cancel
Showing results for 
Search instead for 
Did you mean: 

.htaccess on CGI folder

ianscales
Grafter
Posts: 75
Registered: ‎30-07-2007

.htaccess on CGI folder

I have had a password protected members area on my www site for several years with no problems, I am now trying to install a similar system on the CCGI space.
I have used exactly the same .htpasswd file, but I am experiencing similar problems to other 'posts' on this forum i.e. when I access the directory on the CCGI server it brings up the log in screen as normal but will not recognise the user name/password !!
Other's seem to have had success when they changed their AuthUserFile but it doesn't seem to be working for me..........
AuthUserFile /files/home2/username/members/.htpasswd
Am I overlooking something obvious, like htaccess is no longer available on the CCGI server?
Ian
17 REPLIES 17
Peter_Vaughan
Community Veteran
Posts: 14,469
Registered: ‎30-07-2007

Re: .htaccess on CGI folder

Have you used the word username or did you replace it with your actual PN username in the path?
Note: it is not possible to protect any .php files on the ccgi server, just in case that was something you were planning to do.
ianscales
Grafter
Posts: 75
Registered: ‎30-07-2007

Re: .htaccess on CGI folder

Hi Peter, thanks for the response, yes the username is replaced with my pn username, in the same manner as it is on the www site.
No PHP files they are just plain HTML.
ianscales
Grafter
Posts: 75
Registered: ‎30-07-2007

Re: .htaccess on CGI folder

O.K. panic over !! I replaced the files with empty one's and uploaded them again, works fine now.
Just a quick question though, I suspect the answer will be no. as I understand it the two servers are independant but, could I set the .htaccess file to look for the password data on my www space?
If not, is there a way to have just one .htpasswd file to adminster both WWW & CCGI?
Ian
jelv
Community Veteran
Posts: 26,786
Thanks: 990
Fixes: 10
Registered: ‎10-04-2007

Re: .htaccess on CGI folder

You could move your whole domain over to ccgi
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
Peter_Vaughan
Community Veteran
Posts: 14,469
Registered: ‎30-07-2007

Re: .htaccess on CGI folder

The www and ccgi webspaces are independent and neither has direct access to the other so you can't use a single .htpasswd file.
As Jelv says, just move the whole site to the ccgi webspace as it is more than capable of handling it. However, if you are using your www.username.plus.com, this cannot be pointed to the ccgi webspace, you will have to use ccgi.username.plus.com. If you have a domain then it can have www pointing to the ccgi.
ianscales
Grafter
Posts: 75
Registered: ‎30-07-2007

Re: .htaccess on CGI folder

Thanks for the replies Guys, unfortunately moving the site across to ccgi is not an option as I am quite often on a mobile (Vodafone) connection and cannot access the ccgi server. This has caused me quite a few issues over the years and although I've been with PN since it's very early days feel I am going to have to move to an ISP that allows remote access to the ccgi server.
Just in case your wondering why I've moved part of the site, I have some scripts which which will write the required data to the database without the need to be connected, fingers crossed this will work O.K.
Ian
ianscales
Grafter
Posts: 75
Registered: ‎30-07-2007

Re: .htaccess on CGI folder

Well I crossed my fingers too early !!!!
I have .htaccess set up on a directory which contains a .pl script which in turn is accessing a database, if I try to access any html files on that directory, from outside the directory, I am asked to login as expected, but if I link to the script from outside the directory it executes and reveals the data !!!!
.htaccess looks like this..................
--------------------
AuthUserFile /files/home2/*****/cgi-bin/sc/.htpasswd
AuthName "*****"
AuthType Basic
AuthGroupFile /dev/null
require valid-user
ErrorDocument 404 http://www.*****co.uk/404.html
<Files .htaccess>
order allow,deny
deny from all
</Files>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?*****.co.uk/.*$ [NC]
RewriteRule \.(gif|jpg)$ -
--------------------
Anybody got any idea what's wrong please?
Ian
Colin
Community Veteran
Posts: 1,264
Registered: ‎04-04-2007

Re: .htaccess on CGI folder

Perl and PHP scripts are processed and executed before Apache (The Webserver) parses the .htaccess file - so they are displayed, unprotected.
ianscales
Grafter
Posts: 75
Registered: ‎30-07-2007

Re: .htaccess on CGI folder

Thanks Colin, that's a bit of a blow for me as I've put many hours into this. How do people manage their txt databases with perl scripts?
I don't want to use MySQL.
Ian
BattleRat
Grafter
Posts: 104
Registered: ‎01-08-2007

Re: .htaccess on CGI folder

is that .htaccess file on the ccgi server or the www server?
if it's on the ccgi server you have a problem.
the rewrite engine code points to www , which will create a ton of problems on the ccgi server.
Trust me .. I've been there.
if it's on the www server .. then forget that I spoke.

dougv
Newbie
Posts: 4
Registered: ‎16-12-2007

Re: .htaccess on CGI folder

Regarding security
Does anyone know how to get the .htaccess file to work on the cgi server. I have spent over a week trying to get this to work and getting no where. I need to protect a file so no external users can see the contents. have searched all over the web and lost count the number of options that I have tried.
currently have a .htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>
this according to a website says it should stop someone viewing the .htaccess file. Doesn't work. Is there something I need to activate on Plusnet ?
I'm beginning to think .htaccess files are not available on the CGI server. I can get the .htaccess file working on the other server.
Anyone have any ideas. I'm tearing my hair out with this
Colin
Community Veteran
Posts: 1,264
Registered: ‎04-04-2007

Re: .htaccess on CGI folder

.htaccess files are supported on the CGI server - to a certain extent. Things to do with Order deny,allow for Perl and PHP scripts etc. will probably not work, as the PHP and Perl are processed and sent to the browser before the .htaccess file is read.
However, .htaccess should be prevented from being read by browsers by default, anyway.
dougv
Newbie
Posts: 4
Registered: ‎16-12-2007

Re: .htaccess on CGI folder

I used this file to test the security of the file and I can view the contents of the .htaccess file
<?php
$filename = ".htaccess";
$output = file_get_contents($filename);
echo $output;
?>
I used a my old dialup service to run this and it list the contents of the .htaccess file without any problems.
What I was originally trying to do was to protect a file containing the username and password for logging into Mysql.
There was an artical on plusnet showing how to do this.
problem is I dont want other users getting full access to the database
Colin
Community Veteran
Posts: 1,264
Registered: ‎04-04-2007

Re: .htaccess on CGI folder

That will do - you're accessing the .htaccess file directly from the filesystem, your .htaccess file won't protect access like that.