tags:

views:

382

answers:

2
Q: 

Problem with digest authentication using .htaccess file.

I'm trying to protect a folder with Digest Authentication through a .htaccess file:

AuthType Digest
AuthName "Restricted Area"
AuthUserFile /web/htdocs/www.domain.com/.../.htdigest

Require valid-user

I've created the file of passwords with the comand "htdigest". All works fine on my local server ... but not on my remote server (hosted website)! The browser shows the login panel even if I enter a correct password!

On the remote server PHP is running as CGI not as a module of Apache ... should be this the cause? Is there some workaround?

Thanks in advance!

EDIT: A Basic Authentication with .htaccess works fine on the same remote server!

A: 

If the script is running as CGI, that means it is running as the local user, not as www, which is probably the problem, yes. Is CGI the only option?

Anthony  2009-10-12 10:41:33
Thanks for your reply! Yes, CGI it's the only option, I can't modify the server configuration to load php as an Apache module!
BitDrink  2009-10-12 11:11:14
Wait, do you mean ALL of php? How are you even running the script at all?
Anthony  2009-10-12 11:16:25
I think that I've confused your ideas! What I'm trying to do is to protect with Digest Authentication a simple HTML page in a directory. I palced a .htaccess (with the code above) and a .htdigest files on the same folder of the HTML page! But when I try to login with correct credentials, the browser ask me to enter again my credentials! All works fine on my local server (where PHP is installed as a module of Apache) but not on my remote server (where PHP is running as CGI)..so I thought that the cause should be the server configuration...but the hosting service don't let me modify the setting!
BitDrink  2009-10-12 12:31:23
A: 

The code above is missing the AuthDigestDomain directive, about that the documentation says:

This directive should always be specified and contain at least the (set of) root URI(s) for this space. Omitting to do so will cause the client to send the Authorization header for every request sent to this server. Apart from increasing the size of the request, it may also have a detrimental effect on performance if AuthDigestNcCheck is on.

However, I've definitely solved the problem by enabling the Apache module mod_auth_digest instead of the module mod_digest.

BitDrink  2009-10-26 09:06:06

related questions

Is it safe to deny access to .ini file in .htaccess?
.htaccess redirect performance
How can I fix my .htaccess to resolve URLs that don't end in slashes
Find the page that the user intended to see
Configuring wordpress .htaccess to view subfolders
Getting file name of file directed by .htaccess?
Apache htaccess on Win2k is not being processed
How do I stop visitors directly accessing the directories in my website?
What happens first? .htaccess or php code?
Apache/php guru needed! htaccess files, php, includes directories, and windows XAMPP configuration nightmare!
Edit php.ini with .htaccess
Do you have to restart apache to make re-write rules in the .htaccess take effect?
Apache Mod-Rewrite Primers?
Dynamic IP-based blacklisting
.htaccess mod rewrite 301-redirect
How to make a web app appear at the root of the site?
Is it possible to use .htaccess to send six digit number URLs to a script but handle all other invalid URLs as 404s?
How do I use .htaccess to redirect to a URL containing HTTP_HOST?
How to convert Apache .htaccess files into Lighttpd rules?
Wildcard Subdomain Exceptions
Redirecting non-www URL to www
How can I use `scp` to deploy a website's `.htaccess` file?
How do I add a MIME type to .htaccess?
Mod-Rewrite loading files behind the DocumentRoot
.htaccess directives to *not* redirect certain URLs