[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] using htaccess to limit access to an IP
- Subject: RE: [cobalt-users] using htaccess to limit access to an IP
- From: "Kevin" <owner@xxxxxxxxxxxxx>
- Date: Thu Feb 24 17:44:55 2000
I just went through all this today as well. I went to Cobalt's KB and
entered htaccess
Their description and rules on htpasswd worked great for me.
Response
Although we do not have a browser interface to allow this feature, it can be
done with a telnet session.
For this example, we will show how to password protect a users Web page. You
can apply this procedure to virtual sites also by changing the directories.
1. Telnet in, and login as the User or admin
2. Navigate to the directory you want to password protect.
3. Create the .htaccess file, it should contain the following lines:
# Access file
order allow,deny
allow from all
require valid-user
Authname DirectoryName
AuthPAM_Enabled off
Authtype Basic
AuthUserFile /home/sites/sitename/web/directory/.htpasswd
Replace sitename and directory as appropriate.
Note: If you want to use the systems' /etc/passwd file for authentication
you can eliminate the AuthUserFile line from the .htaccess file above.
4. Now you must create the .htpasswd file using the htpasswd tool.
a. Type the following command to create the file and add a user:
htpasswd -c .htpasswd username
b. You will be prompted for the users' password twice.
5. If you need to add additional users to the file, use the command above
without the -c.
I think your mistake is in require user, and actually creating the .htpasswd
file.
Kevin
Owner@xxxxxxxxxxxxx
http://www.worldcops.com
WorldCops Web Site Hosting
-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Lee Joramo
Sent: Thursday, February 24, 2000 4:55 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] using htaccess to limit access to an IP
I am attempting to setup htaccess to allow access to everyone from a
specific IP address, otherwise prompt for a users password.
Given:
two users:
joeuser jodyuser
IP address to allow all users to access:
987.987.987.987
Realm of authentication:
myprotectedpage
htpassword path:
/home/sites/www.FAKESITE.com/.htpasswd
Here is the .htaccess file I have attempted to use:
# Access file
require user joeuser jodyuser
order deny, allow
deny from all
allow from 987.987.987.987
satisfy any
AuthName myprotectedpage
AuthPAM_Enabled off
Authtype Basic
AuthUserFile /home/sites/www.FAKESITE.com/.htpasswd
This results in the follow web page error message:
Internal Server Error
The server encountered an internal error or misconfiguration
and was unable to complete your request.
Now I have tried many variations of the .htaccess file, but the one
above is the one that I feel is the closest to what I need. All
either allow versions either provided the same error message or
allowed anyone to access the page.
I had a very similar script that worked on a previous server which
ran under SunOS with the ROXEN webserver.
Several other questions:
On previous systems, I allows used <Limit></Limit> tags around the
restrictions and this came after the "Auth" settings. The
documentation I found at www.cobalt.com and this mailing list archive
all used the format as found in the above .htaccess file.
What exactly does AuthPAM_Enabled do? I am guessing that it uses the
systems username and password to allow access to a web page. If so
this seems like a dangerous thing to allow.
Thanks
--
Lee A. Joramo ljoramo@xxxxxxxxxxx
The Nickel Want Ads www.nickads.com
Internet Manager 970-242-5555
--
Onward and Upward!
Lee A. Joramo }}-----> Cowboy on the Electronic Frontier
lee@xxxxxxxxxx
Alamar Ranch - Palisade - Colorado
ThreeRivers|Eagle|UCD|D&D|TNC|DX|Mac|221B|Cannondale|Deutsch
_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-users