Current time: 04-23-2014, 12:34 PM Hello There, Guest! (LoginRegister)

Post Reply 
.htaccess help please
10-27-2007, 11:19 PM
Post: #11
.htaccess help please
That was one NICELY explained essay there... you should no doubt put that into the wiki!

MUCH appreciated, RL... I definitely have a much better understanding of this and it triggered some understandings in related areas.

I think judging from that I'll just let the panel do em as it wishes with what I am protecting now, as it is not truly sensitive material (just stuff I don't want my wedding video clients to run up on!), but that information should come in very handy in the future.

Again, thanks a TON for the essay!!!
dwr

----------------------------------------------------------------------------------------------
"Whenever you find yourself on the side of the majority, it's time to pause and reflect." - Mark Twain
Find all posts by this user
Quote this message in a reply
10-27-2007, 11:45 PM
Post: #12
.htaccess help please
Thank you for your kind and gracious comments, dwr! Smile I realize that I get a bit verbose at times; it is nice to know that occasionally someone benefits from such excesses of verbiage.

I think you'll likely be fine just leaving those files where the Control Panel tool puts them, and if you should decide to change them later, hopefully some of the info in that tome will be helpful. Wink

--rlparker
Find all posts by this user
Quote this message in a reply
11-03-2007, 06:53 AM
Post: #13
.htaccess help please
Hi to all.. RL some great insights into the world of .htaccess..

I'm fairly new to web building, lived off the basics and now moving forward.. I've been trying to understand .htaccess & .htpasswd and why it's necessary..

Currently, for the sites I work on I would have 2 users max on the system and in that case is the .htpasswd file really necessary in my case? I have no problem logging into Dreamhost to make changes.

I'm really looking for a way to prevent my folders being seen - for example, if i were to type.. http://www.mysite.com/img the entire list of images would show up.

Also I'm on mac, so terminal is optional to write the .htaccess file but I'm finding it hard to find out how to do so online..

Thanks for your help!
Find all posts by this user
Quote this message in a reply
11-03-2007, 01:00 PM
Post: #14
.htaccess help please
Quote:Currently, for the sites I work on I would have 2 users max on the system and in that case is the .htpasswd file really necessary in my case? I have no problem logging into Dreamhost to make changes.
Probably not. Apache authentication using .htaccess and .htpasswd is generally used to keep visitors from seeing a dir, page, etc. without completing a user/pass dialog - and really doesn't have any effect of "making changes" unless it is protecting a web script that could be used via a browser for such a purpose.
Quote:I'm really looking for a way to prevent my folders being seen - for example, if i were to type.. http://www.mysite.com/img the entire list of images would show up.
That is easily done a couple of different ways. You can do it with a line added to an .htaccess file that impacts the directory in question. In your case it could be " /home/username/mysite.com/img", or any "uptree" directory, as .htaccess files affect the directory they are in and any directory *below* that directory. To supress the display of the "index" of files in a directory, the line to enter in the .htaccess file is:

Options -Indexes

This information, and a lot of additional useful material about .htaccess files is available on the DreamHost Wiki:

http://wiki.dreamhost.com/KB_/_Unix_/_.htaccess_files

This page also has a section on how to create .htaccess files. Why don't you take a look at that page, and if you still need help creating an .htaccess file after reading through that, post back with a more specific question and I'm sure we can get you sorted. Wink

--rlparker
Find all posts by this user
Quote this message in a reply
11-05-2007, 11:41 AM
Post: #15
.htaccess help please
Thanks a lot it worked. I did go to that page before but it somehow did not make as much sense...

Silly question, Should I put this file in each of the subfolders? I get that everything in the folder images and inside of that will be protected - but the folders 'alongside' images.
Find all posts by this user
Quote this message in a reply
11-05-2007, 02:48 PM
Post: #16
.htaccess help please
You're welcome, and I'm glad you have it working. Smile
Quote:Silly question, Should I put this file in each of the subfolders? I get that everything in the folder images and inside of that will be protected - but the folders 'alongside' images.
It's not really a silly question. An .htaccess file affects the directory it it is any any directory beneath it (unless overridden by a subsequent .htaccess file in a sub-folder). So, you could either put that same .htaccess file in each "sibling" ("alongside") directory, or put it *above* that level of subdirs.

If the "parent" directory of those "sibling" directories already has an .htaccess file (and many sites do!), then just adding that line to the existing .htaccess file will do the trick.

An easy way to make sure that directory are suppressed for your entire site is to just put that line in an .htaccess file at the "base" directory of your site. Wink

--rlparker
Find all posts by this user
Quote this message in a reply
11-07-2007, 09:08 AM
Post: #17
.htaccess help please
Hello R.L.....

A little more advice please on .htaccess... and sorry this is long.

I thought I had it down based on your previous advice but alas I don't have it working as it should. So with your patience, I will give an example here of what I'm trying to do and hopefully you can straighten me out.

I have created a site using wysiwyg web design software. I've published the site and it is on the esprit server and working fine. So now comes the .htaccess part.

In my site I have a members page. I am setting up links for individual clients... and for example I want the owner of Widgits Inc to link to a directory that will allow him to download the audio files in "his" directory from esprit to his local machine. I don't want him to see anyone else's directory and I don't want anyone else to be able to see his.

The protected directories have to be under the "your domain.tld" directory... right?

Also, when creating the links in the wysiwig... the only appropriate options for links seem to be "file" or "audio file."
If I understand correctly, when the Widgits guy clicks on his member link, .htaccess is supposed to make a password dialog box pop-up right? I though I had it set-up correctly but when I tested the link, it went straight to playing the audio file without asking for a password.

In trying to set all this up... I've apparently either not set up the directory tree correctly... left something out of the .htaccess file (by the way I used one of those automatic generator utilities to create the code)... or didn't do the link properly... or maybe all of the above. Should I as you suggested earlier, use DreamHost panel to generate .htaccess and then move things around?

In creating the directory where the Widgit Inc. audio files will be located... do I create that directory on the FTP server... or create it on my local machine and then upload it?

Or do I have to create an additional web site page to link to? I doesn't seem that would be the way to go because the audio files would not all end up in the one directory... they would just be separate files under the main web site directory.

I had better stop now before you run out of patience!!

Many thanks
Find all posts by this user
Quote this message in a reply
11-07-2007, 02:43 PM
Post: #18
.htaccess help please
Let's see if I can help get this sorted out. Having carefully read your post, one thing that comes to mind is that thing *might* actually be working for you as expected, but you are not able to see it because of the way Apache basic authentication works with your browser.

Once a user has successfully passed an authentication dialog, apache will *not ask again* while that browser is open unless/until the .htaccess file is changed. This can easily lead you to believe, when you are setting things up, that the authentication routine is not working when it actually *is*; only by closing your browser and trying *again* to connect to a protected area can you be *sure* that it is, or is not working.

The use of wysiwyg software might be complicating your issue slightly in some subtle way, though it really should not have anything to do with the authentication stuff. I am, however, confused as to what you mean by "the only appropriate options for links seem to be "file" or "audio file" - a link is just a link, adn I'm not sure how/what/why the software makes any distinction as to what the link is to.
Quote:In my site I have a members page. I am setting up links for individual clients... and for example I want the owner of Widgits Inc to link to a directory that will allow him to download the audio files in "his" directory from esprit to his local machine. I don't want him to see anyone else's directory and I don't want anyone else to be able to see his.
If I understand this correctly, that "members' page" is *not* protected, but only lists links to each member's "private directory", and *those directories* are what are to be protected via .htaccess. Is that correct?
Quote:The protected directories have to be under the "your domain.tld" directory... right?
Yes, they must be "somehwere" beneath your "web base directory" to be accessible from the web, but they do not have to be *immediately* beneath your "top" directory.
Quote:If I understand correctly, when the Widgits guy clicks on his member link, .htaccess is supposed to make a password dialog box pop-up right? I though I had it set-up correctly but when I tested the link, it went straight to playing the audio file without asking for a password.
This is a bit confusing to me, as I initially had though you were just providing links to the members *directory* as opposed to an individual file, but either way, if the file is placed in a directory that is protected by .htaccess, then the authentication dialog should be presented the *first time* a user click a link the links to the file.
Quote:In trying to set all this up... I've apparently either not set up the directory tree correctly... left something out of the .htaccess file (by the way I used one of those automatic generator utilities to create the code)... or didn't do the link properly... or maybe all of the above. Should I as you suggested earlier, use DreamHost panel to generate .htaccess and then move things around?
It could be any, or a combination of, those things that are causing your unexpected behavior - it's really hard for me to guess from your description what may be happening. Also, what "automatic generator utility" are you using to "create the code"?

You could certainly consider just using the DreamHost provided Control Panel tool fro password protecting directories to get you started easily (that what it is for) and then move thing around if you desire, or leave them as DH sets them up.
Quote:In creating the directory where the Widgit Inc. audio files will be located... do I create that directory on the FTP server... or create it on my local machine and then upload it?
It should make absolutely no difference at all - as long as the directory ends up on your server the end result should be the same.
Quote:Or do I have to create an additional web site page to link to? I doesn't seem that would be the way to go because the audio files would not all end up in the one directory... they would just be separate files under the main web site directory.
I'm confused by this question; whether or not you create a separate page or not is not relevant, only the *location* of the page/file/etc. to be protected - they must be in a protected directory for the authentication to take place, whether a file, or a page, it matters not.
Quote:I had better stop now before you run out of patience!!
Ha ha , well, I still have some patience left, and I'd like to help you, but I admit I'm confused about the details of what you are describing in a few places, and "the devil is in the details." You might consider posting a url to your site (using dummy data files) so we can see what you have structured rather than just relying upon your descriptions - sometime stuff is lost in the translation. Alternately, you are welome to PM me with a url if you would like for me to look at it but do not wish to publish your url in public.

What "wysiwyg" software are you using? Some such software (most notably iWeb) tends to "mess with" a sites directory structure as it "builds a web", and this could be having an impact on your efforts.

In a nutshell, what it seems you are trying to do is to have a structure that looks something like this:
Code:
http://yourdomain.tld
___________________________|__________________
|                                                                  |
http://yourdomain.tld/member1                 http://yourdomain.tld/member2
|                                                                   |  
http://yourdomain.tld/member1/file1          http://yourdomain.tld/member1/file2
and you want the member1 and member 2 directories to be password protected.

To do this, you put the .htaccess file with the authentication directives in *those* directories. Then, if you wish, you can either put a page in each of them (index,.html) to link to each of the files, or just let the files display in a directory listing for the user to "click" - either way, those files will not be visible to anyone who does not pass the password dialog.

Does any of this help at all?

--rlparker
Find all posts by this user
Quote this message in a reply
11-07-2007, 03:41 PM
Post: #19
.htaccess help please
R.l.

Thanks for dissecting my rambling questions. Since posting them I've have some success. I actually got one of the directories protected and I successfully logged in... but just as you said, when it didn't work the next time I assumed that it was not working. After much frustration, I closed the browser and next time, it worked correctly again.

Then possibly getting too big for my britches, I tried setting up another protected directory. I tried to make it a carbon copy, with a different directory name of course, but the second one bypassed htaccess and went straght to the files I was trying to protect. There must be quite a few bald newbies out there who have pulled out all of their hair in furstration.

Another strange thing, my web host is DreamHost... and I used their htaccess utility to generate the access code and encrypted passwords. In the process I moved the password file above the web site directory and changed the path to it in the access code... and when I was creating the second one... it seemed that the utility "re-encrypted" the password for the first directory I created and now it won't take the password. sheeesh this is maddening. Ever run across something like that before. I think I need to go lay down. aaarrrggghhh!!!

And yes, my site has a members page with multiple link buttons... they link to directories on my local machine which contain the files I am trying to protect. I created identical directories on the server and upload to them. Could that be part of the problem... I wouldn't think it would matter but should the directories I'm trying to protect on the server have a different name?

Thanks again.
Find all posts by this user
Quote this message in a reply
11-07-2007, 04:20 PM
Post: #20
.htaccess help please
Quote:I actually got one of the directories protected and I successfully logged in... but just as you said, when it didn't work the next time I assumed that it was not working. After much frustration, I closed the browser and next time, it worked correctly again.
Okay, so *that* is the model for what you want to do for each directory. Duplicate what/how you did things for this directory for the *other* directories, and you should be golden.
Quote:I tried to make it a carbon copy, with a different directory name of course, but the second one bypassed htaccess and went straght to the files I was trying to protect.
While I can't be certain without seeing it, I suspect that this might be the result of a misplaced directory; if that directory was *beneath* the prior, then the behavior you experienced is to be expected. Wink
Quote:I used their htaccess utility to generate the access code and encrypted passwords. In the process I moved the password file above the web site directory and changed the path to it in the access code... and when I was creating the second one... it seemed that the utility "re-encrypted" the password for the first directory I created and now it won't take the password. sheeesh this is maddening. Ever run across something like that before.
Well, once you start moving around the output of the utility, you risk "confuzzling" the panel utility. Per the philosophy of "learning to walk before trying to run", I suggest sticking with the DH COntrol Panel .htaccess utililty output *as is* (even if it stores the .htpasswd file in the target directory) and getting that to work for each involved directory before mucking about with changing the locations/names of the .htpasswd files. I talked about this at length in a prior post in this thread.
Quote:... my site has a members page with multiple link buttons... they link to directories on my local machine which contain the files I am trying to protect. I created identical directories on the server and upload to them. Could that be part of the problem... I wouldn't think it would matter but should the directories I'm trying to protect on the server have a different name?
As long as those "links" are "relative" instead of "absolute" (so they are properly translated to their correct location of the server, it shouldn't make any difference. In fact, doing it that way you would need to make certain that the directory names *were* the same (or change the links for the "buttons") for it to work.

--rlparker
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump: