[lug] Web server authentication issue

Carl Wagner carl.wagner1 at gmail.com
Thu Aug 23 16:50:22 MDT 2012


I am trying to password protect a web site with a .htaccess file.  I am 
running on CentOS 6.2.

With the attached .htaccess file, when I try to go to the site, it askes 
for a username and password, which is normal, but then it rewrites the 
URL and then asks for the username and password again before letting me in.

I acquired the .htaccess file from someone else and am not sure how the 
rewrite stuff works.
Any ideas on how to fix this would be appreciated.

Also I have read that you should not use a .htaccess file unless you 
don't have permission to modify the standard Apache config file.  I do 
have permission to modify any file on the system.  What is the best way 
to merge the .htaccess file with /etc/httpd/conf/httpd.conf file?

If you see any other glaring errors it would be great if you could point 
them out.


============== .htaccess file ========================
# Options +FollowSymLinks
RewriteEngine on

# disable directory browsing
# IndexIgnore */*

# Set default pages for site
DirectoryIndex index.php index.html

# Enable Sessions
#php_value session.gc_probability 1
#php_value session.gc_divisor 100
#php_value session.gc_maxlifetime 3600
#php_value session.save_path "path/to/sessions/folder"

# Set Error Logging
#php_value display_errors 1
#php_value error_reporting 22527

# Set paths to the other repos not under the web root
#php_value include_path 

# Set Apache Compression for Text Based Content Types.  Avoid 
Compression For Problematic Browsers.
AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css 
application/xml application/xhtml+xml application/rss+xml 
application/javascript application/x-javascript application/json
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

# SEF URLs for services
RewriteRule .* - [env=REWRITE_ON:1]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^services/(.*)$ /services/index.php?do=$1 [L]

# SEF URLs for web
RewriteRule .* - [env=REWRITE_ON:1]
RewriteBase /
RewriteRule css(.*)$ css$1 [L]
RewriteRule images(.*)$ images$1 [L]
RewriteRule js(.*)$ js$1 [L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?do=$1 [L]

AuthType Basic
AuthName "Secure Area"
AuthUserFile /var/passwd/.htpasswd
Require valid-user

====== httpd.conf ===
This is a rather large file, so here are the differences from the 
standard CentOS file.

$ diff httpd.conf httpd.conf_default
< ServerName carl.home.com:80
 > #ServerName www.example.com:80
<     # AllowOverride None
<     AllowOverride FileInfo AuthConfig Limit Indexes
 >     AllowOverride None
<     # Order allow,deny
<     Order deny,allow
 >     Order allow,deny
< # DirectoryIndex index.html index.html.var
< DirectoryIndex index.html index.php
 > DirectoryIndex index.html index.html.var
< AddType application/x-httpd-php .php

More information about the LUG mailing list