Problem with setting up .htaccess

quazyguy · New Member Joined: Jun 15, 2007 Posts: 18

Since my previous problem was fixed, I am starting a new thread for my next problem. You guys will probably hate me since things love to not work right for me and I am a total noob to Nuke.

My problem right now is with getting the .htaccess setup properly for the added security. I followed all the directions, copied and pasted and even played around a bit, but still do not get the initial login before the admin login on the page. here is my current .htaccess file, personal stuff xx'ed out.

Options All -Indexes
DirectoryIndex index.php index.htm index.html

# -------------------------------------------
# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
<Files .staccess>
deny from all
</Files>

<Files admin.php>
<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "put my user name here"
AuthType Basic
AuthUserFile .staccess
</Files>
# -------------------------------------------
# End of NukeSentinel(tm) admin.php Auth
# -------------------------------------------

Every time I go to the Admin login, it takes me right to the one in the page.

Raven Nuke seems like a great setup. I can't wait to get it running.

gregexp · Posted: Sun Jun 17, 2007 8:02 pm

The AuthUserFile needs to be a direct PATH, meaning for example:

home/username/public_html/.staccess

it is possible that ./.staccess would work. but it should be a direct path.

As for the put my user name here, that is not the username area. That is meant for the title of the Popup that you get to login.

Now if .staccess has nothing in it, then it will not show your login.

Your .staccess should have something similar to this in it:

username:password

Password would be in crypt format.

Now you need to also make sure that sentinel can write to the .staccess, chmod 666.

In sentinel admin, it will let you know if it is chmodded correctly.

Now after you find that out, you need to run the scan for new admins, then edit the auth admin by setting a password and defining it protected.

A lot of work to go through but it is important for security purposes and so many steps involved in order to prevent the admins from messing their entire site up, anyone of these fails, and you will not get a popup for login.

I hope this is clear enough.

quazyguy · New Member Joined: Jun 15, 2007 Posts: 18

I am running it on Windows 2003, so should i put the direct path as in ie: C:\Program Files\Blah\Blah ?

Ok, I will change that from the user name in that section.

The .staccess has username and password that got put in there when I followed the installation how to.

It is probably a case of the direct path in the .htaccess file. I will try it out tomorrow.

Thank you for all your help gregexp. I really appreciate it. I have been quite happy with the help I have received as well as the quality of the program, so I have already been alerting others to its presence.

gregexp · Posted: Sun Jun 17, 2007 10:06 pm

quazyguy · New Member Joined: Jun 15, 2007 Posts: 18

I know this must be user error. It typically is with me. I tried using the direct path both with quotes and without and it still did not work. It still takes me directly to the Administration System Login right on the website. Man, I should just stop using this stuff since I am having so many problems.

fkelly · Posted: Mon Jun 18, 2007 7:48 am

Is this just a "home server" for testing, or is it connected to the Internet so that others can use it?

And by the way, all of us have problems, just persevere. Someday you'll be helping others.

quazyguy · New Member Joined: Jun 15, 2007 Posts: 18

It is pretty much both. I am using it as a "home server" to learn on, but it is also connected to the internet with my own domain name so friends and family will be able to connect to it.

montego · Posted: Tue Jun 19, 2007 7:13 am

Quote:

I am running it on Windows 2003

Question: are you using IIS or Apache for the web server? If you are using IIS, then .htaccess does not apply. If you are using IIS, I would strongly recommend you switching over to Apache.

If you are using Apache, then I am wondering if there isn't something in your Apache set up that is not allowing .htaccess to work even?

quazyguy · New Member Joined: Jun 15, 2007 Posts: 18

I am using Apache. I would have used Linux but I am just much more comfortable with Windows. Are there any settings within Apache that I can look at to see if they are messing something up?

montego · Posted: Thu Jun 21, 2007 7:05 am

sorry it took me so long to respond. Here are some things that I would check within Apache's httpd.conf file. Look for directives similar to this:

Edited: I forgot to mention that these directives are not typically all strung together like this. You will find them in different spots within your conf file

Code:

<Directory />
Options All
AllowOverride All
</Directory>

<Directory "/usr/local/apache/htdocs">

#
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
Options Indexes FollowSymLinks MultiViews

#
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
#
AllowOverride None

#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>

#
# AccessFileName: The name of the file to look for in each directory
# for access control information.
#
AccessFileName .htaccess

<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>

Don't decide to one and not the other of these.

Others: if you see anything *Bad* with this, certainly bring it up. I am not the expert in this area. Just trying to help.[/b]

quazyguy · New Member Joined: Jun 15, 2007 Posts: 18

Thanks a lot montego. I'm still learning how to configure apache for stuff. The Allow Override was set to none. I set it to all and it works now. Thank you so much for all the help everybody. Just need to figure out how to add the cities back into the database.

quazyguy · New Member Joined: Jun 15, 2007 Posts: 18

Ok, i get the authentication, but when i try to login, I get an internal server error.

montego · Posted: Sat Jun 23, 2007 8:54 am

I'm not sure about this one. Unfortunately, I am out of town right now and short on time. Since server configuration is not my strong-suit, hopefully someone else can pick up from here until I get back to where I can look at this closer.

montego · Posted: Wed Jul 25, 2007 7:33 pm

Whatever happened with this?

quazyguy · New Member Joined: Jun 15, 2007 Posts: 18

Still doesn't work, so I just let it be as it wasn't a critical thing that I needed for my site to work. Thanks for checking back however.

montego · Posted: Thu Jul 26, 2007 7:17 am

Sure wish someone with more Apache experience would/could chime in here... I don't know what could be wrong. I gave above all that I could find in my own local windows set up.