Htaccess


#1

Well, no still support after 24 hours and I need to resolve this ASAP as it is preventing me from implementing services that I worked very hard to create yesterday. Here we go…

Anyone else having issues with Htaccess?

I have half a dozen password-protected directories set up. In the past 48 hours I have had the following issues:

  1. setting up a new password-protection: I click the button and there are no errors, but nothing happens (it’s been over 24 hours since I clicked it)

  2. deleting an old password-protection: Clicked to delete it, told it would take 10 minutes. Still there (it’s been over 24 hours)

  3. adding a user to an existing directory: updated the information, submitted it, and refreshed to confirm that it includes the new credentials, but said credentials do not work for accessing the directory

So, it appears to be broken in all sorts of ways…


#2

Using .htaccess to protect something means you are using Basic Authentication which is not the best in the world. In fact it sucks. One reason is because there’s no way to log out. You actually have to exit your browser to end the session.

You should try verifying the problem by first completely shutting down your browser, restarting it, and trying again.

If you still have problems, post the contents of your .htaccess (removing sensitive information) and maybe we can help.


#3

I am reasonably certain that the credentials are not working as I have tried three different browsers before and after a system shutdown.

This is for a really simple need, but…at the risk of totally de-railing the thread, while I wait for this to get fixed…

I have never needed to worry too much about secure web page access. But…if I did want to look into doing something more exotic and secure than htaccess, what would you recommend? I am currently using PHP, HTML, and mySQL. I have access to Creative Suite 6.

All I need is the ability to give access to only a few people to a given directory.


#4

Well, basically, nothing is really secure unless you use SSL (https) because http is cleartext. Anything you send over http could, in theory, be read by anyone between you and the server.

There are some ways of sending a single use token to the user, and the user’s browser using that token to encrypt the password and send it back to the server over http, but they are not as secure as https. Those methods are much more secure than using Basic Authentication via .htaccess .

You could use Digest Authentication, which is a little more secure and can be done through .htaccess, but it suffers the same problem: there’s no way to log out.

If your access requirements are not that critical (i.e. your protected data is not that important and you just want to keep out casual adversaries), then even Basic Authentication is fine. If you really want to protect something valuable, you’ll need SSL (https) and a dedicated IP address.

Anyway, you don’t have to wait to fix your problem. Just SSH into your account and edit your .htaccess file. Here are some instructions: http://www.addedbytes.com/blog/code/password-protect-a-directory-with-htaccess/


#5

I appreciate the link, but for now I have to pass. The punchline is that in the old days, I did manage my htaccess by creating and editing those files. Then, with Dreamhost, I went ahead and started using their panel tool. When I do open the .htaccess file, they have a message in their screaming at me to now edit it. So…yeah. :stuck_out_tongue:

Here’s hoping someone gets around to me sooner than later. :frowning:


#6

You can edit it yourself. Just be aware that anything between the DH comment blocks can/will be wiped by changes made in the panel. Outside of that, you can do anything you like.


#7

Don’t forget also that htaccess is cumulative with all the htaccess’s above it in the path. If your “half dozen” are at the same level in the path that’s one thing, but with half dozen you can get confusing directives fast. This is also a case where I would do my own htaccess files, you can do it yourself too, as bobocat points out.

If you do want to use the panel, wait until each changed is pushed out and functioning correctly before moving on to the next directory. I think part of the reason for that 10 minute buffer before changes are made is to make sure the user isn’t going to change their mind, if you edit before the change is pushed out, you may be confusing it. Also the “10 minutes” might be too short of an estimate at some times of the day, I’ve seen panel changes take longer.


#8

Thank you for trying to help.

It’s been over a day, so I don’t think it’s a matter of time. :smiley:

I really would just like consistency. I was directed to use the htaccess panel at some point, so I did. It worked fine. Now it does not. And therein lies my dilemma.

Passed the 30-hour mark on the ticket. This is especially sucky because I am currently on assignment in the Middle East, working in a place with a Muslim work week, so my weekend ends in about 4 hours and I my time to work on these things during the work week is fantastically reduced.

So, yeah, I may just fire up SSH and do it manually and hope it sticks if I still have not heard back.

But wow, my curiosity about other web hosts is growing. And I used to be such a champion of Dreamhost…were they sold recently or something?


#9

It would take about 5 minutes to do it yourself, probably less time that it’s taken to post here :slight_smile:


#10

Of course, but the point is to get Dreamhost to fix their tool.


#11

You missed something in my reply. If you insist on using the panel tool, then WAIT until each individual change is pushed out and working before making the next. Should you have to do it that way? Probably not and if that is the solution then it’s probably a bug in the panel.

good plan! like bobocat points out, you would already be done.

Not that I know of, actually things are better now than say 2 years ago, but that’s just my opinion and takes about 20 different categories of service level grading and reduces it to about 5 words.


#12

That can take months of complaining to accomplish.


#13

Well, it magically started working just minutes before they replied. I love magic, but it’s kinda funny that I was just starting to take care of it manually via SSH. :stuck_out_tongue:

I’ll let the “Gee, it seems to be working great for me” response from support slide and get on with my work. Something got the access bot working again, so I don’t really care if they admit something was wrong or not. But that could get to be annoying if it kept happening.

Now it’s remarkably responsive, like it used to be.

Thanks again for the replies.
[hr]

For the record, I waited hours after each step, with no avail. But now it’s magically working again and it executes changes in a few minutes like it used to do.

Onwards.


#14

Glad it’s working for you now.

From your initial post it really didn’t sound like you waited hours after each step. It sounded like you made several changes and none of them were working =]