.htaccess on CGI folder

ianscales · ‎30-07-2007

I have had a password protected members area on my www site for several years with no problems, I am now trying to install a similar system on the CCGI space.
I have used exactly the same .htpasswd file, but I am experiencing similar problems to other 'posts' on this forum i.e. when I access the directory on the CCGI server it brings up the log in screen as normal but will not recognise the user name/password !!
Other's seem to have had success when they changed their AuthUserFile but it doesn't seem to be working for me..........
AuthUserFile /files/home2/username/members/.htpasswd
Am I overlooking something obvious, like htaccess is no longer available on the CCGI server?
Ian

Peter_Vaughan · ‎30-07-2007

Have you used the word username or did you replace it with your actual PN username in the path?
Note: it is not possible to protect any .php files on the ccgi server, just in case that was something you were planning to do.

ianscales · ‎30-07-2007

Hi Peter, thanks for the response, yes the username is replaced with my pn username, in the same manner as it is on the www site.
No PHP files they are just plain HTML.

ianscales · ‎30-07-2007

O.K. panic over !! I replaced the files with empty one's and uploaded them again, works fine now.
Just a quick question though, I suspect the answer will be no. as I understand it the two servers are independant but, could I set the .htaccess file to look for the password data on my www space?
If not, is there a way to have just one .htpasswd file to adminster both WWW & CCGI?
Ian

jelv · ‎10-04-2007

You could move your whole domain over to ccgi

jelv (a.k.a Spoon Whittler)
Why I have left Plusnet (warning: long post!)
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)

Peter_Vaughan · ‎30-07-2007

The www and ccgi webspaces are independent and neither has direct access to the other so you can't use a single .htpasswd file.
As Jelv says, just move the whole site to the ccgi webspace as it is more than capable of handling it. However, if you are using your www.username.plus.com, this cannot be pointed to the ccgi webspace, you will have to use ccgi.username.plus.com. If you have a domain then it can have www pointing to the ccgi.

ianscales · ‎30-07-2007

Thanks for the replies Guys, unfortunately moving the site across to ccgi is not an option as I am quite often on a mobile (Vodafone) connection and cannot access the ccgi server. This has caused me quite a few issues over the years and although I've been with PN since it's very early days feel I am going to have to move to an ISP that allows remote access to the ccgi server.
Just in case your wondering why I've moved part of the site, I have some scripts which which will write the required data to the database without the need to be connected, fingers crossed this will work O.K.
Ian

ianscales · ‎30-07-2007

Well I crossed my fingers too early !!!!
I have .htaccess set up on a directory which contains a .pl script which in turn is accessing a database, if I try to access any html files on that directory, from outside the directory, I am asked to login as expected, but if I link to the script from outside the directory it executes and reveals the data !!!!
.htaccess looks like this..................
--------------------
AuthUserFile /files/home2/*****/cgi-bin/sc/.htpasswd
AuthName "*****"
AuthType Basic
AuthGroupFile /dev/null
require valid-user
ErrorDocument 404 http://www.*****co.uk/404.html
<Files .htaccess>
order allow,deny
deny from all
</Files>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?*****.co.uk/.*$ [NC]
RewriteRule \.(gif|jpg)$ -
--------------------
Anybody got any idea what's wrong please?
Ian

Colin · ‎04-04-2007

Perl and PHP scripts are processed and executed before Apache (The Webserver) parses the .htaccess file - so they are displayed, unprotected.

ianscales · ‎30-07-2007

Thanks Colin, that's a bit of a blow for me as I've put many hours into this. How do people manage their txt databases with perl scripts?
I don't want to use MySQL.
Ian

BattleRat · ‎01-08-2007

is that .htaccess file on the ccgi server or the www server?
if it's on the ccgi server you have a problem.
the rewrite engine code points to www , which will create a ton of problems on the ccgi server.
Trust me .. I've been there.
if it's on the www server .. then forget that I spoke.

dougv · ‎16-12-2007

Regarding security
Does anyone know how to get the .htaccess file to work on the cgi server. I have spent over a week trying to get this to work and getting no where. I need to protect a file so no external users can see the contents. have searched all over the web and lost count the number of options that I have tried.
currently have a .htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>
this according to a website says it should stop someone viewing the .htaccess file. Doesn't work. Is there something I need to activate on Plusnet ?
I'm beginning to think .htaccess files are not available on the CGI server. I can get the .htaccess file working on the other server.
Anyone have any ideas. I'm tearing my hair out with this

Colin · ‎04-04-2007

.htaccess files are supported on the CGI server - to a certain extent. Things to do with Order deny,allow for Perl and PHP scripts etc. will probably not work, as the PHP and Perl are processed and sent to the browser before the .htaccess file is read.
However, .htaccess should be prevented from being read by browsers by default, anyway.

dougv · ‎16-12-2007

I used this file to test the security of the file and I can view the contents of the .htaccess file
<?php
$filename = ".htaccess";
$output = file_get_contents($filename);
echo $output;
?>
I used a my old dialup service to run this and it list the contents of the .htaccess file without any problems.
What I was originally trying to do was to protect a file containing the username and password for logging into Mysql.
There was an artical on plusnet showing how to do this.
problem is I dont want other users getting full access to the database

Colin · ‎04-04-2007

That will do - you're accessing the .htaccess file directly from the filesystem, your .htaccess file won't protect access like that.

.htaccess on CGI folder

.htaccess on CGI folder

Re: .htaccess on CGI folder

Re: .htaccess on CGI folder

Re: .htaccess on CGI folder

Re: .htaccess on CGI folder

Re: .htaccess on CGI folder

Re: .htaccess on CGI folder

Re: .htaccess on CGI folder

Re: .htaccess on CGI folder

Re: .htaccess on CGI folder

Re: .htaccess on CGI folder

Re: .htaccess on CGI folder

Re: .htaccess on CGI folder

Re: .htaccess on CGI folder

Re: .htaccess on CGI folder