[HOWTO] - Password protect Apache folders

[Essage]

It seems to be working now.

The long story:

Accually there is no place in the httpd.conf that looks like:
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"

AllowOverride None


It looks like:
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
#
# AllowOverride None

I changed removed the hash before AllowOve... And changed None to AuthConfig, and after that apache wont restart. I followed all the other steps and inserted the hash again. And it seems to work.
I think it's the default setting that makes it work.
A couple of lines above:
# First, we configure the "default" to be a very restrictive set of
# permissions.
#
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>

Isn't it?


Is insecure in some way haveing it this way?


Another question about this:
The user I created, has it access to all directories I password-protect? I just want it to ohave access to a specific directory, and want to be able to password-protect other directories that the user doesn't have access to.

/Essage

[Essage]

Ok. I replaced my httpd.conf-file with the default one.

Now that part works as it should, but one new issue appeard.

When i run configtest I get this message:

[alert] httpd: Could not determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
Syntax OK


I'm using the IP 192.168.0.2. It worked before replacing the file, and i didn't get this message before.
I have tried to set the ServerName to 192.168.0.2, but it isn't working.

Before i started to mess with the httpd-file the first time, I used serveradmin to set up a website. it was named 192.168.0.2 and the ip was 192.168.0.2. It worked perfectly.
But if I do that now, when i try to connect to the server and gets the response from the server it just tries to connect again and again...

[Essage]

I am already forwarding port 80 on my public IP to 192.168.0.2. Shall I set the ServerName to 192.168.0.2 also?

[Essage]

Thanks!

It works now.

One issue still stands. When I'm accessing adresses from the local area network and don't type the last slash, like "http://192.168.0.2/directory", I'm getting: "the connection was refused when attempting to contact 127.0.0.1".

It works if I type:
"http://192.168.0.2/directory/"

/Essage

[Essage]

But I guess I'll have to live with that, right?

Thanks testuser for all the help

/Essage

[uoba]

All works fine. But, can I generate two .htpasswd files in the /private/etc/httpd directory (one being .htpasswd and the other .htpasswd2 for example)?

Then, have one folder with access to one (for example: /webserver/folder) and the other accessing the other (webserver/folder2)?

I have generated the .htaccess file in folder2 (an example address) with the top line AuthUserFile /private/etc/httpd/.htpasswd2

However, it asks for the username and password when I go to /webserver/folder2/index.html in the browser, but will not allow me to log-in (wrong pass message, but's it's not the wrong pass)

Any ideas?

[uoba]

Should've read the code first, found a typo error! All works fine n' dandy.

Another question which is troubling me: It occassionally asks for the username and pass twice (though correct)???

[uoba]

was a rogue htaccess file or something!?

I'm using a brand-spanking new iMac keyboard (and made sure I pressed very carefully); (plus it only ever asks twice, not thrice).