Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Htaccess - Http Authentication - Why is this block causing a 500 error for me?

I have been reading through what seems to be a good tutorial on rest based authentication.

I am trying to use this as an addition to access to website cms (held out of accessable web root).

As in when the used is directed to the cms index i wish to used this basic form of authentication. Once the user navigates to any section then the my default php authentication system will kick in, so that certain users may only access certain functions in the cms.

What i dont understand though, is why the following code block, when placed in my .htaccess file, causes the entire website to produce a 500 error...

<Files .login>
AuthType Digest
AuthNAme "Authentication Required"
AuthDigestFile /usr/home/myDomain/includes/htpasswd/admin/.htdigest
Require valid-user
</Files>

I have tried a similiar test using the basic access feature, but decided that this approach would be a bit more secure, as an addition. Whereas i used the htpasswd.exe program from apache to create a .htpasswd file that i could use to authenticate basic access. This worked okay, but i could not figure out how to apply this type of authentication to the the cms index through the .htaccess file.

I have gone about creating a file, using the htdigest.exe program from apache, to create a file called .htdigest.

Its' contents are as follows:

testUser:Authentication Required:cd7h62051449100elk3c463eae6251f5

Now, with all this set up, i have followed the instructions in the mentioned artice, to try to achieve a instance where once a user clicks on a link with the href attribute ".login" in it, they are directed to my cms (auth required). This is the explaination by the author:

So there is no .login file, it's just a URL that will trigger authentication because accessing this URL requires a user to be authenticated.

Now for some reason when i try to load any page on my site, with this block in the .htaccess, i get a 500 error, when i should actually be getting the authentication box?

But this is were i am confused, as i assume this block would only have an effect in the instance of the user clicking on the link with the ".login" href...

I have not added the futher block to direct the user to the index page when authentication is valid, just this block, and the two additional blocks mentioned by the author.

Would someone be able to explain what is causing this reaction?

like image 487
Craig van Tonder Avatar asked Jan 17 '23 15:01

Craig van Tonder


2 Answers

Based on what the error_log says, if you are using Apache 2.2.x, try changing AuthDigestFile to AuthUserFile. You might also then encounter file path differences depending on your OS; follow any new error_log messages.

like image 95
jcmeloni Avatar answered Jan 25 '23 23:01

jcmeloni


  1. is it literally myDomain in the path?
  2. The reason of the 500 error is written to the error_log file. It is the only place in the universe where you can find the reason and explanation.
like image 33
Your Common Sense Avatar answered Jan 25 '23 22:01

Your Common Sense