Fog Creek Software
Discussion Board




htaccess and Apache problem

OK, so I wanted to protect a certain part of my site from outside snooping and I set up .htaccess with some user names and passwords. Sounds good so far?

The hitch I'm facing is with the authentication. When I type in http://mysite.com/secretfolder, up pops a user name and pwd prompt. So I type it in.

You'd think at this point, I could see the page. But noooo! The prompt comes up again. Once again, I did the needful. It pops up a third time. Only after I enter my uid and pwd three times does it let me see the page.

No, I didn't goof up when entering the uid and pwd. I tested it many times.

So what's up doc?

Neanderthal man
Monday, August 09, 2004

after 3 attempts you get in?  That seems very strange.  It should fail or succeed, not a little of each.

I was going to say your .htaccess file probably isn't set up properly, but since it sometimes works, I'd guess that you have something misconfigured in apache.  Try removing the .htaccess and .htpasswd files, reverting to your backed up last good httpd.conf, and then re-applying your changes, re-creating the files.

I can't imagine what lesser things you could try, with results like that...

muppet
Monday, August 09, 2004

sounds like you typed in the right combination the third time.

Seriously, I've used .htaccess on linux/unix boxes with apache going back 8 years now and I've never encountered this except where I've typed the wrong combo.

me
Monday, August 09, 2004

Yeah, probably typed it wrong.

Other potential issues are hard links to images.

http://www.domain.com

http://domain.com

etc. will have to authenticate before the image will load.

www.MarkTAW.com
Monday, August 09, 2004

I've encountered something like this recently on an experimental site I'm prototyping. I haven't fully determined the cause, but I think it occurs because I'm redirecting certain things, and authentication gets triggered each time.

So, for example, if you type in http://experiment.mysite.com/ it pops up the auth prompt... when you pass, it redirects to http://experiment.mysite.com/cgi-bin/gen/1 or some such, which causes it to pop up the auth prompt again.

Not sure if this is the problem you're facing, but if it turns out to provide a clue I'd love to know what you find out...

John C.
Monday, August 09, 2004

MarkTAW's post implies that if http://experiment.mysite.com/ redirects to http://experiment.mysite.com/cgi-bin/gen/1 this will force another login ... and, I suppose, that the better thing to do is to redirect to ./cgi-bin/gen/1

Christopher Wells
Monday, August 09, 2004

CW -

No, I don't think so, not quite.  Your example involves a redirection between directories in the same domain.  Mark's involves redirection between two technically distinct domains.  Apache may serve them both up from the same virtual host, but to the browser they are distinctly different.  Not so in your case.  The former would force a new login, but not I think the latter.

muppet
Monday, August 09, 2004

I'm with MarkTAW on this one.

another thing that troubles is that you say you have set up usernames and passwords (plural)

Say you have a structure
/public_html
/public_html/images
/public_html/cgi-bin
/public_html/some/other/data/store

All you need is one .htaccess file in the /public_html folder and all the child folders are protected too.

You do not need a seperate one for each folder, which is what you might have done too.

Tapiwa
Tuesday, August 10, 2004

I'm a Unix newbie, so I just used CPanel to do all this shit man.

Neanderthal man
Tuesday, August 10, 2004

make sure you dont have images in another directory

moseswhitecotton
Tuesday, August 10, 2004

Dude, unless you are totally new to computers, and do not understand
- file structures
- creating files
- ftp or some other file transfer method

.htaccess is extremely easy. Half an hour with these pages and you are in business.

http://www.ssi-developer.net/htaccess/htaccess_protection_simple.shtml
http://www.freewebmasterhelp.com/tutorials/htaccess/
http://www.usask.ca/its/courses/cai/htaccess/introduction.html
http://www.javascriptkit.com/howto/htaccess.shtml

Even if you do not have access to a shell, you can still create password files online
http://www.euronet.nl/~arnow/htpasswd/

Tapiwa
Tuesday, August 10, 2004

What I'm saying is if

http://www.domain.com/protecteddirectory/index.htm

looks like this:

<html><head><body><img src=http://domain.com/protedteddirectory/image.gif></body></html>

it will authenticate you once for loading index.htm and a second time for loading image.gif because it's on a seperate domain and must authenticate you again for the new domain.

It's a long shot, but plausible.

www.MarkTAW.com
Tuesday, August 10, 2004

*  Recent Topics

*  Fog Creek Home