.htaccess Password Protect Directories NOT work

[alipour66m]

hello
I recently updated my apache to 2.4.3 with customBuild 2.0
But after update all my Password Protect Directories NOT work
error

Unauthorized

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

and in my .htaccess is :

AuthGroupFile /dev/null
AuthType Basic
AuthUserFile /home/hostk/domains/hostkade.com/.htpasswd/public_html/1/.htpasswd
AuthName "1"
require user alipour

what should I do?

 

[smtalk]

Are you using PHP-FPM? If yes, try updating CB 2.0 to the latest version from files1 (downloadserver=files1.directadmin.com in the options.conf file) and run "./build rewrite_confs".

 

[alipour66m]

nothing happend

Are you using PHP-FPM? If yes, try updating CB 2.0 to the latest version from files1 (downloadserver=files1.directadmin.com in the options.conf file) and run "./build rewrite_confs".

Yes I use PHP-FPM

#PHP settings.
#Default version of PHP is always php1_release. Possible values for php1/php2_release: 5.3, 5.4, 5.5, no. php1/php2_mode: mod_php, fastcgi, php-fpm or suphp)
php1_release=5.4
php2_release=no
php1_mode=mod_php
php2_mode=php-fpm
php_ini=no
php5_cli=no
php5_cgi=yes
php6_cli=no
php6_cgi=no
#Possible values - production or development
php_ini_type=production
ioncube=yes
zend=yes

webserver=apache

#Possible value: 2.4
apache_ver=2.4
mod_ruid2=yes
secure_htaccess=no
harden-symlinks-patch=yes


///////////////////////////////////
Nothing happend
I think I should use AllowOveride in httpd.conf
can you help me?
I can make a password protect dir But I can not enter with user pass
http://hostkade.com/1
user and pass does not work

AuthGroupFile /dev/null
AuthType Basic
AuthUserFile /home/hostk/domains/hostkade.com/.htpasswd/public_html/1/.htpasswd
AuthName "1"
require user alipour

 

[chatwizrd]

Just use the filemanager to password protect a folder

 

[alipour66m]

nothing happend

Just use the filemanager to password protect a folder

absolutly I use directadmin to password protect a folder But I can not enter to folder then.
this issue happend after upgrade upache with CB 2.0 (perfectly done) .
any advanced reply?

 

[Altegras]

absolutly I use directadmin to password protect a folder But I can not enter to folder then.
this issue happend after upgrade upache with CB 2.0 (perfectly done) .
any advanced reply?

I have the same issues like you, upgraded to CB2.0, apache 2.4, php 5.3 + fpm.

 

[Altegras]

I have the same issues like you, upgraded to CB2.0, apache 2.4, php 5.3 + fpm.

Sorry again for double post, but really ... I can't find an "edit" button.
----

Well, for the record ... I didn't found the problem but if I manually change the passwords from cmd with: htpasswd -b /path/to/.htpaasswd user pass - it works ... but if I change / update the user password from DA, doesn't work anymore.

Currently using the most updated version:

Compiled for	Debian 5.0 64-bit
Compile Date	Dec 4 2012, 00:13:58
Server Version	1.42.1
Current Available Version	1.421000
Last Updated	Fri Jan 25 17:23:08 2013

 

[chatwizrd]

Did you check if when you change it in da that it actually is updating the password file. There possibly might be a bug.

 

[Altegras]

Did you check if when you change it in da that it actually is updating the password file. There possibly might be a bug.

Yes, I did ... DA updates that file, hash changes ...

 

[alipour66m]

nothing happend

still have problem
this is really a bug in DA
directadmin is not correctly compatibale with apache 2.4.3
We are waiting for expert reply for this odd problem.....

 

[chatwizrd]

If the hash is different then when you use the same password from the shell I would guess there is some sort of encryption bug in the way it is creating the hash.

I would submit a bug report here:

https://www.directadmin.com/clients/safesubmit.php

 

[smtalk]

Please check http://forum.directadmin.com/showthread.php?t=45775&p=234248#post234248

 

[alipour66m]

?

Please check http://forum.directadmin.com/showthread.php?t=45775&p=234248#post234248

I fear to do that
those code may make server worse
do you know why DA can not change passwd correctly?
how can I change passwd for dir manually?(with hash)

 

[Ste]

I am having the same problem.

This only happened after I upgraded Apache 2.4.3 to 2.4.4 and downgrading does not help.

 

[Ste]

and I do not use CB 2.0!

 

[ditto]

I can confirm this. .htaccess password created by DirectAdmin file manager do not work anymore after upgrade. I am running custombuild 1.2 and upgraded from Apache 2.4.3 to Apache 2.4.4 - and it is impossible to log in on any .htaccess password protected directories after the upgrade.

 

[explosive]

hmm, from changelog:

· htpasswd, htdbm: Optionally read passwords from stdin, as more secure alternative to -b. PR 40243. [Adomas Paltanavicius , Stefan Fritsch]
· htpasswd, htdbm: Add support for bcrypt algorithm (requires apr-util 1.5 or higher). PR 49288. [Stefan Fritsch]
· htpasswd, htdbm: Put full 48bit of entropy into salt, improve error handling. Add some of htpasswd's improvements to htdbm, e.g. warn if password is truncated by crypt(). [Stefan Fritsch]

 

[chatwizrd]

hmm maybe they changed the password encryption and directadmin needs to make a change then

 

[smtalk]

http://www.directadmin.com/features.php?id=1429

 

[Ste]

http://www.directadmin.com/features.php?id=1429

Hi smtalk,

Is there any solution in the meantime? No one can access their protected directories and for me this is an issue. I can downgrade Apache from 2.4 to 2.3 and rewrite configuration files. Would this work until the newer version is released?