Re: htaccess authentification on SSL

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: keith smith
Date:  
To: Main PLUG discussion list
Subject: Re: htaccess authentification on SSL
Thank you for your help.

I've added it to the virtual host definition and it will not even ask for a password. 

I was looking in the ssl_errors file, however I find nothing.

How can I troubleshoot this?  I want to get basic auth working first.  (auth works using a .htaccess file)

I've inserted the following into the vhost.

Directory /home/user-name/public_html/directory-name-to-secure/>
  AuthType Basic
  AuthName "Restricted"
  AuthUserFile /path/to/htaccess/password/file (it is outside the doc root)
  Require user user-name-in-the-htaccess-password-file-listed-above
</Directory>


This is on a CentOS 6.x server.

Thank you for your insight!!

 
------------------------
Keith Smith



On Monday, January 13, 2014 7:13 PM, Matt Graham <> wrote:

On 2014-01-13 18:29, keith smith wrote:
> RewriteEngine On
> RewriteCond %{SERVER_PORT} 80
> RewriteCond %{REQUEST_URI} folder
> RewriteRule ^(.*)$ https://www.domain.tld/folder/$1 [R,L]
>
> AuthUserFile /path/to/password/file/.htpasswd_file
> AuthType Basic
> AuthName "Log in Please"
> require user username
>
> It allows me to authenticate, however sometimes it is HTTP and other
> times it is HTTPS.


Is this in a vhost?  I would think you'd be better off putting all of
this into a <Directory> in a config file, not a .htwhatever file if you
can swing that.  Anyway, the following worked a tiny bit bit better for
me than the things you had:

# NOTE:  You'll have to alter the paths for your setup
<Directory /var/www/localhost/htdocs/folder>
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://crow202.org/folder/$1 [R=301,L]

AuthUserFile /var/www/localhost/htdocs/folder/.htpassword

AuthType Basic
AuthName "Log in Please"
Require user testuser
</Directory>
# end config file fragment

...you can see what this does if you go to http://crow202.org/folder/
(username testuser , password testpass).  It might have flaws or
problems that I don't know about, since I have no idea about the rest of
your apache setup.  AFAICT, though, it gets rid of the "I have to log in
via HTTP-Auth Basic twice, once over 80, once over 443" problem.

--
Crow202 Blog: http://crow202.org/wordpress
There is no Darkness in Eternity
But only Light too dim for us to see.
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss