WampServer

Oke, first off - Excuse me for my horible grasp of the english Language.
( my auto spell is dutch, and lazy to change it. But I should)



I've been useing wamp for school projects etc 2years back.
Now its been a very long while since i've been useing webservers of any sorts,
And i've decided to pick up my education none-the-less.


So after spending a year in school doing mostly hardware stuff, they out of the blue expect me to host a site with security on it.

- To long to read -

I've been tinkering around, scaveging forrums here and there on how to secure my website.

What i'm looking for is ofcourse the ''www'' protection folder, so no users outside can tinker with the websites. Not protecting the folders with windows, but with the use of.

.htaccess

Keeps popping up, i've tried to use it - but somewhere along the line I seem to lose the redthread.

florian (sorry if misspelled) linked this in a earlier post I found
[www.elated.com]

Trying to follow that guide, and getting stranded.

-- another to long to read --
Is there anyone here who can ''explain '' what to do with .htaccess without the use of complicated english words.

Sorry for the trouble,
Sincerly
René Heijnen



Edited 1 time(s). Last edit at 06/09/2009 06:41PM by Reneheijnen.

Hi,

For example, if you want to allow some IP to access your website, and others forced to give username/password, create an .htaccess file into your www folder, containing this code :

AuthUserFile /path/to/.htpasswd
AuthType Basic
AuthName "Restricted Area"
Require valid-user

Order Deny,Allow
Allow from IP1
Allow from IP2
Deny from all

Satisfy any

#Replace /path/to/.htpasswd by c:\wamp\.htpassword (for example)
#Replace IP1, IP2 by any ip addresses

If your IP is allowed, then you haven't to give any username/password.
If not, you must give a valid username/password which has been written in .htpassword file.

You can use a website to create you encrypted password, like : [www.4webhelp.net]

Tell us if it works for you

Florian

WampServer Patch (Screenshots)
Topic EN : www.wampserver.com
Topic FR : www.wampserver.com

do you have similar like this in your htaccess file?

Order deny,allow
deny from All
allow from 192.168

this will grant all access w/i your LAN but block any access from outside your LAN

Have fun,

FREE One A Day
FREE Photo
FREE Games
FREE Websites
FREE Portable GPS
FREE WAMP Guides



Edited 1 time(s). Last edit at 06/09/2009 07:18PM by yfastud.

First,
Thanks for the fast reply's.

My hard-drive crashed while having dinner, So atm on my laptop. running vista atm, starting from scratch got
wamp installed atm. Will let you guys know how it turns out


Thanks!

Uhg sorry for the bumb.


Getting pretty tired, and sloppy.
I think I misunderstand something



my htaccess ( wich i named a.htaccess is the A bad ? )
--------------
AuthUserFile c:\wamp2\www\a.htpassword
AuthType Basic
AuthName "Restricted Area"
Require valid-user

Order Deny,Allow
Allow from ( removed for testing)
Allow from (removed for testing) or used my own.
Deny from all

Satisfy any
--------------
My htpassword (generated with the tool given ) named a.htpassword
----------------
test:95x74hLDQKXI2



Since running vista, i cant seem to reach it by local host, but 127.0.0.1 works just fine, so ill save that for another day.

Beh, I feel clueless at the moment
Sorry and thanks again




Edit :
changed to
-----------
Require valid-user

Files "test.php">
Require valid-user
</Files>
----



Edited 1 time(s). Last edit at 06/09/2009 09:54PM by Reneheijnen.

first to fix the localhost issue... open

c:/windows/system32/drivers/etc/hosts



it should look like this...

[pampserver.com]

and you can download it here

[pampserver.com]


the key line is the

127.0.0.1 localhost

no other line shud be here.


NOTE - if you have trouble saving the file.. move it to the desktop , edit it and then move it back


----------------------------------------------------------------------------------------


the files for apache are .htaccess and then the .pwd file .

THERE IS NO NAME to the htaccess file. it is just ".htaccess"

change passwordfilename to a name of the file you want. you shud not store the pwd file in the www folder. it needs to go behind the www folder like i have below


.htaccess
---------------------------------------------------------------
AuthUserFile c:\wamp2\passwordfilename.pwd
AuthType Basic
AuthName "Restricted Area"
Require valid-user
---------------------------------------------------------------



passwordfilename.pwd
---------------------------------------------------------------
test:95x74hLDQKXI2
________________________________________________________________





Making the .htaccess file
---------------------------------------------------------------

to make the .htaccess file in windows is a bit unusual. windows doesnt allow a file with no name,
so make a file on the desktop called a.htaccess


open cmd ( start>run>type in CMD (press enter))

in the black box type in

cd desktop (press enter)


then type in

rename a.htaccess .htaccess (press enter)

and now you will have ur file..

