httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ben Yau" <>
Subject [users@httpd] Apache/Redhat Simple AuthType Basic not working :( help please
Date Fri, 02 Jan 2004 22:06:44 GMT
Hi all.

Happy New Year everybody.

I'm really having problems with this and I can't figure it out.

The problem is that apache seems to be ignoring any of the authentication
setup i've put in for a new virtual host.  The pages are freely available to
anyone who goes to the URL.  The error logs and access logs reflect this.
No errors, and access entries show regular web page serving.

I went through the tutorial (
and the apache manual (html version downlaoded to my computer) just to make
sure I wasn't missing anything and still having problems.  I'm sure I've
overlooked something obvious so hopefully someone can help me out. (at least
I'm hoping it's something obvious that i've overlooked)

We're running Redhat 8.x, Apache2.0.48.

The httpd.conf file is quite convoluted (legacy, and this is where I think
i'm overlooking something). There are several virtualhost entries  and the
problem I'm having is wiht a new Virtualhost for accessing reports of
webstats for a specific site.

There is an AllowOverride None in the main config area (before all the
Virtual hosts directives) in a <Directory /> directive .  From what I
remember and what I read in one of the tutorials or manuals that means that
the .htaccess file is completely ignored which is why I'm doing everything
in the VirtualHost directive to be safe.  (is this correct?)

Here is my Virtualhost entry:

DocumentRoot            /home/www/
DirectoryIndex          index.html
Alias /awstatsjs "/usr/local/awstats/wwwroot/js/"
Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"
Alias /awstatscss "/usr/local/awstats/wwwroot/css"
Alias /awstatsicons "/usr/local/awstats/wwwroot/icon"
<Directory />
AuthType Basic
AuthName "ReportsAutoRebates"
AuthUserFile /home/www/
Require valid-user

I've also tried

Require user byau

as well (my test username) with no luck.
I created the password file using

# htpasswd -c /home/www/ byau

I've stopped and restarted the server every time I've changed anything.
I've also stopped and restarted my browser (IE on WinXP) and deleted temp
browser files in case I was already auth for that dir and for that reason
was skipping future auth.  Also accessed the pages using lynx on localhost
and still no auth required. There are no errors.  only entries in access
just like normal web page serving

It's worth mentioning that there is a virtual host that uses /home/www as
its documentroot that has its own auth configs.  These do work by the way.
When I close/repoen browser and attepmt to go to the reports website in
/home/www/, there is no auth asked for  at all so I
don't think it is that I have already somehow been validated into /home/www
and am now being validated into /home/www/  Is it
possible that configurations for /home/www i affecting configs for
/home/www/ even though they are in different
<Virtualhost> directives?

Here is the first <Virtualhost> entry:

CauchoConfigFile        /usr/local/resin/conf/escrip.conf
DirectoryIndex  index.html index.htm index.jsp index.HTM /error/404.html
ScriptAlias     /cgi-bin/ /home/www/escripinc_pub/cgi-bin/
Alias   /dev/ /home/www/dev/escripinc_pub/
DocumentRoot    /home/www/escripinc_pub/

<Directory />

AuthType Basic
AuthName "Escrip Staging"
AuthUserFile /home/www/.esipasswd
AuthGroupFile /dev/null
Require valid-user


And here is the config stuff before the first <Virtualhost>.  I took out all
the things that didn' tlook relevant (like Add* and BrowserMatch* and things
like that)

User nobody
Group nobody
ServerName tarpon.internal.cci
UseCanonicalName Off
DocumentRoot "/usr/local/apache2.0.48/htdocs"
<Directory />
    Options FollowSymLinks
    AllowOverride None
AccessFileName .htaccess
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
TypesConfig conf/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
    MIMEMagicFile conf/magic
HostnameLookups Off

Thanks anybody for any ideas on where I can look.  At this point I'm just
trying random things out to see if anything works.  I realize there are
other issues to solve (such as not putting the AuthUserFile in same dir as
DocumentRoot).  That's the legacy they are using on the test server that
I'll talk to him about later.  All I need to do right now is just get the
username/password working for this virtual host.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message