Verify your server will allow .htaccess file overrides: # locate httpd.conf # vi /etc/httpd/conf/httpd.conf (or whereever it is) 1) Directory Find your section with the tag and add "AllowOverride All" Options FollowSymLinks AllowOverride All Refs: http://httpd.apache.org/docs/1.3/mod/core.html#allowoverride http://www.sitedeveloper.ws/tutorials/htaccess.htm 2) Security Should be fine, but check out this post: http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/ 3) Restart # apachectl restart On Fri, Jul 3, 2009 at 7:12 PM, Jim March <1.jim.march@gmail.com> wrote: > Sigh. OK, I've got all the IP/router stuff done. Kewl. Now to give > it some password security! > > First thing I tried was the security settings within Zoneminder. > Looked good, got to where login was needed for user "admin" on a > password I set, cool, except couldn't see any images anymore - local > or remote. Checked the security restrictions on user "admin", it's > supposed to have all possible rights per the ZM management screens. > WTF? Turn off login security in ZM and sure enough, I can see my > cameras again. > > God. Dammit. > > Well by now I'm convinced that ZM is buggier than an ant farm anyways, > so to heck with it, this thing is running Apache, I oughta be able to > control it there, right? > > Heh. > > I ask about it on TFUG and Matt was kind enough to provide a link to a > decent-looking tutorial on Apache security: > > On Fri, Jul 3, 2009 at 4:57 PM, Matt Jacob wrote: > > If you're running Apache as your web server, it's fairly trivial to > > set up HTTP Basic Authentication: > > > > http://httpd.apache.org/docs/2.2/howto/auth.html > > > > Matt > > Ehhhh...it ain't working. > > Hmmmm. So let's go over what I did, see if I blew it? (Given I've > never run the back-end to a website EVER, not unlikely...) > > OK, here's exactly what I did: > > 1) I figured out where my web-stuff was sitting (including index.html): > /var/www > > 2) I put a file there name of .htaccess containing: > > --- > AuthType Basic > AuthName "Restricted Files" > # (Following line optional) > AuthBasicProvider file > AuthUserFile /usr/local/apache/passwd/passwords > Require user zmuser > --- > > 3) I made sure the directory /usr/local/apache/passwd/passwords > existed with everybody-can-read-it permissions (only root can write). > > 4) I ran the command: > > sudo htpasswd -c /usr/local/apache/passwd/passwords zmuser > > ...and gave it a password DIFFERENT from the user login password (user > is logging into XUbuntu as zmuser and passwords are NOT default). > > And...shouldn't that have done it? Yet it acts like there's still no > security at all. > > There's directories under /var/www that contain data being served - > should I copy that .htaccess file down into them? > > Note that I don't need separate user access levels for multiple > users...there's just the shop owner going to use this. > > Thanks! > > Jim > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- (503)754-4452 wiki.obnosis.com scientology.obnosis.com