Steven Martin
stevenmartin99@gmail.com
stevenmartin99@hotmail.com
PampServer.com - [pampserver.com]



Edited 1 time(s). Last edit at 06/09/2009 10:01PM by stevenmartin99.

Thanks Steven,

Yes the vista fix was fast and easy, and yes. found it weird that nowhere it had a >filename<.htaccess
Cmd fixxed it fast.


Yet...
Now,
I get a 500 internal server error whenever i try to reach it.

error log :

---

[Tue Jun 09 22:16:24 2009] [notice] Apache/2.2.11 (Win32) PHP/5.2.9-2 configured -- resuming normal operations
[Tue Jun 09 22:16:24 2009] [notice] Server built: Dec 10 2008 00:10:06
[Tue Jun 09 22:16:24 2009] [notice] Parent: Created child process 1556
[Tue Jun 09 22:16:25 2009] [notice] Child 1556: Child process is running
[Tue Jun 09 22:16:25 2009] [notice] Child 1556: Acquired the start mutex.
[Tue Jun 09 22:16:25 2009] [notice] Child 1556: Starting 64 worker threads.
[Tue Jun 09 22:16:25 2009] [notice] Child 1556: Starting thread to listen on port 80.
[Tue Jun 09 22:16:31 2009] [notice] Parent: Received shutdown signal -- Shutting down the server.
[Tue Jun 09 22:16:31 2009] [notice] Child 1556: Exit event signaled. Child process is ending.
[Tue Jun 09 22:16:32 2009] [notice] Child 1556: Released the start mutex
[Tue Jun 09 22:16:33 2009] [notice] Child 1556: All worker threads have exited.
[Tue Jun 09 22:16:33 2009] [notice] Child 1556: Child process is exiting
[Tue Jun 09 22:16:33 2009] [notice] Parent: Child process exited successfully.
[Tue Jun 09 22:16:34 2009] [notice] Apache/2.2.11 (Win32) PHP/5.2.9-2 configured -- resuming normal operations
[Tue Jun 09 22:16:34 2009] [notice] Server built: Dec 10 2008 00:10:06
[Tue Jun 09 22:16:34 2009] [notice] Parent: Created child process 524
[Tue Jun 09 22:16:34 2009] [notice] Child 524: Child process is running
[Tue Jun 09 22:16:34 2009] [notice] Child 524: Acquired the start mutex.
[Tue Jun 09 22:16:34 2009] [notice] Child 524: Starting 64 worker threads.
[Tue Jun 09 22:16:34 2009] [notice] Child 524: Starting thread to listen on port 80.
[Tue Jun 09 22:16:37 2009] [alert] [client 127.0.0.1] C:/wamp2/www/.htaccess: Satisfy takes one argument, access policy if both allow and require used ('all' or 'any')
----


Edit got sloppy and left a file string in my access.



Edited 1 time(s). Last edit at 06/09/2009 10:18PM by Reneheijnen.

can you show me the exact .htaccess file you have?

you need to put the .pwd file outside of the www folder.. in the wamp folder for example

Steven Martin
stevenmartin99@gmail.com
stevenmartin99@hotmail.com
PampServer.com - [pampserver.com]

Again, wonderfull fast response!


okee
access
-----
AuthUserFile c:\wamp2\www\a.pwd
AuthType Basic
AuthName "Restricted Area"
Require valid-user



Order deny,allow
deny from All
allow from 192.168

Satisfy any

------

The A.pwd is just for testing, Did I get sloppy again and make it .pwd?

Edit : This is how it looks like now, I was tinkering around allot to try to make it work again.



Edited 1 time(s). Last edit at 06/09/2009 10:24PM by Reneheijnen.

the pwd file needs to be in the folder below

access
-----
AuthUserFile c:\wamp2\a.pwd
AuthType Basic
AuthName "Restricted Area"
Require valid-user



then put the a.pwd in the c:\wamp folder

Steven Martin
stevenmartin99@gmail.com
stevenmartin99@hotmail.com
PampServer.com - [pampserver.com]

c:\wamp or c:\wamp2 ??

