I am getting frustrated trying to debug basic authentication using .htaccess. I have AllowOverride set to All in the '/' directory level of the config file. I also have the logging level set to debug. When I try to access what should be a restricted file, no authentication dialogue comes up and the page is displayed. The main problem at this point is there is nothing extra in the access_log that indicates debug level logging. I have nowhere to look to debug the problem. Can someone help me get debugging working? TIA. I'm running 2.2.14 on Mandriva 2010.0
post your .htaccess? as for debugging .... set LogLevel debug when debugging authentication. This will log all the LDAP connection events and the LDAP attributes requested. Authenticating with Microsoft Active directory using Microsoft's "Unix services for Windows": AuthLDAPURL ldap://ldap.your-domain.com:389/ou=Employees,ou=Accounts,dc=sos,dc=com?sAMAccountName?sub Also note that encrypted connections will use the URL prefix "ldaps://" and the added directives: * LDAPTrustedCA directory-path/filename * LDAPTrustedCAType type Where the "type" is one of: o DER_FILE: file in binary DER format o BASE64_FILE: file in Base64 format o CERT7_DB_PATH: Netscape certificate database file Restart Apache after editing the configuration file: service httpd restart for configuration changes to take effect. See /var/log/httpd/error_log for configuration errors. (not access log)
Thanks for the reply. Here is my .htaccess: IndexIgnore */* <Files admin.php,prodedit.php,prodinput.php,phpinit.php> AuthType Basic AuthName "Please log in" AuthUserFile /var/www/passwords Require user administrator </files> Code (markup): Sorry I was not clear but logging level is already set to debug but it does not seem to do anything. There are no config errors in error_log.
instead of this IndexIgnore line, you probably want Options -Indexes this will prevent files from showing in a directory listing when no index.html is present I dont think you want this <files stuff if you are just trying to prevent unauthorized access, then add the following .htaccess Options -Indexes AuthType Basic AuthName "Members Only" AuthUserFile /path/2/folder/best/if/not/in/web/root/.htpasswd require valid-user now you just need to make a .htpasswd file to store the user/password //you can do groups also but i think not needed here to create a htpasswd file from command line .htpasswd you'll be prompted for a password, enter and confirm try to login using these created credentials
if you really need filematch try something like this <FilesMatch "^(admin|staff)\.php$"> AuthName "Dialog prompt" AuthType Basic AuthUserFile /home/username/.htpasswd Require valid-user </FilesMatch>
Thanks again. Here is my new .htaccess as I understood you. I do want only the specific files mentioned protected in this directory but the pattern match will work. Options -Indexes <FilesMatch "^admin|prod\.php$"> AuthType Basic AuthName "Please log in" AuthUserFile /var/www/passwords Require valid-user </FilesMatch> Code (markup): All the other stuff was already done but these changes did not help and debug is still not working. The only other thing I can think of is permissions on the 'passwords' file: However, if that was the problem wouldn't I see an error in the log? Also note, if it matters, there will be only 1 valid user. I have AuthMySQL working with no problems but I thought this would be simpler for this particular directory.
have you made sure .htaccess is working? put some eronous commands in .htaccess and if your server doesnt error, its not processing .htaccess
Indeed. I had a suspicion that was the case which is why I wanted debug working. However, with the bad parameter, the error_log is still silent. Obviously it is not processing the .htaccess file as you suspected. Now the question becomes why? Perhaps it is the same reason debugging is not working but if there was an error in the config file with either of these wouldn't apache fail to start and generate an error?
Got it, thanks! I thought the Allowoverride within the directory tag for the root level took precedence. I found another Allowoverride None by itself in the middle of the file which apparently overrode the first one. When I changed that to All, things started working.