[thelist] .htaccess Help: Password protection

Eduardo Kienetz eduardok at gmail.com
Tue Jun 27 20:00:58 CDT 2006


On 6/27/06, Gina Anderson <gina at sitediva.com> wrote:
> Thanks Eduardo! I tried it, but it doesn't seem to work for me. I'm sure I
> have a syntax issue or something. Could you help a bit further? First,
> here's the .htaccess file:
>
> ~~~~~~~~~~~~~~~~~~~~~~~
> DirectoryIndex login.html
>
> RewriteEngine on
> RewriteCond %{HTTP_REFERER} !^$
> (More stuff here)
> RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ (a url here) [R,NC]
>
> AuthType Basic
>
> AuthName "Restricted Area"
>
> AuthUserFile "/home/myusername/.htpasswds//passwd"
>
> require valid-user
>
>
> <Files "login.html">
>     satisfy any
> </Files>
> ~~~~~~~~~~~~~~~~~~~~~~~~
>
> Is something out of whack?  When I enter "http://www.mydomain.com", the
> user/pass box comes up, instead of login.html.  If I sign in first with the
> user/pass, and then enter the url, I am presented with "login.html' as
> default. But the server still doesn't recognize that login.html doesn't need
> protection.
>
> What am I missing?
>
> Thanks so much!
> Gina

Here is the closest I got to that on my quick tests:

DirectoryIndex login.html
<Files "login.html">
 satisfy any
</Files>
<FilesMatch "\.(png|php)$">
AuthType Basic
AuthName "Restricted Area"
AuthUserFile "/home/eduardo/.htpasswd"
require valid-user
</FilesMatch>

Note that it will allow only login.html with no password and only ask
for password when .php and .png. This means it would allow access for
foo.html abcd.dwg, etc.
But I believe you can go on now and create a regular expression that
matches your needs.

And remember you must allow override to the DirectoryIndex (by adding
the following 'Indexes' to the Directory directive):
<Directory "/var/www/htdocs/teste">
    AllowOverride AuthConfig Indexes
</Directory>

Best regards,

-- 
Eduardo  Bacchi Kienetz
LPI Certified - Level 2
http://www.noticiaslinux.com.br/eduardo/



More information about the thelist mailing list