Florian

WampServer Patch (Screenshots)
Topic EN : www.wampserver.com
Topic FR : www.wampserver.com

stevenmartin99 Wrote:
-------------------------------------------------------
> the pwd file needs to be in the folder below
>
> access
> -----
> AuthUserFile c:\wamp2\a.pwd
> AuthType Basic
> AuthName "Restricted Area"
> Require valid-user
>
>
>
> then put the a.pwd in the c:\wamp folder


It is


c\wamp2\a.pwd
c\wamp2\www\.htaccess
Location of both files

As seen in my htaccess - It refers to the .pwd in the folder below where .htaccess is.
---------
AuthUserFile c:\wamp2\www\a.pwd
AuthType Basic
AuthName "Restricted Area"
Require valid-user

----------
Thanks for the help sofar!

--

Edit
Florian, at the time of my first post i was on my desktop computer, that one broke down and restarting on my laptop, First wamp installation did not go so wel, uninstalled but the folder was still there, so i just picked a new folder - Should this be a problem ?


Another edit : error log :

[Tue Jun 09 22:40:26 2009] [notice] Apache/2.2.11 (Win32) PHP/5.2.9-2 configured -- resuming normal operations
[Tue Jun 09 22:40:26 2009] [notice] Server built: Dec 10 2008 00:10:06
[Tue Jun 09 22:40:26 2009] [notice] Parent: Created child process 1740
[Tue Jun 09 22:40:26 2009] [notice] Child 1740: Child process is running
[Tue Jun 09 22:40:26 2009] [notice] Child 1740: Acquired the start mutex.
[Tue Jun 09 22:40:26 2009] [notice] Child 1740: Starting 64 worker threads.
[Tue Jun 09 22:40:26 2009] [notice] Child 1740: Starting thread to listen on port 80.
[Tue Jun 09 22:40:31 2009] [alert] [client 127.0.0.1] C:/wamp2/www/.htaccess: Satisfy takes one argument, access policy if both allow and require used ('all' or 'any')
[Tue Jun 09 22:43:39 2009] [alert] [client 127.0.0.1] C:/wamp2/www/.htaccess: Satisfy takes one argument, access policy if both allow and require used ('all' or 'any')



Edited 3 time(s). Last edit at 06/09/2009 10:48PM by Reneheijnen.

No, this is not a problem..
Wamp folder still exists since it doesn't delete projects and previous databases...
My remark was for what said Steven (then put the a.pwd in the c:\wamp folder )

You can use any place you want..

Florian

WampServer Patch (Screenshots)
Topic EN : www.wampserver.com
Topic FR : www.wampserver.com

you cant put the password file in the www folder?!


someone will have access to open it and get all the usernames and passwords if they just have one..

Steven Martin
stevenmartin99@gmail.com
stevenmartin99@hotmail.com
PampServer.com - [pampserver.com]

Steven, you can place .htpassword in www folder and deny for all this file access, but it's more secure to put it outside public folder...

Reneheijnen was talking about resintallation folder, and I said folder name didn't change anything...

I'm now trying to use my files (.htaccess and .htpassword) and I got no error with satisfy directive...
However, I got password problems but trying to solve it...

Florian

WampServer Patch (Screenshots)
Topic EN : www.wampserver.com
Topic FR : www.wampserver.com

Guys guys guys, Its all a project, I understand tht curtain files should be better hidden - But thats not a issue atm.


I have this bloody 500 internal server error wich wont go away ^^

Your 500 internal server error is due to the .htaccess...
If you still get satisfy error, file C:/wamp2/www/.htaccess does not contain what you pasted...

Can you verify ?

Florian

WampServer Patch (Screenshots)
Topic EN : www.wampserver.com
Topic FR : www.wampserver.com

i have it working with this code


.htaccess (in www folder)
-----------------------
AuthName "Restricted Area"
AuthType Basic
AuthUserFile c:/wamp/htpasswd.pwd
require valid-user




htpasswd.pwd ( in c:/wamp folder)
--------------------------
user:password









make sure u clear ur history and keep closing your broswer each time you try as the browser stores it,

Steven Martin
stevenmartin99@gmail.com
stevenmartin99@hotmail.com
PampServer.com - [pampserver.com]

Uhg, You are right.
I was pretty tired and did not notice that there were allot of spaces and strange symbols at the very very end.
I Regret wasting your time.


And I was about to post my next problem, but after opening my so tired eyes I fixed it,
had www/password - bad bad bad


But now, with the used password generator,
95x74hLDQKXI2 is my password - Wich is encrypted right ?
I used test - test as a password, as shown in one of my first posts.

All - in - all
Its working with that weird password
Thanks somuch for the effort -
and yfastud Those guides wil be looked into!

sincerly,
René Heijnen

yes that is encyption of test


so u just type in test and it will log in- it uses the md5 sum to encrypt it.

Steven Martin
stevenmartin99@gmail.com
stevenmartin99@hotmail.com
PampServer.com - [pampserver.com]