Forums / Setup & design / httpd.conf and securing website
Heiner Wurbs
Sunday 20 August 2006 10:26:52 am
Hi !I want to secure complete an eZ publish installation with a httpd password:
AuthType Basic AuthName "eZ publish installation" AuthUserFile /usr/local/apache/passwords Require valid-user
But it doesnt work :( it displays the content without the images, but I can navigate through the website ! Any help ?Heiner
Claudia Kosny
Sunday 20 August 2006 1:57:06 pm
Hello Heiner,
your .htaccess file works fine for me. So I would try the following: Make sure that you apache reads the file at all.Easiest way to do that is to insert an error in the file and load a webpage that should be protected by the .htaccess. If you get an 500 - server error, your webserver reads the file just fine, if not, check your httpd.conf. Also check whether your httpd.conf file permits the usage of .htaccess files, especially the authentication.Make sure that apache has access to the password file, maybe the path is not accessible (especially if you use public webhosting). Although in this case you should get a login prompt but should not be able to login at all...
Greetings from Luxembourg
Claudia
Monday 21 August 2006 12:52:06 am
Hi Claudia,
thanks for your reply! Nice, that it works with you, so there is only a small thing missing :) It do not work on my vhost. I can modify the complete httpd.conf and the vhosts, so I post the VirtualHost configuration, maybe you will see the error. The Login prompt is displayed, but if I cancel it three times, I can see the content delivered by index.php without any images and styles. Something with the rewrite module?
<VirtualHost 111.222.333.444:80> ServerName myserver.com ServerAlias myserver.com DocumentRoot /srv/www/htdocs/web20/html <Directory /srv/www/htdocs/web20> Options FollowSymLinks AllowOverride None AuthType Basic AuthName "eZ publish installation" AuthUserFile /usr/local/apache/passwords Require valid-user </Directory> php_admin_flag safe_mode Off php_admin_value register_globals 0 php_value magic_quotes_gpc 0 php_value magic_quotes_runtime 0 php_value allow_call_time_pass_reference 0 php_admin_value memory_limit 90M DirectoryIndex index.php <IfModule mod_rewrite.c> RewriteEngine On Rewriterule ^/var/storage/.* - [L] Rewriterule ^/var/[^/]+/storage/.* - [L] RewriteRule ^/var/cache/texttoimage/.* - [L] RewriteRule ^/var/[^/]+/cache/texttoimage/.* - [L] Rewriterule ^/design/[^/]+/(stylesheets|images|javascript)/.* - [L] Rewriterule ^/share/icons/.* - [L] Rewriterule ^/extension/[^/]+/design/[^/]+/(stylesheets|images|javascripts?)/.* - [L] Rewriterule ^/packages/styles/.+/(stylesheets|images|javascript)/[^/]+/.* - [L] RewriteRule ^/packages/styles/.+/thumbnail/.* - [L] RewriteRule ^/favicon\.ico - [L] RewriteRule ^/robots\.txt - [L] # Uncomment the following lines when using popup style debug. # RewriteRule ^/var/cache/debug\.html.* - [L] # RewriteRule ^/var/[^/]+/cache/debug\.html.* - [L] RewriteRule .* /index.php </IfModule> CustomLog /srv/www/htdocs/web20/log/access_log confixx2 </VirtualHost>
Thanks !Heiner
Monday 21 August 2006 2:51:02 am
The only thing I can say (again) that it works well for me (on a windows machine)... The only way I could kind of recreate your problem is to set the directory in the part where you set the authentication to the 'design' or 'var' directory which you obviously have not done. Unfortunately I don't know much about virtual hosts, so here just some ideas on how to pinpoint he problem: It looks like the var and design directories are protected by authentication whereas the base directory for EZ is not. To confirm this I would try to fetch e.g. the robots.txt (which should work without problems) and some file in the design or var directory (where you should be prompted for login).If that works as expected, try whether the rewrite rules are to blame, first by just taking them out totally. The startpage of your EZ-website should still work fine. Can you see the pictures and styles now? If yes, enable the rewrite rules again and check your rewrite and access log, maybe you can see some information there. If you still can't see the styles and pics and are still prompted for login, I would maybe try to set the directory for the authentication directly in the document root, not one level higher (although both versions were working for me)
Good luck
Monday 21 August 2006 3:48:28 am
Hi Claudia,thanks for that hints. I made that tests, and it turned out, that the RewriteEngine is the problem. At the moment I have no idea how to solve that. It could be, that this authentication and the rewrite_mod do not work together.
GreetingsHeiner
Script start
Module start 'content'
Module end 'content'
Script end
Time used to render debug report: 0.0001 secs