you.net]

It is relative to http(s)docs:
/test

 

[swebs]

still no go..

even bounced apache.

This sucks..

gotta be something I can do to secure directories.

Any other ideas/tests?

 

[swebs]

checked the /pd dir and yes the password file is being created.

Checked the httpd.include and the correct directory info is being added and points correctly to the password file in the pd dir

Here is the error I get when I hit the page now:

Authorization Required

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

I restarted apache, restarted my PC, tried with both IE and Firefox.

keep the good ideas coming.

 

[serve-you.net]

Well, a 403 is good cuz it means apache's checking for auth. But you aren't getting a prompt at all? You can PM me the link if you wanna rule out lame browser caching and such.

What are the contents of the directory you are protecting? Have you tried deleting it(the directory), and recreating it?

 

[swebs]

well the test with the new directory called test didnt seem to work so I didnt figure removing and recreating it would do anything.

the contents under the directory is just an admin controls for the customers ecommerse site.

I tried on a few computers here to rule out the cacheing.

I agree that is some permissions issue but I just cant seem to figure out what it would be.

 

[serve-you.net]

Unfortunately (as expected) it's no go for me either. What are the permissions on the directory (both owner/group & modes)? how bout the files in it?

 

[swebs]

ok are we trying to get it to work with plesk that modifies the httpd.include or with the standard .htacess/.htpasswd files.

all the files in the directory are owned my the site ower and group psacln

as for permissions:

I've tried all different ones with .htaccess
to no avail

 

[serve-you.net]

Plesk.

 

[swebs]

ok its has to do something with .htpasswd and apache.

apache must not be processing the .htpasswd

Its processing the .htaccess but then will not process the .htpasswd file.

top level :
drwxr-x--- 2 root psaserv 27 Jul 7 19:35 pd

pd :
-r-------- 1 apache apache 44 Jul 7 19:35 d..store@admin

 

[serve-you.net]

What's with the weird name?

d..store@admin

 

[serve-you.net]

nevermind... i see i have some like that too.
permissions look fine there. what i meant was the /admin dir.