Topic: htaccess for restricting webpage access - sme 7.3

[guest1618]

I have two virtual websites with pages needing restricted access. I was using htaccess before upgrading from 7.2. After upgrading, htaccess works on only one directory but not on any of the others. There are four directories under one virtual site and three don't work. One site has only one directory and htaccess doesn't work for that one either. One the one that works, I get the expected login box, on the others, a directory listing. All worked prior to the upgrade. I have checked to make sure all the files are correct including permissions (644). In fact, for the site with four protected directories, the htaccess file is the same and still only one works. I'm at a loss, any ideas?

My .htaccess file:

<Files .htaccess>
     order allow,deny
     deny from all
</Files>

AuthUserFile /home/e-smith/files/ibays/someibay/files/.htpasswd
AuthGroupFile /dev/null
AuthName "Enter User Name and Password"
AuthType Basic

<Limit GET>
     Require valid-user
</Limit>

.htpasswd has the user name and password as generated by htpasswd -c.

An aside, after the upgrade, horde did not work outside the local network (fixed), ftp passwords had to be re-entered, control panels are not as before, all the panels are there but there are only three categories with most controls under the unknown category and now this problem with htaccess. I have several contribs installed and did an in-line upgrade using the software update control panel and yum. Probably not the best idea.

[warren]

Nets2u,

Follow the howto here to set up .htaccess correctly :
http://wiki.contribs.org/Htaccess


also note in this the following  " The AuthUserFile will be the location on your sme server of the htaccess password file. You can choose whichever name and location you want, but the password file SHOULD NOT be placed in a publicly accessible area ie NOT in web site folders "

[guest1618]

also note in this the following  " The AuthUserFile will be the location on your sme server of the htaccess password file. You can choose whichever name and location you want, but the password file SHOULD NOT be placed in a publicly accessible area is NOT in web site folders "

Warren, thanks for the reply. I know about the Htaccess Howto but did something change that I now must use templates and if so, why does one work correctly?

I believe the default file and cgi-bin directories of the ibay are not directly web accessible, only the html directory, is that not correct? I host several virtual domains and I put them there so the website admins can do their own modifications or additions, none of whom are on the local network.

[warren]

An aside, after the upgrade, horde did not work outside the local network (fixed), ftp passwords had to be re-entered, control panels are not as before, all the panels are there but there are only three categories with most controls under the unknown category and now this problem with htaccess. I have several contribs installed and did an in-line upgrade using the software update control panel and yum. Probably not the best idea.

This issue is in the bug tracker http://bugs.contribs.org/show_bug.cgi?id=4229 and also here : http://forums.contribs.org/index.php?topic=40789.0

and here http://wiki.contribs.org/Translations#Outdated_contribs  for a listing of contribs affected by the problem of not having translations in the UTF8 format.

Warren, thanks for the reply. I know about the Htaccess Howto but did something change that I now must use templates and if so, why does one work correctly?

As far as I know, it has always been that the .htaccess is a custom-template scenario ( as any update would result in the httpd.conf fragment been re-generated, thus removing any manual additions to the httpd.conf file )
I have used a custom-template fragment since SME5 days