Fog Creek Software
Discussion Board

htaccess and Apache problem

OK, so I wanted to protect a certain part of my site from outside snooping and I set up .htaccess with some user names and passwords. Sounds good so far?

The hitch I'm facing is with the authentication. When I type in, up pops a user name and pwd prompt. So I type it in.

You'd think at this point, I could see the page. But noooo! The prompt comes up again. Once again, I did the needful. It pops up a third time. Only after I enter my uid and pwd three times does it let me see the page.

No, I didn't goof up when entering the uid and pwd. I tested it many times.

So what's up doc?

Neanderthal man
Monday, August 9, 2004

after 3 attempts you get in?  That seems very strange.  It should fail or succeed, not a little of each.

I was going to say your .htaccess file probably isn't set up properly, but since it sometimes works, I'd guess that you have something misconfigured in apache.  Try removing the .htaccess and .htpasswd files, reverting to your backed up last good httpd.conf, and then re-applying your changes, re-creating the files.

I can't imagine what lesser things you could try, with results like that...

Monday, August 9, 2004

sounds like you typed in the right combination the third time.

Seriously, I've used .htaccess on linux/unix boxes with apache going back 8 years now and I've never encountered this except where I've typed the wrong combo.

Monday, August 9, 2004

Yeah, probably typed it wrong.

Other potential issues are hard links to images.

etc. will have to authenticate before the image will load.
Monday, August 9, 2004

I've encountered something like this recently on an experimental site I'm prototyping. I haven't fully determined the cause, but I think it occurs because I'm redirecting certain things, and authentication gets triggered each time.

So, for example, if you type in it pops up the auth prompt... when you pass, it redirects to or some such, which causes it to pop up the auth prompt again.

Not sure if this is the problem you're facing, but if it turns out to provide a clue I'd love to know what you find out...

John C.
Monday, August 9, 2004

MarkTAW's post implies that if redirects to this will force another login ... and, I suppose, that the better thing to do is to redirect to ./cgi-bin/gen/1

Christopher Wells
Monday, August 9, 2004

CW -

No, I don't think so, not quite.  Your example involves a redirection between directories in the same domain.  Mark's involves redirection between two technically distinct domains.  Apache may serve them both up from the same virtual host, but to the browser they are distinctly different.  Not so in your case.  The former would force a new login, but not I think the latter.

Monday, August 9, 2004

I'm with MarkTAW on this one.

another thing that troubles is that you say you have set up usernames and passwords (plural)

Say you have a structure

All you need is one .htaccess file in the /public_html folder and all the child folders are protected too.

You do not need a seperate one for each folder, which is what you might have done too.

Tuesday, August 10, 2004

I'm a Unix newbie, so I just used CPanel to do all this shit man.

Neanderthal man
Tuesday, August 10, 2004

make sure you dont have images in another directory

Tuesday, August 10, 2004

Dude, unless you are totally new to computers, and do not understand
- file structures
- creating files
- ftp or some other file transfer method

.htaccess is extremely easy. Half an hour with these pages and you are in business.

Even if you do not have access to a shell, you can still create password files online

Tuesday, August 10, 2004

What I'm saying is if

looks like this:

<html><head><body><img src=></body></html>

it will authenticate you once for loading index.htm and a second time for loading image.gif because it's on a seperate domain and must authenticate you again for the new domain.

It's a long shot, but plausible.
Tuesday, August 10, 2004

*  Recent Topics

*  Fog Creek Home