PDA

Click to See Complete Forum and Search --> : Apache Directory Protection

EmperorPenguin
02-23-2005, 06:58 PM
I am trying to protect the directory 'phpMyAdmin' on my local server. I'm running OSX (10.3) with the default Apache set up.

Here is what I added to httpd.conf:
<Directory "/Users/schrojo/sites/phpMyAdmin">
AllowOverride AuthConfig
</Directory>

I created .htaccess within my phpMyAdmin folder, containing the following:
AuthName "Authorization requried to access phpMyAdmin"
AuthType Basic
AuthUserFile "/Users/schrojo/sites/phpMyAdmin/.htpasswd"
AuthGroupFile /dev/null
<Limit GET POST>
require valid-user
</Limit>

I have created the accompanying .htpasswd file using htpasswd -c ....

When I try to access the site, all I get is a Forbidden error ... there is no prompt to enter my username/password. Is there something additional that I need to do in order to get the username prompt?
welmers
02-23-2005, 09:09 PM
is your dir /Users/schrojo/sites/phpMyAdmin and .htpasswd and .htaccess files accessable by the webserver user?
EmperorPenguin
02-23-2005, 09:35 PM
.htpasswd and .htaccess are both world readable. The entire directory is world readable and executable. When I turn the directory protection off I am able to access all of the files under the directory just fine.

I tried chowning the .htaccess and .htpasswd files to www ownership, but that didn't make any difference.
welmers
02-24-2005, 03:44 PM
Maybe there's some <Directory /> directive that permits access from everywhere on the file system that is not put in a seperate Directory directive. Something to post your httpd.conf?
ph34r
02-24-2005, 04:09 PM
I just used a second apache config file to bind to a high port on localhost only and that is where phpmyadmin runs out of... if you won't just be working from localhost or don't use ssh tunnels it won't do much good for you though...
EmperorPenguin
02-25-2005, 02:06 AM
Originally posted by ph34r
I just used a second apache config file to bind to a high port on localhost only and that is where phpmyadmin runs out of... if you won't just be working from localhost or don't use ssh tunnels it won't do much good for you though...

Or I could use a local mySQL GUI :) I think I can survive with just having local access to the databases I'll have on this server ... any other manipulations can be worked into my code throughout the site.

I'm still puzzled by the Apache problems though. I'm going to research it a little more and I'll post again if I happen to find a solution.