• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How do I protect my development site with .htaccess

#1
[eluser]RMinor[/eluser]
I have a website that I am developing for a client. He wants the entire website to be invisible to random users / search engines. I figured .htaccess with a .htpasswd was the way to go. My problem is that I am getting an internal server error after I enter the username and password. How can I get this to work so that him or I can enter the username and password and the site works as normal? Below are my files.

This is the .htaccess file:
Code:
AuthType Basic
AuthName "Test Site"
AuthUserFile /home/content/p/i/n/html/digrepro/.htpasswd
Require valid-user


# Options
Options -Multiviews
Options +FollowSymLinks

#Enable mod rewrite
RewriteEngine On
#the location of the root of your site
#if writing for subdirectories, you would enter /subdirectory
RewriteBase /

#Removes access to CodeIgniter system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php?/$1 [L]

#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

#This last condition enables access to the images and css
#folders, and the robots.txt file
RewriteCond $1 !^(index\.php|images|robots\.txt|css|products|js)

RewriteRule ^(.*)$ index.php?/$1 [L]

Both the .htaccess and .htpasswd files reside in the web root folder.

#2
[eluser]CroNiX[/eluser]
Make sure your htpasswd has appropriate permissions.

#3
[eluser]RMinor[/eluser]
I gave it 777 permissions and still get the following error:

"Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Apache Server at digrepro.com Port 80"

#4
[eluser]CroNiX[/eluser]
777 is totally insecure and that's probably why it's rejecting it. Check some tutorials for htpasswd. Check the raw apache error logs for more info, too.

#5
[eluser]RMinor[/eluser]
Well, it was at 604 at first. Then, when you mentioned permissions I changed it to 777 to see what would happen. I will switch it back and check the logs.

#6
[eluser]RMinor[/eluser]
After checking the logs I don't see anything relating to this error or anything from today for that matter.

#7
[eluser]RMinor[/eluser]
Bump for any help.

#8
[eluser]RMinor[/eluser]
Here is my Apache Error Log:

[Tue May 01 16:48:35 2012] [error] [client 123.125.71.20] File does not exist: /var/chroot/home/content/p/i/n/pinkydinks/html/robots.txt
[Tue May 01 19:59:04 2012] [error] [client 95.108.150.235] File does not exist: /var/chroot/home/content/p/i/n/pinkydinks/html/robots.txt
[Tue May 01 19:59:04 2012] [error] [client 95.108.150.235] File does not exist: /var/chroot/home/content/p/i/n/pinkydinks/html/robots.txt
[Wed May 02 09:44:06 2012] [error] [client 66.249.71.239] File does not exist: /var/chroot/home/content/p/i/n/pinkydinks/html/robots.txt
[Wed May 02 11:54:09 2012] [error] [client 173.8.17.253] (2)No such file or directory: Could not open password file: /home/content/p/i/n/html/digrepro/.htpasswd
[Wed May 02 11:54:09 2012] [error] [client 173.8.17.253] (2)No such file or directory: Could not open password file: /home/content/p/i/n/html/digrepro/.htpasswd
[Wed May 02 11:57:11 2012] [error] [client 173.8.17.253] (2)No such file or directory: Could not open password file: /home/content/p/i/n/html/.htpasswd

#9
[eluser]CroNiX[/eluser]
The last 3 lines indicate a permission issue (could not open) for your .htpasswd file. Google "apache Could not open password file" for lots of info. There's just too many possibilities of things that can be wrong with your particular setup. Most of the time htpasswd needs 755 permissions and the "apache" user/group (or whatever user your webserver uses) needs to be able to access the file (that include all directories leading UP to the file, as well).

#10
[eluser]RMinor[/eluser]
Problem solved. It turns out my path was incorrect. I created a file in the root of my site with the following code in it.

Code:
<?php echo __FILE__; ?>

It gave me the full path and once I changed it, everything worked.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.