简体   繁体   English

htaccess找不到.htpasswd文件

[英]htaccess not finding .htpasswd file

I'm trying to password protect a directory on my site. 我正在尝试用密码保护我网站上的目录。 I can get the .htaccess working so that when I visit the directory a password prompt is shown, however when I put the correct credentials that I've stored within my .htpasswd file I am not granted access. 我可以使.htaccess正常工作,以便在我访问目录时显示密码提示,但是,当我将存储在.htpasswd文件中的正确凭据放入存储库时,则无权访问。 The password prompt just pops up again. 密码提示再次弹出。

I believe it's a problem with the path to the .htpasswd file in the .htaccess file. 我相信.htaccess文件中.htpasswd文件的路径存在问题。 I've checked my document root (_SERVER["DOCUMENT_ROOT"]) and it shows that the root is this: 我检查了我的文档根目录(_SERVER [“ DOCUMENT_ROOT”]),它表明根目录是这样的:

/var/www/vhosts/myurl.info/httpdocs

so my .htaccess looks like so: 所以我的.htaccess看起来像这样:

AuthName "Restricted Area"
AuthType Basic 
AuthUserFile /var/www/vhosts/myurl.info/httpdocs/.htpasswd 
AuthGroupFile /dev/null 
require valid-user

I've put the .htpasswd in the root document folder (httpdocs). 我已将.htpasswd放在根文档文件夹(httpdocs)中。

Any ideas what I'm doing wrong? 有什么想法我做错了吗? Everything looks correct to me. 一切对我来说都是正确的。

If the path were invalid, you'd get a 500 error or something. 如果路径无效,则会出现500错误或类似错误。 Since the browser prompts for password, most likely the path is correct. 由于浏览器提示输入密码,因此路径很可能是正确的。 However You need to make sure you generated the htpasswd correctly. 但是,您需要确保正确生成了htpasswd。 Check this- http://www.htaccesstools.com/htpasswd-generator/ 检查此-http : //www.htaccesstools.com/htpasswd-generator/

Make sure the .htpasswd is in the format of user:passwordhash , where passwordhash can be of the following types: 确保.htpasswd格式为user:passwordhash ,其中passwordhash可以为以下类型:

  • CRYPT (a kind of cryptographic hashing, only the first 8 characters are supported so beware not to choose a password longer than 8 characters) CRYPT(一种加密哈希,仅支持前8个字符,因此请注意不要选择超过8个字符的密码)
  • MD5 (an Apache-specific algorithm that make uses of the MD5 function, a bit similar to cryptographic hashing) MD5(使用MD5函数的Apache特定算法,有点类似于加密哈希)
  • SHA1 (only one possible outcome per password, so the resulting hash can probably be reversed if a hacker managed to get the .htpasswd file) SHA1(每个密码只有一个可能的结果,因此,如果黑客设法获取.htpasswd文件,则可能会反转产生的哈希值)
  • Plain text (you can always create this format, but note that "the httpd daemon will only accept plain text passwords on Windows, Netware and TPF ". Also using plain text is unsafe because if a hacker gets the file he will know all your passwords) 纯文本 (您始终可以创建此格式,但是请注意,“ httpd守护程序将Windows,Netware和TPF上接受纯文本密码”。另外, 使用纯文本是不安全的,因为如果黑客获取了文件,他将知道您的所有密码)

Normally you will choose CRYPT , but if you have a longer password consider MD5 or SHA1 . 通常,您会选择CRYPT ,但是如果您的密码较长,请考虑使用MD5SHA1 Never try to use plain text as it is not supported on Linux and is dangerous. 切勿尝试使用纯文本,因为Linux不支持纯文本,这很危险。

First try to remove line "AuthGroupFile /dev/null" - I don't specify it if not using group file... 首先尝试删除“ AuthGroupFile / dev / null”行-如果不使用组文件,则不指定行...

If it doesn't help - have a look in error.log of apache... it'll give you hints. 如果没有帮助,请查看apache的error.log ...它将为您提供提示。 Of post relevant part of the error.log here... 在error.log的此处发布相关部分...

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM