All geek questions in one place

Htaccess - Http Authentication - Why is this block causing a 500 error?

I read what seems like a good rest- based verification tutorial.

I am trying to use this as a complement to accessing web cms (contained from an accessible web root).

As in the case when the one used is directed to the cms index, I want to use this basic authentication form. After the user navigates to any section, my default authentication system php will start, so that some users can access only some functions in cms.

What I donโ€™t understand is why the following code block placed in my .htaccess file causes the whole site to produce a 500 error ...

<Files .login> AuthType Digest AuthNAme "Authentication Required" AuthDigestFile /usr/home/myDomain/includes/htpasswd/admin/.htdigest Require valid-user </Files>

I tried a similar test using the basic access function, but decided that this approach would be a bit more secure as an add-on. While I used the htpasswd.exe program from apache to create a .htpasswd file that I could use to authenticate basic access. This worked well, but I could not figure out how to apply this type of authentication to the cms index via the .htaccess file.

I started creating a file using the htdigest.exe program from apache to create a file called .htdigest.

Its contents are as follows:

testUser:Authentication Required:cd7h62051449100elk3c463eae6251f5

Now, with all this setup, I followed the instructions in the mentioned article to try to get an instance where, when the user clicks on the link with the href attribute ".login" in it, they are directed to my cms (requires auth). This is the authorโ€™s explanation:

Thus, there is no .login file, it is just the URL that authentication will run, since access to this URL requires user authentication.

Now for some reason, when I try to load any page on my site, with this block in .htaccess, I get a 500 error when should I really get an authentication window?

But that was if I got confused, since I assume that this block will have an effect only if the user clicks on the link with the ".login" href ...

I did not add an additional block to direct the user to the index page when authentication is valid, only this block and two additional blocks mentioned by the author.

Can anyone explain what causes this reaction?

+4
source share
2 answers

Depending on what error_log says, if you are using Apache 2.2.x, try changing AuthDigestFile to AuthUserFile . You may also encounter file path differences depending on your OS; follow any new error_log messages.

+6
source
  • is it literally myDomain on the way?
  • The cause of the 500 error is written to the error_log file. This is the only place in the universe where you can find a reason and explanation.
+3
source

Source: https://habr.com/ru/post/1393627/

More articles:


All Articles